In the aftermath of targeted violence, organizations often find themselves pulled into a familiar debate: Was this a mental health issue? It is a natural question. It is also incomplete.

For security leaders, the problem with the diagnosis-first narrative is not that mental health is irrelevant. It is that the diagnosis does very little operational work. It may describe part of a person’s condition, but it does not explain escalation, target selection, fixation, or movement toward violence. When leadership teams rely too heavily on that frame, they risk overlooking the warning behaviors that are far more actionable for prevention. The more useful question is this: What warning behaviors were present before the event?

That includes grievance development, fixation, leakage, intimidation, major destabilizing stressors, changes in functioning, attack-related communications, weapon interest, planning behavior, and social reinforcement. These indicators do not provide certainty, but they do provide organizations with something far more valuable than post-incident speculation: a basis for intervention. For security leaders, prevention often succeeds or fails in the space between vague concern and structured action.

The Operational Problem With the Diagnosis-First Frame

Many organizations still treat concerning behavior as though it belongs entirely to one lane. If the person appears emotionally unstable, the matter is referred to counseling, HR, student affairs, employee assistance, or clinical support. Sometimes that referral is appropriate. Often it is necessary. But when the conversation stops there, organizations can miss the broader risk picture. A person in crisis may not be on a pathway to violence. A person without a formal diagnosis may be much closer to one.

That distinction matters because targeted violence cases are rarely defined by a single variable. They are defined by a pattern. Security leaders do not need a complete psychological explanation to recognize escalation. What they need is enough structure to identify behaviors that require coordinated attention. This is where organizations often fall short. They do not necessarily ignore warning signs; more often, they distribute them.

Different people see different pieces. A supervisor notices deteriorating conduct or performance. HR is aware of discipline, grievances, or workplace conflict. Security is alerted to access concerns, stalking, threats, or unusual surveillance. A coworker hears retaliatory language. A clinician may be aware of distress. Each signal may seem manageable in isolation. Taken together, however, they can signal a very different level of concern. The risk is not always hidden. It is often fragmented.

If no one owns the full picture, the case can drift until the warning signs become too obvious to ignore. By then, options are narrower, and the organization is often in a worse position.

Why Fragmented Information Becomes Enterprise Risk

Most serious cases do not announce themselves with certainty. They unfold through accumulation. That means the primary failure is often not a lack of awareness. It is a lack of integration.

When organizations lack a structured way to consolidate concerns, they default to informal judgment. One department sees a conduct problem. Another sees a wellness issue. Another sees a policy issue. Another sees a security concern. If no one owns the full picture, the case can drift until the warning signs become too obvious to ignore. By then, options are narrower, and the organization is often in a worse position.

This is one reason security leaders should be cautious about the mental illness narrative. It can unintentionally encourage organizations to misclassify a threat-management problem as a referral issue. Once that happens, leaders may assume the issue has been handled when it has only been redirected. A referral can be part of a response. On its own, it is not a violence prevention plan.

The enterprise consequence is significant. When concerning behavior is repeatedly routed away from coordinated review, leadership loses the ability to see patterns, assess escalation, and intervene early. The organization becomes reactive, even when individuals inside it are trying to do the right thing.

What Strong Programs Do Differently

Effective programs are built on behavior, context, and coordination. They create reporting pathways that people actually use. They establish multidisciplinary review teams with clear authority. They document concerning behavior over time rather than reacting only to the latest incident. They clarify ownership. They distinguish transient distress from patterns that suggest escalation. And they intervene before the conduct turns overtly violent. That does not require overreaction. It requires discipline.

A strong threat assessment process helps leaders ask practical questions:

• Is grievance intensifying?
• Is fixation becoming more pronounced?
• Has the person communicated intent, fantasy, or justification?
• Are there signs of rehearsal, surveillance, or weapon interest?
• Have recent stressors increased desperation or reduced self-control?
• Are multiple departments each holding a piece of the same case?

These questions matter because they shift the conversation from labels to action. They also support better executive decision-making. Prevention is not a vague commitment to “monitor the situation.” It is a coordinated management function with real implications for governance, training, documentation, legal review, internal communication, and accountability.

What Security Leadership Needs to Drive

Security leaders are uniquely positioned to help organizations make this shift because they are often the only function routinely trained to think in terms of patterns, escalation, vulnerabilities, and consequences.

That does not mean security should own every case alone. Quite the opposite. The strongest programs are multidisciplinary by design. But security should be one of the clearest voices pushing the organization beyond simplistic explanations toward structured assessment.

That includes helping executive leadership understand that prevention is rarely about identifying a single decisive fact. It is about recognizing when several manageable concerns combine into a significant risk.

It also means pushing back, respectfully but clearly, when the language of mental illness becomes an excuse for oversimplification or inaction. If leadership hears “this person has mental health issues” and assumes the matter is outside the security lane, the organization may miss the specific behaviors that warrant intervention.

Security leadership has another important role here: reinforcing that early intervention is not overreach. Many organizations hesitate because they fear acting without certainty. But waiting for certainty is often another way of waiting too long. A strong prevention posture does not require organizations to predict violence with precision. It requires them to recognize concerning patterns, document what they see, and respond proportionately before the risk picture worsens.

The Better Question

Security professionals should resist the temptation to reduce targeted violence to a mental health narrative. That explanation may feel intuitive in the aftermath, but it is strategically incomplete.

The real question for any security program is not whether a diagnosis was present. It is whether the organization was able to detect the warning signs early, connect them across functions, and respond in a disciplined manner. That is the standard that strong prevention programs should meet.