What Is a Threat Assessment and Why Every Executive Should Have One

July 8, 2026

Most executives who think about their personal security do so reactively. They install home security after someone in their neighborhood gets robbed, they arrange for a professional driver after a close call on a late-night work trip, and they add a security guard to public events after they receive an unsettling letter in their mailbox. 

Reactive security is better than nothing, but it only addresses threats and danger after it's been experienced. The foundation of a professional executive protection program is something different: a structured process that identifies specific vulnerabilities before they can be exploited. That process is called a threat assessment.

If you've never had one, you're not alone. But given what the data shows about where the average executive’s risk profile is heading, 2026 is the year to change that.

The Numbers Have Changed

Not long ago, physical threats to corporate executives were treated entirely as edge-case scenarios, the kind of risk you thought about if you were a Fortune 50 CEO operating in a high-conflict region. 

The Security Executive Council's 2025 Executive Targeting Report found that by October 2025, the volume of documented incidents targeting senior corporate leaders had already doubled compared to all of 2024. It reached the highest level ever recorded. Among the most targeted industries were financial services and technology, each accounting for 17 percent of all global incidents.

The targeting is also no longer confined to the most visible individual in an organization. Non-CEO leadership roles (CFOs, CTOs, general counsel, board members, and senior executives with public profiles) saw a 225 percent increase in targeting incidents since 2023, now accounting for 32 percent of all cases. Spouses, children, and executive assistants have been affected in incidents where they were targeted as extensions of the executive themselves.

A separate September 2025 survey of corporate security chiefs found that 42 percent reported a significant increase in threats of violence against executives over the prior two years. And a 2025 Ponemon Institute report revealed that 50 percent of security professionals believe their own executives will be targeted in a physical attack at some point in the future.

The executive protection market has responded with an explosion of growth. Median annual spend on executive security across S&P 500 companies reached $95,000 in 2024, a 120 percent increase versus the prior three years. By mid-2025, more than 34 percent of S&P 500 companies disclosed personal security perks in their proxy statements, a 21 percent year-over-year increase. Goldman Sachs research found that 25 percent of companies now offer personal security to CEOs, up nearly 60 percent from two years earlier.

These organizations did not begin those programs by hiring a driver and hoping for the best. They began with a threat assessment.

What a Threat Assessment Actually Is

A threat assessment is an intelligence-led process that identifies the specific threats facing an individual, evaluates their likelihood and potential severity, and establishes the foundation for a tailored protection program.

The key word is specific. A generic security checklist tells you whether a lock is on the door. A professional threat assessment tells you whether a motivated adversary could bypass that lock, why they might want to, and what the first indicators of that intent would look like.

At its core, a comprehensive executive threat assessment examines three intersecting dimensions of risk:

Who the executive is: their public profile, media presence, social media footprint, organizational role, and the causes, positions, or decisions that may have drawn hostile attention.

What the executive does: their daily routine, commute patterns, frequently visited locations, travel schedule, event calendar, and any predictable patterns that could be exploited by bad actors.

What vulnerabilities exist: gaps in current residential security, weaknesses in office access protocols, exposure during transit, and the reach of personally identifiable information available through public records and data brokers.

These inputs are analyzed together to build a risk profile that is unique to the individual.

What Gets Examined

Here is what a well-conducted evaluation covers:

Public and digital footprint. In 2026, a motivated threat actor can assemble a detailed target package on a public executive in a matter of hours. Home addresses indexed through public records, vehicle information, family members' names and workplaces, gym and restaurant check-ins, event calendars, and professional statements are all publicly available through data brokers, social media, and press coverage. The assessment catalogs this exposure and identifies the information most likely to facilitate targeting.

Threat history and communications. Any prior incidents (threatening emails, social media messages, confrontations at events, or suspicious contacts) are documented and analyzed. Potential incidents that form a pattern of threats are hunted down meticulously. Behavioral threat assessment methodology identifies the warning behaviors that research associates with movement toward violence.

Residential security. The assessment evaluates the physical security of the executive's home: perimeter integrity, access control, surveillance coverage, response time from local law enforcement, and any blind spots that could be exploited. It also accounts for household staff, family members' routines, and the visibility of the property from public vantage points.

Corporate office and campus. Workplace security receives a parallel evaluation: access control systems, visitor management protocols, proximity of the executive's workspace to public areas, and the security posture of conference rooms, parking structures, and executive entrances.

Transit and travel patterns. Route predictability is one of the most common vulnerabilities in executive security. The assessment maps the executive's routine transit and identifies any points of vulnerability or high exposure. This analysis forms the basis for route variation protocols and secure transportation planning.

Event and public appearance exposure. High-visibility events such as conference keynotes, investor meetings, media appearances, and board presentations represent elevated-risk moments when the executive's location is publicly known in advance. The assessment identifies the upcoming calendar and evaluates which events require advance work, close protection, or other security measures.

Digital-to-physical threat vectors. One of the most significant developments in executive risk over the past two years is the acceleration of hybrid threats. Cases in which digital surveillance, social engineering, or online radicalization precedes or enables physical action. The Security Executive Council's research found that cyber incidents now account for 14 percent of all executive targeting cases, with hybrid cases blurring the line between digital and physical threats. A professional assessment accounts for this threat explicitly.

Family and household exposure. Female executives are statistically more likely to be targeted at their residences, and family members are increasingly viewed as leverage points in kidnapping and extortion plots. Kidnapping incidents involving executives and their families reached peak recorded levels in 2024 and 2025. The assessment evaluates family exposure and recommends appropriate protective measures for spouses, children, and household staff.

What a Threat Assessment Produces

The output of a professional threat assessment is a prioritized risk profile and a set of actionable recommendations, not a list of every conceivable thing that could go wrong. It is a clear-eyed view of the threats most likely to arise and the specific measures that meaningfully reduce each one.

Typical outputs include:

A threat landscape summary specific to the individual, industry, and geography, identifying the threat actor categories most relevant to their situation (organized crime, ideologically motivated actors, disgruntled insiders, opportunistic criminals).

A vulnerability map across residential, corporate, transit, and digital environments, with each gap ranked by likelihood and potential impact.

A set of tiered recommendations organized by priority and proportionate to the identified risk level.

A foundation for protection planning: the threat assessment informs every subsequent element of an executive protection program, from close protection staffing decisions to residential security upgrades to digital hygiene protocols.

Critically, a threat assessment is not a one-time exercise. The threat environment changes. Personnel changes, organizational decisions, public statements, and world events all shift the risk picture. Professional programs incorporate regular reassessment, typically annually, with triggered reviews following significant changes in the executive's profile or circumstances.

Who Needs a Threat Assessment

The honest answer is: any executive whose public profile, decisions, or organizational role could make them a target, which is a broader category than most would think in 2026. 

The clearest indicators that a formal threat assessment is warranted include:

A significant media or public profile, whether through press coverage, social media presence, or industry visibility.

Responsibility for decisions that are publicly known and that affect large numbers of people, such as layoffs, controversial policy positions, high-profile litigation, and environmental impact.

Involvement in industries that are currently subject to heightened activist attention (e.g, artificial intelligence, financial services, healthcare, energy, and defense)

A role that involves frequent public appearances, high-profile travel, or regular exposure in unfamiliar environments.

Any prior history of threatening communications, hostile encounters, or suspicious surveillance activity.

A family profile that includes visible, independently public family members who might be targeted as extensions of the executive.

If any of these apply, a threat assessment is the appropriate starting point. Not because the risk is certain to materialize, but because understanding the specific shape of the risk is what makes protection proportionate, effective, and unintrusive.

The Case for Starting Now

The executives who are best protected in 2026 share a common characteristic: they did not wait for an incident to prompt them to act. They understood that the threat environment had changed, that their visibility created exposure, and that the cost of a professional assessment was negligible relative to what it was designed to prevent.

The activation of ideology-driven targeting of tech executives, illustrated most vividly by the April 2026 attack on OpenAI CEO Sam Altman's home, and the continued rise of organized criminal activity against high-net-worth individuals in the Bay Area and beyond represent a threat environment that rewards preparation and penalizes passivity.

A threat assessment does not change who you are or how you operate. It tells you, precisely and professionally, what you're actually facing and what it takes to face it on your terms.

JPT Security provides confidential threat assessments for executives, high-net-worth individuals, and corporate clients across Silicon Valley, the Bay Area, Austin, Dallas, and beyond. Contact us to schedule your assessment.

Related reading: The Threat Landscape for Bay Area Executives in 2026 | Executive Protection Services | Insider Threats: A Growing Concern in Executive Protection | The Future of Executive Protection: Trends and Technologies to Watch

JPT Security

JPT Security is an elite international security firm delivering protective services designed specifically for executives, small to medium businesses, family offices, and private individuals.

Office

2099 Gateway Pl, #560
San Jose, CA, 95110

info@jptgroup.com

+1 408 352 5108

Menu

Resources

JPT Security © 2026. All Rights Reserved. PPO# 122425