Protecting the C-Suite: A New Era in Corporate Risk Management"

“By Kevin Quinley, CPCU, ARM, AIC

Is your CEO safe? The assassination of UnitedHealthcare's Brian Thompson exposed a chilling gap in corporate security and sent shockwaves through the business world. His tragic death raises critical questions about how companies protect one of their most valuable assets – their leaders.

UnitedHealthcare's shareholder value has reportedly plummeted by $45 billion since Thompson's killing. This staggering financial loss tragically quantifies the importance of protecting key executives integral to a company's success and market valuation.

In stark contrast to UnitedHealthcare's apparent lack of security for its CEO, other major corporations invest heavily in executive protection:

  • Meta (formerly Facebook) spent $24.4 million on security for Mark Zuckerberg and other top executives in 2023.

 

  • Alphabet (Google's parent company) allocated $6.8 million for personal security services for CEO Sundar Pichai in 2023.

While UnitedHealthcare's security spending remains undisclosed, the fact that Thompson was walking alone in Manhattan suggests a significant disparity in security measures compared to other large corporations. This killing raises serious concerns about whether UHS adequately assessed and mitigated the potential risks to its CEO, especially given the controversies surrounding the healthcare industry, from drug pricing to insurance coverage disputes.

Potential D&O Liability Exposure

Shareholders and stakeholders could view Thompson's lack of apparent security measures as a breach of reasonable care by UnitedHealthcare's directors and officers. They may argue that:

  1. Failure to Protect a Key Asset: The Board failed to adequately protect the CEO, who is crucial to UHS's performance and shareholder value. This perceived failure could breach a fiduciary duty to act in the Company's best interests.

  2. Negligent Risk Assessment: The Board failed to adequately assess and mitigate potential risks to executive safety, especially given the high-profile nature of the healthcare industry and the potential for targeted violence against its leaders.

  3. Deficient Corporate Governance: The Directors and Officers failed to align security practices with industry norms set by other major corporations, demonstrating a lack of due diligence and oversight in a critical area of risk management.

These claims could find support in legal precedents], where courts have held directors and officers liable for failing to exercise reasonable care in protecting company assets and mitigating foreseeable risks. (Caveat: I am a risk management commentator, not an attorney.)

Implications for Corporate Governance

This tragic event should serve as a wake-up call for boardrooms across all industries, particularly for publicly held companies:

  1. Increased Security Budgets: Companies may significantly increase their executive security budgets to mitigate risks and potential liability. Budgets could include investments in personal security personnel, advanced security technology, and comprehensive security training.

  2. Robust Risk Assessment Protocols: Boards must implement more robust risk assessment protocols addressing executive safety. These protocols should consider the specific threats faced by executives in their industry, including potential threats related to their public profile, controversial business decisions, and the overall security environment.

  3. Security as a Central Governance Issue: Executive protection must become a key corporate governance consideration, integrated into overall risk management strategies. Boards should regularly review security protocols and ensure they align with best practices and evolving threats.

  4. Meeting Shareholder Expectations: Investors may begin scrutinizing companies' executive security measures as part of their due diligence process. Companies should prepare to disclose their security policies and demonstrate their commitment to executive protection.

  5. Insurance Considerations: D&O insurance policies may see changes in coverage and premiums related to executive security risks. Companies should review their insurance policies to ensure adequate coverage for potential liabilities arising from security breaches or incidents.

Beyond Bodyguards: A Holistic Approach to Security

Effective executive protection goes beyond simply hiring bodyguards. Companies must adopt a holistic approach to security that encompasses:

  • Cybersecurity: Protecting executives from online threats, including harassment, doxing, and data breaches.

  • Travel Security: Ensuring safe travel arrangements and providing security measures domestically and internationally during travel.

  • Home Security: Assessing and enhancing security measures at executives' residences.

  • Crisis Management: Developing and regularly practicing plans to respond to potential security incidents.

Call to Action

Brian Thompson's assassination is a stark reminder of the vulnerabilities facing high-profile executives. Boards and management teams must reassess their executive protection approach to safeguard their leadership and shareholder value in an increasingly unpredictable world. Prudent executive security consciousness merits a proactive, comprehensive, and well-funded approach to security that prioritizes the safety and well-being of company leaders.