When Is A Threat Truly A Threat?

Employees represent the most valuable assets of any organization, serving as the backbone of its operations and success. The responsibility for their welfare begins at the highest levels of the company, typically resting with the Board of Directors and senior leadership teams. These individuals are crucial in establishing and implementing comprehensive policies and guidelines to ensure all employees' health, safety, and security.

This commitment to employee well-being encompasses various facets, including mental health support, workplace safety protocols, and personal security measures. By prioritizing a supportive and inclusive work environment, leaders set a positive tone for the entire organization, reinforcing that employee welfare is a fundamental component of business strategy. This focus enhances productivity and fosters loyalty, engagement, and overall workplace morale.

In my experience as a global safety and security strategist, I frequently encounter skepticism regarding the need for security measures. Common remarks I have heard include, “It’s not in the budget,” indicating a reluctance to allocate resources for security; “I just don't understand why this is necessary,” reflecting a lack of awareness of potential risks; and “No one knows who the executives are,” suggesting a disconnect between leadership, employees and the public. Additionally, I hear sentiments like, “I want to stay low profile; I don’t feel comfortable having bodyguards around me,” revealing a fear of perceived vulnerability or an aversion to overt displays of security. These comments underscore the ongoing challenge of balancing safety with employee comfort in the workplace.

The tragic assassination of Brian Thompson, CEO of UnitedHealthcare, outside the Hilton Hotel at 1335 Avenue of the Americas in the vibrant and busy midtown Manhattan, NY, on the early morning of December 4, 2024, at precisely 6:46 AM EST, brings into sharp focus the imperative need for robust physical human security measures, not only within the workplace but also in any setting where employees conduct outside official business activities.

This harrowing incident appears to have been a calculated act of workplace violence, explicitly targeting Thompson. Reports suggest that the attacks may have been inspired by specific threats against high-ranking executives within UnitedHealthcare, indicating a troubling trend of hostility directed at individuals in leadership positions. In a poignant interview with NBC News, Paulette Thompson, Brian’s widow, conveyed the anxiety that had shadowed their lives in the days leading up to this event: “Yes, there had been some threats. I’m not fully aware of the specifics, but he did mention that there were individuals who were threatening him.” Her statement reflects a profound sense of fear and uncertainty that can accompany such threats, especially when they feel close to home.

Under the legal and ethical principles of duty of care, employers must protect their employees and provide a safe working environment. If it is found that UnitedHealthcare was aware of credible threats against Thompson and failed to take appropriate and timely action—such as enhancing security measures or providing a secure environment for him during this critical official event—it could constitute a significant breach of duty.

This breach is a key component of negligence law and raises serious questions about the adequacy of the company’s protocols in protecting its workforce against potential violence. Furthermore, it underscores the vital importance of proactive measures in safeguarding employee well-being, particularly for those in high-profile roles who may be more vulnerable to targeted threats. The implications of such events extend far beyond the individuals involved, affecting the organization’s culture, employee morale, and public perception of safety within the corporate sphere.

In the unfortunate event that a lawsuit arises, particularly if the family seeks compensation for an injury sustained under the Minnesota Workers' Compensation Statute or other applicable legal frameworks, UnitedHealthcare may face significant legal challenges. The company could be compelled to defend against potentially damaging allegations of negligence. To successfully navigate this situation, it must demonstrate that it maintained its legal duty of care, especially concerning providing adequate security for its CEO. This responsibility is magnified considering specific threats that have been received, which indicate a disturbing potential for future violence directed at the individual.

Within the corporate landscape, particularly in the private sector, investments in physical security may often be undervalued or perceived as excessive expenditures. These budgetary items can frequently be considered excessive, leading organizations to question their necessity. However, the true importance of these investments comes sharply into focus during dire situations. When employees and executives find themselves in life-threatening scenarios, the absence of adequate security becomes glaringly apparent, and the consequences become painfully clear.

Such a tragedy's financial toll on UnitedHealthcare or any other organization could be profound and enduring. Establishing a comprehensive and robust security framework functions similarly to purchasing insurance; it is a proactive measure that aims to protect against potential threats before they escalate into crises. Implementing preventive and proactive security protocols is vital for the early detection of risks, enabling the organization to neutralize threats before they can materialize into incidents. Historical data consistently reveal that the expenditure required to address and rectify problems after an incident often far outweighs the costs of implementing preventive measures beforehand.

Investing in security is a strategic decision that can ultimately enhance a company's profitability, reflected in future earnings before interest, taxes, depreciation, and amortization (EBITDA). Rather than being viewed merely as a necessary expense, security should be recognized as an essential asset crucial in bolstering the company's overall resilience, safeguarding its employees, and protecting its tangible and intangible assets from harm.

An organization's acceptable risk appetite must be carefully weighed against the potential for a tragic loss of life. Sadly, this critical aspect of organizational health is sometimes neglected, and security measures are often the first budget items to be reduced or eliminated. When financial constraints are imposed, the imperative to do more with less can lead to a dangerous underestimation of robust security's value. Ultimately, such actions jeopardize the safety of the organization's most critical and irreplaceable asset: its people.

As the landscape of cyber security continually evolves and expands, the pressing need for robust physical human security often only becomes evident after a catastrophic event, such as an active shooter incident within an office or workplace setting. This unfortunate reality critically examines how organizations prioritize their security strategies. It is vital for leadership teams to not only recognize but also actively advocate for an equivalent level of investment in physical human security, aligning it with the resources allocated for cyber and information security. While it is undeniable that cyber-attacks can wreak havoc on an organization—resulting in data breaches, financial losses, and potential reputational damage—many organizations find themselves resilient enough to rebound quickly from such digital crises over time, albeit with varying degrees of success.

In stark contrast, the impacts of a physical attack are often far more severe and permanent. Take, for instance, the heartbreaking case of an employee like Thompson. His untimely death is not merely a statistic in a security report; it represents a profound and irreplaceable loss for his immediate family—his wife, young children, and extended family members—who must now navigate a world forever altered by his absence. Friends, coworkers, and society will also face the emotional turmoil of coping with such a shocking event. The ripple effect of this tragedy extends far beyond the workplace, leaving deep emotional scars that will require significant time and support to heal. In the aftermath, we grapple with the harrowing question: How could an incident of this magnitude have been averted?

In the current climate, organizations often perceive the myriad cyber threats they face daily as the most pressing risks, which can lead to a misallocation of resources within the security budget. This skewed allocation places an overwhelming emphasis on cyber security initiatives at the expense of physical human security measures, which can create vulnerabilities in protecting employees and physical infrastructure.

Therefore, it is crucial to appreciate that cyber security and physical human security are not standalone concepts; they are interdependent aspects of a holistic approach to organizational resilience. To safeguard employees' well-being and business operations' sustainability, organizations must commit to providing adequate funding and supportive infrastructure for cyber and physical security measures.

?Such a dual-focus strategy is essential for effectively shielding individuals, protecting valuable digital and physical assets, ensuring the confidentiality of sensitive information, and maintaining the organization’s integrity and reputation in competitive markets. This foundational principle should permeate every level of an organization’s framework, establishing a culture of safety and vigilance that prioritizes protecting lives, preserving assets, and building trust among stakeholders.

While the recent incident is unfathomable, we hope a thorough, transparent investigation will yield actionable insights and significant lessons. We fervently hope that such findings will guide the development of impactful changes and strategies designed to prevent similar incidents from occurring in the future, thereby fostering a safer environment for all and diminishing the likelihood of future catastrophes.

Ultimately, irrespective of any potential errors or lapses on the part of an organization, there is simply no justification for the senseless taking of an employee’s innocent life. This tragedy serves as a sobering and stark reminder of the urgent necessity to prioritize and enhance physical and cyber security measures, safeguarding employees and ensuring a secure working environment for everyone involved.

?