How to Address the Blurred Line Between Cyber and Physical Threats to Executives

For decades, cyber adversaries targeted corporate assets: intellectual property, systems stability and the bottom line. But the attack surface has evolved. Executives themselves are now prime targets and are singled out to destabilize companies and sway public opinion. What begins in the digital world can quickly migrate offline, resulting in real-world threats, hate and violence.

I have spent a significant portion of my time recently analyzing the vulnerability of top leadership and advising companies on how they can minimize C-suite exposure. I have been a part of numerous conversations where we’ve talked through the convergence of physical and digital risk to the executive team. Coupled with the fact that I am a CEO myself, I feel a responsibility to share what I’ve learned to help my peers navigate the new reality of executive protection.

I’d like to shed light on some core lessons I carry with me, including how digital personas are giving attackers ammunition, AI empowers both attacks and defenders, and fragmented security programming is creating protection blind spots.

The new reality of risk

The threat environment for executives is no longer linear; it’s complex, layered and unforgiving. Sophisticated tools make credential theft, account takeovers and data breaches routine. Cases covered in the news show executives being targeted via spearphishing, with their accounts hijacked to gain access to sensitive systems or impersonate them in further attacks.

The cybercriminal group Scattered Spider, which has been extremely active as of late, is notorious for this tactic. In our own monitoring, we’ve seen attackers go after executives’ personal emails and cloud accounts as a way to bypass hardened corporate defenses. Once inside they use the executive’s identity to spread malicious links or issue false instructions that carry real weight.

On the physical side, attackers consistently mine LinkedIn, social media, fitness apps and dark web forums and marketplaces for personal details to build out executives’ patterns of life, their movements and daily routines. Conference registrations, speaking engagements and even casual posts can expose travel plans.

With that intelligence, adversaries can escalate from digital harassment to direct physical targeting — stalking, home invasions and opportunistic attacks when executives are on the move. In recent assessments, we’ve documented how adversaries scrape executives’ fitness app data and family members’ social media to track daily routines. A simple morning run posted on Strava can give away a home address and movement pattern.

Even if executives take time and effort to scrub their personal information from data aggregator sites, like WhitePages, their home addresses often resurface in other places, like underground marketplaces, data breaches and even federally mandated sources.

Adversaries then layer this data with real estate listings, satellite imagery, mapping software and even floor plans from county websites to build a detailed blueprint of the residence, locating its ingress and egress routes, entry points and even visible indicators of security system signs outside (often captured in street-level views). This is the reality of our lives, where fragments of our personal life constantly resurface online. 

Meanwhile, generative AI is making it easy to create deep-fake videos, voice clones or mass-targeted campaigns that damage a company’s business and reputation. The situation with the CEO of Ferrari earlier this year is a prime example of this. In one recent case, we saw a voice-cloned audio file of a Fortune 500 executive being shared in underground communities, pitched as a tool for future fraud. These types of assets move fast and are increasingly being sold as commodities.

The combination of breached data, open-source intelligence (OSINT) and readily available attack tools not only exposes executives and their families to personal online attacks, but also opens the door to real-world (or what the military would call kinetic) attacks. 

The core pieces of executive protection

In the past year, more CEOs and Boards have put executive protection on the agenda — a new analysis from the Financial Times found that the security budgets for the CEOs of the top 10 biggest tech companies rose to more than $45 million in 2024.

When looking at the line items within these budgets, you often find that companies invest most heavily in physical security because it's tangible and highly visible. These include measures such as office security guards, armored cars or property cameras. To an attacker, this is a clear sign of protection. However, what you’ll also notice is that these guardrails can only react to events. Cameras don’t block a spear-phishing email and bodyguards don’t stop a deepfake video.

When I think about protecting executives today, it’s more than bodyguards and physical surveillance. True protection is preemptive, integrated and adaptive. It’s about being realistic about the threats we face and putting practical measures in place that actually work in the real world. These are the components that I have found essential:

1. Digital monitoring: This includes continuous monitoring across the surface web, social media platforms, and dark web. This intelligence can surface leaked credentials, threat actor chatter, and any other indicators that someone is tracking you, your family or your colleagues. Detecting these signals early allows organizations to assess intent and take action before these digital threats turn into physical harm.
   
   
2. Unified security leadership: Security activities must cover the full range of attack vectors and have a single point of accountability. I am an advocate for moving away from siloed teams toward a single point of accountability. An example of this is evolving CISOs into CSOs, bridging cyber and physical protection under one umbrella.
   
   
3. Using AI for good: AI has become a force multiplier for both attackers and defenders. When used effectively, AI can surface signals of “danger” faster. I see it as a fantastic tool for filtering through the noise so the intelligence teams can focus on real threats.
   
   
4. Security awareness training: Executives are rarely targeted in isolation. Attackers target colleagues and families using social engineering and synthetic media to impersonate us — the trusted voice. Awareness training must extend beyond the office, making everyone deliberate about what they share and vigilant about deception and their own cyber hygiene. Even the smallest personal detail can be weaponized.

We’re tasked with protecting more than companies; we are protecting people, families and the trust that holds companies together. As CEOs, we often are the ones shouldering these responsibilities, but you’re not in it alone. Every leader today is navigating the same risks.

My hope is that we all continue this conversation and share our experiences with one another, and practice humility, vigilance and a willingness to adapt as the threat landscape continues to evolve.