The Numbers That Should End the Single-Agent Debate

Ask most security directors what their primary threat concern is and the answer will likely involve cyber. Data exfiltration. Phishing. Ransomware. Digital exposure. The conversation about protecting executives has, over the past decade, drifted heavily toward the screen and away from the street.

The data from 2025 suggests that drift has been a mistake.

ASIS International, in partnership with the Security Executive Council, documented 424 incidents targeting corporate executives globally in 2025. That figure represents a 100% increase on the previous year. Of those incidents, 85% involved physical activity. Two-thirds were driven by criminal motive or personal grievance. And in 53% of all recorded cases, two or more attackers were involved.

The threat to executives is physical, it is coordinated, and it is accelerating.

The Security Executive Council's methodology captures incidents across a global sample of corporate executives, tracking attack type, attacker profile, motive, location, and outcome. The 2025 report covers calendar year data and was published in February 2026.

The headline figure is the doubling of incident volume. But the breakdown beneath it is where the operational picture becomes clear.

Physical activity drove 85% of incidents. That includes direct attacks, attempted kidnappings, confrontations at the principal's property, and physical surveillance. Cyber incidents accounted for the remaining 15%, and the report notes that in many cases digital activity served as the intelligence-gathering phase that preceded a physical approach.

Criminal motive was the primary driver at 52%. Personal grievance accounted for 28%. Ideological motivation, which often receives disproportionate attention in security planning, was responsible for a minority of violent incidents. Crucially, 80% of personally motivated attacks involved an armed assailant.

The location data is equally significant. The principal's home or office was the most common attack location, ahead of vehicles, public venues, and travel environments. The assumption that public-facing moments carry the highest risk is not supported by the evidence.

The executive protection industry has spent much of the last decade adapting to a threat narrative shaped by high-profile ideological attacks and the expansion of cyber risk. Both are real. Neither fully explains what the 2025 data is showing.

The profile emerging from this research is not a politically motivated actor targeting a public figure. It is a criminal or grievance-driven attacker, often working with at least one other person, targeting a principal in a familiar and predictable environment. That is a fundamentally different planning problem from the one most EP programmes were designed to solve.

The multi-assailant figure deserves particular attention. 53% of all incidents involved two or more attackers. That single statistic has direct implications for how protective details are staffed. A single agent, however skilled, faces a structural disadvantage against a coordinated approach. The question of whether a one-person detail is adequate is not a matter of the agent's capability. It is a matter of arithmetic.

The residential finding compounds this. If the most likely attack location is the principal's home or office, then the operational focus on public routes and event security, while necessary, is not where the highest-probability risk resides. Residential security architecture, access control, and the intelligence picture around the principal's fixed locations warrant the same rigour applied to motorcades and venue advances.

The gap between what this data shows and how most corporate EP programmes are currently resourced is significant. Many organisations are still operating on staffing models built around a pre-2024 threat picture, single-agent details for mid-tier executives, minimal residential security investment, and a cyber-first risk prioritisation that does not reflect where physical attacks are actually occurring.

The doubling of incident volume in a single year is not a statistical anomaly to be smoothed over the next reporting cycle. It is a signal that the threat environment has moved. Programmes that have not moved with it are carrying more exposure than their current posture reflects.

There is also a liability dimension. When a security director can point to published, third-party data showing that coordinated physical attacks on executives doubled in the prior year, and that single-agent details were structurally inadequate against the most common attack profile, the case for additional resource becomes considerably easier to make to a board or CFO. The data does that work.

Review single-agent detail assignments. Any executive covered by a one-person detail should be assessed against the current incident profile. Where criminal or grievance-based targeting is plausible, the multi-assailant frequency in the 2025 data makes a case for minimum two-person coverage that is hard to argue against on operational grounds.

Audit residential security architecture. The principal's home is the most likely attack location in the current data. Residential security investments, access control, surveillance coverage, and the intelligence picture around fixed locations should be reviewed with the same rigour applied to high-profile public engagements.

Reframe the cyber-physical conversation. Cyber threats remain real and require attention. The 2025 data suggests they are functioning primarily as the reconnaissance layer for physical targeting. Understanding what digital exposure looks like for a principal, and what physical risks that exposure creates, is a more useful frame than treating cyber and physical as separate disciplines.

Use the data in internal conversations. Budget conversations about protective security are easier when grounded in published research rather than professional instinct. The ASIS data provides a credible, citable basis for resource requests that security directors should be using actively.

The 2025 executive targeting data from ASIS International and the Security Executive Council is one of the clearest signals the industry has produced in recent years. Not because the findings are surprising to anyone who has been paying attention, but because they are now quantified, documented, and attributable.

The threat to executives is physical, it is growing, and it is coming most often from criminal and grievance-based actors working in pairs or groups, targeting predictable locations. The programmes best positioned to manage that risk are the ones that have already adjusted. The ones that haven't have a clear and urgent body of evidence telling them where to start.

Source: ASIS International / Security Executive Council, Executive Targeting Study 2025, published February 2026. https://www.asisonline.org/security-management-magazine/latest-news/today-in-security/2026/february/executive-targeting-study/