In 2024, the tragic killing of corporate advisor Brian Thompson shocked business leaders nationwide and reignited urgent discussions around corporate security and workplace safety. The event revealed glaring vulnerabilities and reinforced a growing need: Every company in 2025 should have a formal, written Protective Services Policy.
This blog post outlines why that policy is not just beneficial, but critical. Drawing on over three decades of protective services experience and supported by data from trusted sources like BLS.gov, the FBI, OSHA, and the U.S. Secret Service, this article provides business leaders, HR professionals, and facility managers with expert guidance on building safer workplaces.
Preventable Tragedies
The Brian Thompson Case
According to public accounts, Brian Thompson was fatally shot by Luigi Mangione, a 46-year-old man with no confirmed personal or professional affiliation with UnitedHealth Group. Authorities stated that Mangione was not a contractor, employee, or even a client of the organization. Instead, investigators found that he harbored ideological grievances against the healthcare industry as a whole.
Mangione planned the attack in advance, arriving with a suppressed ghost gun and handwritten notes expressing disdain for corporate healthcare practices. The shooting occurred outside a Midtown Manhattan hotel during a leadership event, where Mangione approached Thompson and shot him at close range. He was later apprehended and charged with interstate stalking and murder.
Internal warnings had reportedly been issued. The HR team had taken preliminary precautions. But without a unified Protective Services Policy—including defined threat response procedures and interdepartmental coordination—critical warning signs were missed.
Key vulnerabilities in the Thompson case included:
- Lack of early threat intervention
- Insufficient facility access control
- Absence of integrated HR, legal, and security protocols
The 2018 YouTube HQ Shooting
This tragedy echoes others, such as the 2018 workplace shooting at YouTube’s San Bruno campus. In that case, Nasim Najafi Aghdam, upset over perceived censorship of her content, entered the facility with a legally purchased handgun. She shot three employees before fatally turning the weapon on herself.
Despite the shooter having posted grievances online and being the subject of a police welfare check days earlier, no direct threat intervention occurred. The case revealed key lessons:
- Lone-wolf actors often show visible behavioral shifts
- Open-source intelligence monitoring (e.g., social media) can identify risks
- Public agencies and private security must improve coordination
These events share a common theme: Red flags were visible—but systems were not in place to respond effectively.
Workplace Violence: A National Threat
According to the U.S. Bureau of Labor Statistics (BLS), workplace homicides made up 9% of all fatal work injuries in 2022, totaling more than 500 deaths. Many of these incidents were intentional acts committed by co-workers, former employees, or unrelated aggressors.
The Occupational Safety and Health Administration (OSHA) reinforces that employers have a general duty to provide workplaces free of known hazards—including the threat of violence. Legal rulings increasingly uphold this responsibility, and organizations that fail to meet it risk:
- Civil lawsuits for negligent security
- Increased insurance premiums
- Loss of shareholder and public trust
- Long-term damage to employee morale and retention
What Is a Protective Services Policy?
A Protective Services Policy is a formal internal document that outlines how a company prevents, detects, and responds to threats against its people, executives, property, and reputation.
Key policy components include:
- Formation of a Threat Assessment Team (TAT)
- Physical access control protocols
- Behavioral threat identification guidelines
- Response plans for terminations and high-risk meetings
- Post-incident documentation and debriefs
- Employee training and awareness programming
This policy becomes the operational core of an organization’s workplace safety posture.
Data-Backed Insight: FBI and USSS Findings
The FBI’s Behavioral Threat Assessment Center and the U.S. Secret Service’s National Threat Assessment Center (NTAC) have both confirmed a striking insight: Most acts of workplace violence are preceded by observable warning signs.
According to NTAC’s Mass Attacks in Public Spaces report:
- 93% of attackers had elicited concern before the attack
- Most communicated threats or expressed intent to harm
- A majority were already known to the victim or the organization
In mid-sized and large corporations where HR, legal, and security teams often operate in silos, the absence of a unifying policy can cause these signs to be overlooked.
How Protective Services Policies Enhance Safety and Reduce Liability
Organizations that implement a written Protective Services Policy benefit in multiple ways:
- Clear accountability – Every employee understands their role in threat response
- Documentation of due diligence – Critical in legal defense or insurance claims
- Faster, more coordinated crisis response
- Enhanced company culture – Promotes trust and safety among staff
When supported with regular training and drills, these policies build true organizational resilience.
Next Steps for Business Leaders in 2025
If your company does not yet have a Protective Services Policy in place, now is the time. Begin with the following actions:
- Conduct a Protective Services Risk Assessment – Identify vulnerabilities in people, procedures, and property
- Form a Multidisciplinary Threat Assessment Team – Include Security, HR, Legal, Facilities, and Executive stakeholders
- Draft a Policy Aligned with Industry Standards – Use guidance from OSHA, DOJ, USSS, and FBI resources
- Train Staff Across All Levels – Implement workshops and tabletop exercises
- Review and Update the Policy Annually – Reflect on past incidents and evolving threats
Final Thoughts: Your Duty to Protect
The loss of Brian Thompson wasn’t just a failure of individual action—it was a breakdown in organizational preparedness. His death, like those at YouTube and other workplaces, underscores that safety must be systemic.
A Protective Services Policy is not just a security document. It is a corporate commitment to vigilance, duty of care, and ethical leadership. In today’s environment, it also reflects your company’s adherence to best practices around trust, authority, and accountability.
Don’t wait for tragedy to expose the gaps. Protect your people—and your company—by acting now.
Sources:
- Wikipedia: Killing of Brian Thompson
- OSHA: Guidelines for Preventing Workplace Violence for Healthcare and Social Service Workers
- USSS NTAC: Mass Attacks in Public Spaces Report
- BLS.gov: Census of Fatal Occupational Injuries
- FBI Behavioral Threat Assessment Center
- Reuters, AP News: Coverage of Brian Thompson’s death
- YouTube HQ Incident Reports (2018)