Every company and organization feels an obligation to try to ensure that its employees and other people are kept safe from harm while engaging in the organization’s business. With last week’s murder of UnitedHealthcare’s CEO, Brian Thompson, while he was walking down a street in New York City on his way to meet with the firm’s shareholders, this responsibility is front and center on the national news. It reinforces the idea that every company should look at the plans it has in place to protect its people, particularly executives and others who are in the public eye.

While there is still much we don’t know, and may never know, about the motivations of the United Healthcare shooter who lay in wait and ambushed Mr. Thompson, the facts that have come out paint a picture that this was not a random act of violence or a murder carried out during the commission of a robbery or other crime. Instead, it appears that the killer targeted his victim because of who he was. Whether the killer was motivated by a perceived personal slight against the killer or his loved ones by UnitedHealthcare, a desire to commit a terrorist act and be seen as a vigilante social justice warrior engaging in class warfare, or even a personal issue with the victim unrelated to UnitedHealthcare, we may never know.

What we do know is that the killer appears to have engaged in all of the pre-attack behaviors we expect to see when someone is on the pathway to committing an act of targeted violence (illustrated below in Figure 1). From the information available in this case, these defined pre-attack behaviors consist of:

Figure 1: In nearly all cases of targeted violence the attacker follows a similar set progression of steps, pathway to violence, as the mentally prepare themselves to commit a violent act. At each stage of the pathway to targeted violence “leakage” occurs that provides an opportunity to identify the violence risk and potentially take action to de-escalate the aggressor’s behavior.
Graphic adapted from Calhoun & Weston, “Contemporary threat management: A practical guide for identifying, assessing, and managing individuals of violent intent”.(2003)

• Some precipitating event or events led the killer to develop a perceived grievance against the victim himself or his employer, which started the killer on the pathway to committing this horrendous act.
• The killer then likely entered the ideation phase where he began considering striking out violently against the person or entity he bore the grievance against, whether that was the victim personally, UnitedHealthcare, or even potentially the health insurance industry as a whole.
• As he progressed through ideation, he moved into a planning phase where he began considering how he would strike against the object of his ire. In this case, landing on the plan to strike at the victim while in New York for the annual shareholders’ meeting, an event that is by its nature held in a semi-public setting.
• Once that plan was developed, the killer moved into the preparation phase in which he procured material he might need for the crime, whether that was the weapon and ammunition, the face mask and other clothing, or a bicycle as a getaway vehicle. He also appears to have traveled to New York, likely conducted surveillance of the victim to identify his patterns and know when and where he might find him, and likely practiced his escape route. 
• This pathway culminated in what appears to have been several hours of waiting along the victim’s route and several seconds of violence that led to the man’s death.

While at this early stage, we know very little for certain about the grievance that motivated the killer and his actions leading up to his crime, we do know that in almost all instances of targeted violence, the perpetrator follows these same steps. While their speed of movement through this process can vary from a few minutes to several decades, the process is nearly always similar. Each stage of the process also typically provides “leakage”, or clues to those around the perpetrator that, when put together, may demonstrate that they are on the pathway. This leakage can include any number of things, from a sudden fascination with weapons or mass killers, a decrease in care about other things that have historically been important to them, to direct threats against their target or stalking of the intended victim. If identified before an attack, each of these incidences of leakage can help a behavioral threat assessment and management (BTAM) team assess where the individual may be on the pathway and implement mitigations that will hopefully redirect their behavior or remove the threat.

Almost all public figures, whether celebrities, politicians, corporate or organizational executives and figureheads, or other high net-worth individuals, are subject to receiving threats at volumes, that for some can reach thousands per week. It is a challenge for executive protection, corporate security, and other professionals tasked with protecting them to separate threats that are simply someone “making a threat” with no intention to carry out an act of violence from those that are made by someone who actually “poses a threat” of carrying out an act of targeted violence.

Individual researchers and organizations such as the Association of Threat Assessment Professionals have dedicated significant effort to researching the subject of how best to identify and quantify the risk of targeted violence. The majority of the evidence based research is predicated on the use of multi-disciplinary BTAM teams who are equipped to both assess the risk of targeted violence using validated methods and then to apply appropriate mitigations based on the risks and situational factors identified. This BTAM process (Figure 2) includes several key steps:

Figure 2: The BTAM process consists of six distinct steps designed to help the team quantify the risk of an individual committing an act of targeted violence and deploy measures to mitigate this risk.

• The identification of a person who may pose a threat of targeted violence against another individual or the organization.
• An inquiry or investigation to identify potential leakage that may indicate the subject has entered the pathway to targeted violence and other information regarding the subject.
• An assessment by a multi-disciplinary BTAM team for the purpose of quantifying the risk of violence posed by the subject through review of the potential leakage and other information regarding the subject and their behaviors.
• The application of appropriate actions aimed at de-escalating the subject, protecting the target, and otherwise mitigating the risk of the subject successfully carrying out an act of targeted violence. These can include protective measures such as increases in executive protection, hardening of physical security for the work areas of the target, and intervention of law enforcement, as well as direct actions to attempt to de-escalate the person who poses the threat and move them off of the pathway to violence through resolution of their perceived grievance.
• Periodic reassessment of the state of the threat by the BTAM team, either at set intervals or as new information becomes available, of the subject's potential to present a risk of targeted violence.

Many corporations, schools, colleges, and healthcare organizations have already implemented BTAM teams and processes, but many others have not, either because they are unaware of the concept, have not yet seen a need for it, or simply have not been able to dedicate the resources to develop and train a team.

Our guidance to clients typically includes the development of a process for the management of potential threats of targeted violence whether, that analysis is conducted by an in-house team of experts, external experts whom the organization can engage on an as-needed basis, or a hybrid of the two. Regardless of which model an organization implements, we suggest that they:

·       Identify a core BTAM team, whether internal employees or external contractor subject matter experts and ensure that the members are qualified and appropriately trained to perform their duties.

·       Develop policies and procedures to guide the actions of the BTAM team around how identified potential threats will be  assessed and managed, and ensure that processes are consistent and anchored in evidence based practices.

·       Develop a simple process for employees and other stakeholders to report behaviors of concern and a process for ensuring timely assessment of each submission.

·       Educate all employees and other stakeholders regarding the risks of targeted violence, potential warning signs, and the organization’s reporting process.

·       Regularly assess security risks, including that of targeted violence, and adapt its protection strategies to meet changing environments and newly identified risks.

While it is unreasonable to expect a company or organization to be able to create an environment that is one hundred percent safe from the threat of violence, these steps discussed above will help reduce the risk of targeted violence to an organization and its people.

Drew Neckar is a Principal Consultant with COSECURE, prior to beginning his consulting career he has developed threat assessment programs for healthcare organizations, universities, and corporations. He is also a long time member of the Association of Threat Assessment Professionals and is Board Certified by that organization as one of only several hundred Certified Threat Managers (CTM) in the world, and his opinions and advice on corporate security and executive protection have been cited by The New York Times, Forbes, NBC News, The Hill, PBS, Security Management Magazine, and the Robb Report. He and the rest of the COSECURE team are available to assist our clients in developing their own BTAM processes and programs. [DN1]