OPS // READY Call Now
Home / Insights / Executive Security
// BRIEF-02 · Executive Security

Workplace Violence Trends 18 Months After the UHC CEO Shooting

What the threat data shows about executive targeting, what corporate clients are actually buying, and what most companies still get wrong eighteen months into the post-UHC threat environment.

May 5, 2026·10 min read·ParaMil Intelligence Cell

The December 4, 2024 targeted killing of UnitedHealthcare CEO Brian Thompson in midtown Manhattan was the most consequential corporate-security event of the decade. It reframed the executive-protection conversation overnight — from a discretionary executive perk to a documented board-level fiduciary question.

Eighteen months later, the corporate-security market looks materially different than it did before. ParaMil’s book of corporate engagements has grown, the composition of those engagements has shifted, and the gap between what clients are buying and what the actual threat environment requires has not closed as much as it should have.

What the threat data actually shows

The post-UHC threat environment is real, persistent, and structurally different than the pre-UHC environment. Reporting from FBI sources, ADL, and a range of corporate-security intelligence firms shows sustained elevation in three vectors:

  • Named executive targeting. Direct, named threats against publicly identified CEOs and senior officers have remained meaningfully elevated relative to the 2019-2024 baseline.
  • Grievance-driven attack ideation. Online communities centered on healthcare, insurance, financial services, and tech leadership continue to produce attack-ideation content that triggers protective-intelligence concern at credible threshold.
  • Family-targeted exposure. Discoverable information about executive family members — school, residential, social — has emerged as a meaningful and measurable threat vector, distinct from the executive themself.

What corporate clients are actually buying

The categories of corporate-security spend that grew most sharply in the eighteen months after the UHC shooting:

  • Standing residential protection programs for named C-suite executives
  • Threat assessments and OSINT monitoring of the named executive and immediate family
  • IRS §132 Independent Security Studies to formalize executive security benefits
  • Workplace violence prevention programs with on-call protective response
  • Secured transport for daily commute and public appearances
  • Family-member protection — spouse, adult children, residential, school transport
“Eighteen months in, most corporate executive-protection programs are still under-built relative to the actual threat environment.”

What most companies still get wrong

1. Treating protection as event-driven, not standing

The pattern is consistent: a credible threat surfaces, the company spins up a 30- to 90-day protective detail, the threat fades from immediate attention, the program is wound down. The next credible threat is met with the same compressed timeline. This is the single most common operational mistake we see — and the easiest one to fix. Standing, low-intensity protective posture is structurally more effective and operationally less expensive than recurring high-intensity surge engagements.

2. Protecting the executive while leaving family exposed

The executive is hardened. The spouse is on Instagram. The kids’ school is in the executive’s public bio. This pattern is universal and unsolved. Family-side protective intelligence is the single highest-leverage adjacency to a corporate executive-protection program.

3. Buying the protective detail without the threat assessment

A protective detail without a current named-principal threat assessment is a delivery vehicle without a target. The threat assessment is the cheapest, fastest, and most operationally consequential component of a corporate executive-protection program — and the one most often skipped.

4. Treating IRS §132 as a tax exercise rather than a security exercise

When public companies engage an independent firm for a Section 132 study, the highest-value output is not the proxy-disclosure language — it is the independent threat assessment and protective-posture review that the §132 framework requires. ParaMil’s §132 engagements are scoped to deliver real operational value, not just a tax-counsel work product.

What a properly built program looks like

A current-best-practice corporate executive-protection program for a public-company CEO with measurable public exposure includes, at minimum:

  • Current named-principal threat assessment, refreshed annually
  • Continuous OSINT and dark-web monitoring of the named executive and immediate family
  • Standing residential protective posture — not a 30-day surge engagement
  • Secured transport posture for daily and public-appearance movement
  • Family-member protective intelligence and posture — school, spouse, adult children
  • Workplace violence prevention program with on-call protective response
  • Annual IRS §132 Independent Security Study, formalized for proxy and tax treatment
  • Quarterly tabletop or executable contingency rehearsal with the security cell

For named-principal threat assessments, residential program design, IRS §132 study scoping, or post-incident response, contact the ParaMil corporate-security cell directly. Engagements are conducted under written NDA with reporting designed for the principal, the security committee, and counsel.

// Related Briefs

More from ParaMil

// Related

Q2 2026 Geopolitical Travel Risk Brief

Read →
// Related

Security Considerations for NFLPA International Travel

Read →
// Engage

Need This Analysis Applied to Your Situation?

ParaMil’s threat-intelligence cell supports client engagements with named-principal briefings, threat assessments, and tailored protective-posture recommendations.

Talk to a ParaMil Advisor
Contact Ops