The Thompson effect: How One Assassination Reshaped Corporate Security

Welcome to your Tuesday briefing.

It has been a busy fortnight. A diplomatic pause in the Iran conflict, a ballistic missile fired at a joint US-UK base in the Indian Ocean, an arson attack on Jewish ambulances in north London, and a US court ruling that quietly rewrote the liability rules for corporate security directors. We will get to all of it.

But the story that keeps running underneath everything else is simpler and closer to home. Boards are finally paying for security. The question is whether the industry is ready for what comes with that.

Fifteen months ago, Brian Thompson walked out of a Manhattan hotel and was shot dead on the pavement. He was the CEO of UnitedHealthcare. He had no close protection. He had no advance work. He had a name badge and a conference schedule.

The assassination did not immediately produce a wave of corporate action. What it produced first was a wave of corporate denial, the kind that says "our executives are different" and "our profile is lower." Then the requests started coming in. Risk management firms report inquiry volumes spiking, with some providers receiving 47 requests within four hours of a single high-profile incident. By Q1 2026, the conversation had moved from the security team to the boardroom.

The shift is measurable. Forty-six percent of US Chief Security Officers now report an increase in threats of violence directed at executives, rising to 66% in the tech sector specifically. Boards that previously viewed close protection as an executive perk are reframing it as a duty of care obligation, with legal and liability language attached. Starbucks has mandated that its CEO use private aircraft for all travel, business and personal, following an independent threat assessment. Other firms are following with similar postures.

The Thompson assassination made something visible that the industry has understood for years: the accessible, high-profile executive is a single point of failure for an entire organisation. Thompson was not targeted randomly. He was identified, researched, located, and approached in a public space with no protective layer between him and his attacker.

What has changed in 2026 is the sophistication of the targeting. Dark web monitoring by risk firms is now detecting ideologically motivated targeting of executives before it moves into the physical domain. Social media profiling, combined with data leaks like the Companies House breach we covered last week, is providing motivated actors with a level of personal intelligence that previously required significant resources to compile.

The demand surge is real. But it is creating its own problems. Firms report being overwhelmed by enquiries from corporations whose boards have suddenly discovered security but whose internal teams have no framework for evaluating what they actually need. The risk is that a market flooded with new demand attracts providers who cannot deliver it.

The companies getting this right are not simply adding bodies. They are starting with a threat assessment, mapping the principal's digital footprint, auditing residential and travel vulnerabilities, and building a proportionate protective architecture from there. Digital footprint reduction is now a first-order task, not an afterthought.

Lifestyle management, the quiet discipline of removing public exposure before it becomes a security problem, is increasingly being sold as a standalone service to executives who do not yet need a full protective detail but whose online presence has outpaced their security posture.

The boards are paying attention. That is genuinely new. The industry now needs to meet that moment with rigour rather than headcount.

The Thompson assassination was a catalyst, not a cause. The underlying conditions, executives as identifiable targets, digital intelligence enabling physical attacks, and the erosion of the assumption that corporate leadership is anonymous, were already in place. What changed is that a Fortune 500 CEO died on camera in broad daylight, and no board could pretend afterwards that this was someone else's problem.

The clients coming through the door now are not the same clients who came through five years ago. They are less experienced with protective security, more anxious, and more likely to equate the visibility of security with its effectiveness. Educating that client and building a threat-led rather than optics-led programme is the most important professional skill in the industry right now.

Two decades of expert insights you can trust.

🇺🇸 UNITED STATES -- A van crashed into a security barricade at Lafayette Square, north of the White House, on March 11, triggering a full lockdown of central Washington DC. The driver was apprehended immediately and no injuries were reported. Vehicle ramming against high-profile static targets remains a low-complexity, high-disruption tactic. Corporate campuses in dense urban areas should be reviewing standoff distances and vehicle approach geometry routinely, not reactively.

🇬🇧 UNITED KINGDOM -- Four ambulances belonging to Hatzola Northwest, a Jewish volunteer medical organisation, were destroyed in a targeted arson attack in Golders Green in the early hours of March 23. An Islamist group with reported links to Iran claimed responsibility via Telegram and included operational maps of the location. Counter Terrorism Command is investigating. Community infrastructure is now a target for proxy actors in Western cities, not just diplomatic posts.

🇻🇪 VENEZUELA -- The US State Department maintains a Level 4 Do Not Travel advisory across much of Venezuela following the intervention that removed Maduro in January. Armed cartels have moved into the power vacuum left by the collapse of central authority. For any operation with personnel in Venezuela or the wider northern South American corridor, the risk of express kidnapping and targeting of US-affiliated individuals is materially elevated.

🇾🇪 YEMEN -- At least 69 UN staff members remain arbitrarily detained by Houthi authorities, with Houthi forces conducting armed raids on UN accommodation in Sanaa. Globally, 118 UN personnel are still unlawfully held from last year's arrest wave. The assumption that UN or NGO affiliation provides protection in contested environments is no longer operationally valid. Hostage incident management protocols and kidnap and ransom insurance must be in place before deployment, not after.

TRAVEL SECURITY -- Iran's attempted strike on Diego Garcia on March 22 involved a ballistic missile with an assessed range of approximately 4,000 kilometres, roughly double Iran's previously declared limit. That range puts Eastern Europe, the broader Middle East, and significant portions of the Indo-Pacific within demonstrated strike capability. Any travel or expatriate security plan built on fixed geographic safe zone assumptions should be revisited now.

CBRN AWARENESS -- The World Health Organisation confirmed this week it is preparing staff and protocols for potential radiological incidents in the Middle East, following strikes on Iranian nuclear sites. Readiness planning includes scenarios involving both facility destruction and tactical weapons use. For corporations with personnel across the region, a tested Chemical, Biological, Radiological, and Nuclear emergency action plan is an active operational requirement, not a document kept in reserve.

The threat profile that most EP teams are missing

The abduction of Nancy Guthrie, 84-year-old mother of NBC's Savannah Guthrie, put a rarely discussed vulnerability in the spotlight: the family members who live outside the protection bubble. She was taken from her home in Tucson on January 31, 2026. A doorbell camera was disconnected at 1:47am. Her pacemaker app went offline. A $6 million ransom demand followed.

Richard Rempo, COO of Trend Security Services and a 25-year federal law enforcement veteran, has written a detailed operational analysis of the case and the six lessons it surfaces for protection professionals. The piece covers extended-family risk profiling, KR&E insurance protocols, lead management and false positives, media-exposure risks, border-region vulnerabilities, and the limits of single-layer technology.

He also covers the digital side: virtual kidnappings, AI-generated deepfake blackmail, doxing, and the social engineering tactics increasingly used against high-net-worth individuals in finance and crypto. If your threat assessments stop at the principal, this is worth your time.

Read the full analysis on The Circuit →

Q: Who bears the most responsibility for keeping the Strait of Hormuz open?

🟩🟩🟩🟩🟩🟩 A. The US, which launched the military campaign (50%)
🟨🟨🟨⬜️⬜️⬜️ B. Allied nations, who depend on Gulf energy (25%)
🟨🟨🟨⬜️⬜️⬜️ C. The Gulf states themselves, who have the most to lose (25%)
⬜️⬜️⬜️⬜️⬜️⬜️ D. Different view? Let us know. → (0%)

Your Comments:

USC: “Allied Nations will want the Energy but not put in the work to protect it. Media spin away from the Nuclear aspect of which Iran want for two reasons: 1} Usher in the 12th "imadi" at a cost to a Third of mankind and 2} Hold it over Israel- anyone attacks Iran, Israel get s nuked first.”

RF: "If the Gulf states want to keep their primary export route open, they need to stop buying hardware and start deploying it. The US can't be the world's permanent coast guard anymore."