β οΈ Why this matters
Most serious harm to senior individuals does not begin with an attack. It begins with small, observable changes that are easy to dismiss until it is too late.
I have spent much of my career dealing with targeted threats β not after they peak, but while they are forming. The pattern is consistent: early indicators are present, but they are misunderstood, minimised, or treated as someone else’s problem.
Advisors are often closest to those early warning signs.
π What current research confirms
The numbers are sobering. Recent analysis of over 400 executive targeting incidents between 2003 and 2025 shows a 313% increase in attacks over the past two years alone. A third of those incidents resulted in death or serious injury. This is not a marginal risk.
The corporate security community sees it too. A global survey of over 2,300 chief security officers found that 42% believe the threat of violence against executives has increased over the past two years. Institutional investors are paying attention β 97% now say it is important that companies they invest in provide physical protection for senior leaders. They recognise what many boards still underestimate: key executives represent 30% or more of a company’s value, according to over two-thirds of investors surveyed.
β‘οΈ The data matters β but the real lesson is simpler:
Targeting develops. It rarely arrives fully formed.
Before harm occurs, there is usually a period of escalation marked by fixation, grievance, access-seeking, and growing confidence on the part of the individual or group involved.
β Where risk is commonly misread
π£ Activism mistaken for background noise
When a cause or grievance attaches itself to a named individual, behaviour changes. Research has identified sixteen distinct ways activists now target executives β from public confrontation to coordinated harassment campaigns. Activism-related incidents have risen by 463% in recent years and now account for more than a third of all targeting events. The emergence of so-called ‘citizen’s arrest’ movements has normalised physical confrontation as a form of protest. Treating this as a reputational issue alone is a mistake.
Investors understand this better than many security teams. 85% of institutional investors now agree that activist groups pose a growing physical security risk to corporate facilities and executives.
β³ Waiting for certainty
Most serious incidents do not come with neat warnings. Formal threat thresholds are blunt instruments. Indicators tell you about direction, not proof. By the time certainty arrives, opportunity has already been created. In targeted attacks driven by personal grievance β a grudge, a perceived wrong β 70% of assailants arrive armed. These are the most dangerous encounters, and they rarely announce themselves in advance.
π Overconfidence in routine
Predictable diaries, repeated venues, and informal appearances feel safe because they are familiar. In practice, they are where most access is gained. Conference and event targeting now accounts for over 250 recorded incidents. Home-based approaches are less frequent but rising, and female executives are disproportionately targeted at their residences, with 64% of incidents involving women occurring at home compared to 44% for men.
π Separating online behaviour from real-world risk
Digital activity is often dismissed as a nuisance. In reality, it frequently provides the detail and confidence needed for a real-world approach. The analysis of research is clear: cyber activity now regularly precedes physical targeting. Online surveillance gives bad actors the information they need β schedules, locations, family details β to plan and execute approaches. 73% of companies have been targeted by misinformation or disinformation campaigns in the past year. This is not abstract. It creates the conditions for escalation.
𧩠Case study: the moment that mattered
A senior executive was contacted directly on his mobile by an individual with a personal grievance against the organisation. The initial problem was simple: the executive was so accessible that his number was publicly available.
What followed made things worse. Members of the leadership team were persuaded to join a video call with the individualβan attempt to resolve the dispute that instead lent it legitimacy and elevated the person’s status in their own mind. Demands followed, then threats. Attempts to reason with him failed. The dispute became the organisation’s most critical priority.
Three things concerned us when we were engaged.
First, the threats were causing genuine fear β not just about physical harm, but reputational damage and psychological strain on those targeted.
Second, the pattern of escalation was clear: from grievance to contact to demands to threats.
Third, there was no certainty about what would come next.
We conducted a full investigation and psychological profile. A specialist forensic psychologist identified personality traits that indicated risk of further escalation. We then built a communication strategy designed to defuse rather than inflame β tailored to the individual’s psychology. We assessed the digital vulnerabilities of those at risk, provided residential security for those most exposed, and represented the client with the police.
The threats stopped. But the real lesson came earlier: the dispute could have been contained much sooner had the initial warning signs been recognised and managed differently.
π What advisors should watch for
You are not expected to assess threats. You are expected to notice change.
Pay attention when you see:
πΉ repeated focus on one named individual
πΉ language moving from complaint to blame or justification
πΉ attempts to get closer β events, homes, staff, family
πΉ interest in routine, timing, or location
πΉ shifts in confidence, behaviour, or avoidance by the client
πΉ online activity aligning with real-world presence
Taken together, these signals when reassurance should stop, and assessment should begin.
The research confirms what experience has long suggested: three-quarters of assailants in targeted attacks are strangers. The threat does not always come from someone your client knows. It comes from someone who has decided they know your client.
π‘οΈ Why early intervention works
Most harm is prevented quietly:
βοΈ by reducing visibility
βοΈ by breaking patterns
βοΈ by supporting confidence rather than feeding fear
βοΈ by protecting families as well as principals
Good threat management is calm, proportionate, and early. When it is done properly, very little happens at all.
The corporate world is waking up to this. Two-thirds of security chiefs expect their physical security budgets to increase in the coming year. The top priorities? Enhanced security procedures, risk assessments for leaders, and monitoring online threats. Companies that experienced security incidents last year lost an average of $9 million in revenue. A significant incident can reduce the value of a publicly listed company by 32%, according to institutional investors.
Prevention is not just sensible. It is economically rational.
π§ A final word
If you are trusted with someone’s affairs, you are often trusted with their safety β whether that responsibility is acknowledged or not.
The difference between concern and harm is often judgment applied too early.
That is the space in which Defuse Global operates.
Philip Grindell is the founder and CEO of Defuse Global, a specialist threat advisory consultancy that helps prominent individuals, families, and the advisers who support them move from fear to clarity.
A former New Scotland Yard Detective with over 35 years in law enforcement and security, he created the specialised threat assessment team at the UK Parliament following the assassination of Jo Cox MP in 2016, where he identified and prevented a planned terrorist attack against an MP.
Trained directly by Dr Robert A. Fein, co-author of the US Secret Service study on targeted violence, Philip is among fewer than 300 globally recognised Chartered Security Professionals. He is the author of Personal Threat Management (2025), hosts a regular podcast on behavioural threat assessment and personal security, and publishes the weekly newsletter Defuse News.
π Research sources
SEC/Mercyhurst University Executive Targeting Report 2025
Welund Guide to Executive Targeting 2025
Allied Universal World Security Report 2025 (survey of 2,352 chief security officers across 31 countries and 200 institutional investors)