Corporate Executive Protection in the 21st Century

Corporate executive protection (EP) has come a long way in the last few decades, and it will change even more significantly in the coming years. Once dominated by traditional military, government and law enforcement practices, it has transformed into a professional service delivered by specialist partners with insight into how modern corporations operate.

Despite these changes, the industry still utilizes largely the same operating procedures as it did 20 years ago. Hard, tactical skills continue to form the core of most EP training curricula. Precious little attention is given to the softer skills – let’s call them proficiencies that rely on emotional intelligence and familiarity with the inner workings of modern corporations – even though it is these skills that often make or break an EP program in the corporate world. And instead of operating like a service company that exists by delighting its customers, many EP programs take a “my way or the highway” approach to customer service. The thinking seems to be that if it was good enough for their old job 10 years ago, it’s good enough for the Fortune 500 today.

Now, don’t get me wrong. We’re not here to criticize anyone providing security, and there is absolutely nothing wrong with a razor-sharp focus on best-in-class tactical standards. To the contrary: solid, tested SOPs underpin must everything we do, and we must develop and maintain these standards at the highest level possible.

The problem is that by exclusively focusing on the hard skills in the same way we did in the 1980s, we’re leaving out a huge part of what actually creates program success. We’re also ignoring the rapid – and huge – technological and social developments that have changed the world around us – and should be informing a new approach to corporate executive protection, too.

Changing the Conversation About EP

We need to change the conversation about corporate EP, whether we’re talking to clients or each other in the industry, by lifting it up to a higher level. And we need a new operating system to help us do it.

We need to move away from a narrow definition of security that concerns itself with physical attacks and often depends on fear-mongering for work. We need to move to a broader definition of security that includes productivity and wellbeing in its value proposition. Yes, we must still protect the principal against physical attacks, and hard skills are critical. But we must also enable the principal to stay productive wherever the job or other interests might lead. We must protect privacy and reputations in addition to bodies. We must broaden the scope of our protective efforts to take into account the new reality of a world connected by social media, relentless globalization, terabytes of information at our finger tips, the Internet of Things, and who knows what’s coming next. In this new conversation, program customization is key even though programs share many of the same elements.

I think we’ll be able to change the conversation from “why SHOULD we use EP” to “why WOULDN’T we use EP” only if we practitioners get better at understanding and expressing the real value of our programs: the value that goes beyond freedom from fear to the freedom to live a productive, happy life at home and on the road.

Corporate EP Needs a New Operating System

In the IT world, an operating system is what controls a computer’s hardware and software and lets all the applications work together. In the world of corporate EP, it’s our management approach that makes the hardware and the software, the hard skills and the soft skills and all the other moving pieces, come together and work together to meet our goal of protecting the principal.

Time-tested SOPs form the core of the executive protection operating system and will continue to do so. But when times are changing, we need to expand and update these SOPs to keep up.

Corporate EP’s new operating system needs updated SOPs that make sure we protect the principal’s productivity, privacy and peace of mind with the same vigor that we traditionally apply to physical security. It needs SOPs that ensure we interface professionally with all key stakeholders in the corporate ecosystem, not just those responsible for security, because without good relationships based on shared understanding EP’s role in keeping the principal safe, happy and productive, the EP program’s viability will not be sustainable.

We also need to expand our operating system with SOPs that embrace the realities we face in 2017 as well as those over the horizon. Risk profiles change as people travel more, to more places, to do more business. They evolve as we use social media for business purposes and to stay connected to family and friends. And they are complicated by the internet that makes so many things possible, including illicit surveillance and cyberattacks in increasingly innovative ways – as well as reams of data that can be exploited by the good guys as well as the bad guys.

Similarly, compliance issues change when we move in and out of different jurisdictions and face new technologies. What’s legal in Nebraska might not be in Nigeria. What is considered good practice in one corporation might not be so in another. Our new operating system needs to take all of this and more into account to stay on the right side of insurance, legal liability and corporate governance issues.

Organizing Corporate EP for the New Operating System

As we develop our new operating system, corporate executive protection teams will have to organize in new ways. We think the new organizational chart will look something like this:

Corporate Executive Protection in the 21st Century Chart - Security Magazine

In addition to the EP agents traditionally managed, the EP manager will manage a number of new roles.

Intelligence analysis will become more integrated within corporate EP programs. The EP Manager will cooperate with Protective Intelligence Analysts (PIAs) to develop intel relevant to the principal’s risk profile, and to make sure that this intel is shared in a way that mitigates personal risk for the principal and others.

Similarly, Cyber Threat Analysts (CTAs) will focus not only on corporate-wide cyber risks, but specifically on the risks facing prominent principals and other C-suite members, and develop countermeasures that mitigate these risks.

EP managers will take one or more seats in the corporation’s security operations center, where intelligence from many sources is integrated to enable better command and control decisions.

And as technological developments continue to surge ahead, EP managers will need to cooperate closely with tech experts to keep up. This will include everything from tech for communications and surveillance to technical surveillance countermeasures (TSCM).

It’s pretty simple, really.

As one of our clients once told us, “Your team makes it easy to travel, so we travel more.”

It’s really as simple as that. Good EP enables good business operations.

This is the kind of conversation we like to participate in. And this the kind of statement that indicates we’ve moved beyond a discussion about fear mitigation to added value for the business and its chief officers. I believe we in the corporate EP industry will need to up our game and change our operating system to enable more of this kind of conversation. And I also believe we are on our way.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.