Summary
The landscape of corporate security is facing an unprecedented escalation. According to the Security Executive Council (SEC) — a private research and advisory firm — its Executive Targeting Report, which analyzed 424 open-source reported incidents worldwide from 2003 through October 2025, threats against corporate leaders have surged dramatically. In 2025 alone, the total number of recorded incidents increased by 313% compared to 2023. The data paints a sobering picture for protective intelligence professionals: 33% of all targeted incidents resulted in the death or physical injury of the executive.
Who is Being Targeted?
While Chief Executive Officers (CEOs) have historically absorbed the brunt of these threats — accounting for 64% of total incidents — threat actors are broadening their focus. There has been a 225% increase in attacks directed at non-CEO senior executives, such as Presidents, COOs, CFOs, and board members, since 2023.
Demographically, 84% of targeted executives are male, but incidents involving female executives have doubled (a 100% increase) since 2021, reaching record levels in 2025. Industry-wise, executives in the financial and technology sectors are the most vulnerable, each accounting for 17% of total incidents, closely followed by the manufacturing/industrial sector at 12%.
Assailant Profiles and Lethality
A vast majority of assailants (76%) are strangers to the targeted executive. However, internal threats are climbing, with 18% of attackers having a direct workplace connection, such as being a current or former employee. Furthermore, 53% of incidents involved two or more attackers, rather than lone wolves.
The motives driving these attacks are broadly categorized into activism (38%), criminal intent (36%), and personal grievances (15%). Crucially, incidents driven by personal grievances are disproportionately lethal. While they make up a smaller percentage of overall attacks, nearly 80% of personal-motive assailants were armed, indicating a much higher potential for severe outcomes. Overall, weapons were confirmed or suspected in 37% of all incidents, with firearms being the leading weapon of choice (22%).
Tactics and Geographies
The physical domain remains the primary vector for violence, comprising 85% of all incidents. In physical assaults, 75% of attackers utilized walk-up or ambush tactics. Violent incidents tend to escalate toward the end of the workweek, peaking heavily on Fridays.
Another ambush tactic observed, although much less frequently, is drive-by shootings, which account for only 8% of these violent incidents. Geographically, the United States is the primary hotspot for executive targeting, accounting for nearly half (46%) of all global incidents. Since 2020, there has been a sharp escalation in incidents occurring at executives’ private residences, workplaces, and corporate events. Additionally, kidnappings—a persistent threat that began rising steadily around 2015—have seen a pronounced and accelerating resurgence, peaking in 2024 and 2025.
The Rise of Cyber Threats and Activism
Protests and activism represent a massive driver of disruption, accounting for 38% of all incidents across physical, cyber, and hybrid domains. The nature of these protests has evolved significantly, shifting from traditional workplace grievances (like wages and layoffs) toward complex geopolitical issues, global conflicts, and identity-based activism.
Simultaneously, cyber incidents—making up 14% of the total—reached record highs in 2025. A major catalyst in this digital threat surge is the proliferation of Artificial Intelligence (AI) tools. AI has drastically lowered the skill and cost barriers for threat actors, leading to a massive spike in impersonation-based attacks. The boundary between digital and physical threats is also blurring; the report notes cases where online cyber indicators and death threats directly preceded real-world physical approaches.
Security Implications
The unprecedented escalation in corporate threats, marked by a 313% increase in incidents in 2025, calls for an immediate shift to an “intelligence-led protection” posture. The risk landscape is no longer restricted to isolated physical attacks, encompassing advanced cyber tactics, geopolitical activism, and attacks in high-visibility locations.
To mitigate these risks effectively, the facts observed in the research must be considered when drafting new protocols, manuals, and operational plans. To begin with, executive protection must expand its scope. Historically focused on CEOs, security should be extended to other top executives, such as COOs, CFOs, and board members.
Home security must be strengthened, especially for female executives, since 64% of incidents against them occur in their homes. Home is the preferred place when an aggressor is motivated by personal grievances. Security teams must proactively assess and mitigate home vulnerabilities.
It is crucial to implement strict access control and distancing measures against the approach of unauthorized people to prevent ambushes and protect at corporate events. The sharp increase in incidents in workplaces also requires strengthening access control in offices, implementing layers of security, keeping track of personal complaints in alignment with HR, among other measures.
Integration between cyber and physical threat intelligence will be necessary as many threats initially emerge online, preceding physical approaches. Teams must continuously monitor executives’ digital exposure and be prepared for the increasing use of Artificial Intelligence (AI) tools by bullies.
Anticipating risk escalations by activism and geopolitical factors is also key. Activism is the most common reason for documented incidents (38%). Intelligence teams should actively monitor how socio-political pressures, global conflicts, and anti-capitalist resentments can turn individual leaders into targets of symbolic opposition. In short, organizations must use these analytical insights to strengthen threat detection early, inform risk management, and continuously refine their protection strategies, anticipating how threat actors will adapt to new social and technological conditions.
Overview of the situation in Brazil
The report offers a global perspective with a U.S. emphasis. We have supplemented these findings with our on-the-ground experience in Brazil.
In Brazil, there is a lack of centralized and systematic surveys regarding the topic. But, it can be said that violence against executives manifests itself in a more systemic and hybrid way, mixing organized crime, digital extortion, and operational insecurity.
The risk here is not just physical attack, but coercion: executives in sectors such as logistics (ports), infrastructure, and agribusiness have been targeted with threats to “facilitate” operations by criminal factions. The CEO of Hidrovias do Brasil, Décio Amaral, recently stated that violence has become a “leadership issue,” with companies being forced to hire heavily armed security to protect not only cargo but also their operational leaders.
In Ceará and Rio de Janeiro, the Comando Vermelho (CV) and militias expelled legitimate businesses from entire neighborhoods, setting fire to maintenance vehicles and assaulting technicians. Moreover, cases of employees from the operational level being kidnapped are not uncommon.
Investigations by the São Paulo Public Prosecutor’s Office and the Federal Police from August 2025 and March 2026 revealed that the First Capital Command (PCC) harasses the sugarcane sector. In the interior of São Paulo, the faction infiltrated sugar mills and began coercing businessmen and farmers to sell their properties below market prices or to pay “operating fees” to prevent the harvest from being burned. On March 11, 2026, the São Paulo Civil Police launched Operation Tech Extortion, which revealed a new level of violence against business owners. A 43-year-old businessman was held captive for 9 hours, beaten, and forced to sign a debt confession agreement for R$ 500,000. The criminals didn’t just want the Pix balance; they used the victim’s tax and banking data to carry out a “structured extortion,” coercing him to hand over his family car and sign legal documents under torture.
