Executive Targeting Reaches Record Levels as Threats Expand Beyond CEOs

Threats and attacks against corporate executives surged to record levels in 2025, reflecting a broader pattern of targeting that now extends beyond CEOs to other senior leaders, a new analysis by the Security Executive Council (SEC) finds. 

The “Executive Targeting Report: Analysis of Attacks on Corporate Executives from 2003–2025” documents 424 executive targeting incidents worldwide between 2003 and October 31, 2025. As of late 2025, incident volume had already doubled total levels recorded in 2024, representing a 100% year-over-year increase. 

The analysis draws on open-source reporting from verified media and public records and is being released publicly for the first time following a sharp increase in executive targeting incidents from 2023 to 2025. The dataset was originally developed by a Fortune 500 corporate security leader and later expanded through a collaboration involving the SEC and Mercyhurst University. The SEC, a corporate security research and advisory organization, says it chose to release the findings publicly to raise awareness of the trend and encourage organizations to reassess executive risk. 

How executive targeting is playing out

While motivations vary, the data shows how executive targeting occurs across both physical and digital channels. 

Physical activity accounted for 85% of incidents, including assaults, kidnappings, stalking and protest-related actions. Cyber incidents made up 14% and included threats such as impersonation, swatting and account compromise. One-third of all incidents resulted in death or physical injury. 

CEOs remained the most frequently targeted executives, accounting for 64% of incidents. However, the data also shows a rise in attacks against other senior leaders, pointing to a widening range of executive roles facing elevated risk. 

“Threat actors are no longer focusing on a single executive profile; targeting has broadened across leadership tiers,” SEC Managing Director Bob Hayes tells SecurityInfoWatch. 

Hayes explains the data reflects a mix of motivations behind the increase, while also noting the inherent limitations of open-source reporting. 

“That said, the top two reasons were activists’ motivations and crime,” Hayes says. “Crime doesn’t surprise me, but the activist element was the most unexpected. Targeted, violent activism against a single individual has been pretty unusual historically.” 

The report also highlights an increase in incidents involving weapons. Weapons were present or suspected in 37% of cases, with firearms involved in 22%. Personally motivated attacks, while less common overall, were disproportionately dangerous, with 70% involving armed assailants.

Why early detection is getting harder

Hayes says the findings underscore the importance of identifying warning signs early, rather than relying on reactive security responses once threats escalate.

“These programs really start with the proactive,” he says. “They focus on early intervention and resolution. When it reaches the reactive or emergency stage, it means the warning signs weren’t identified early enough.” 

Breakdowns, Hayes says, can occur at multiple points, from missed indicators and reporting gaps to a lack of awareness among those positioned to recognize early warning signs. 

“My reaction to this report would be to double down on protective intelligence awareness and training for all stakeholders in the organization,” Hayes says, citing roles ranging from executive assistants and receptionists to security officers and protective teams. “I’d double down on the proactive — not the reactive — side of the equation.” 

He adds that early detection increasingly depends on recognizing warning signs across both physical and digital channels, particularly inappropriate online or electronic communications. 

“Looking for negative sentiment online and getting good at evaluating what’s serious and what is not has become more difficult as the volume of online activity grows”, he says. 

The analysis also shows that online threats are increasingly tied to real-world actions, complicating how organizations evaluate large volumes of digital communications for signs of credible danger. 

As executive targeting increases in volume and complexity, the challenge becomes determining which signals warrant closer attention before situations escalate. 

“The real difficulty right now is figuring out how to evaluate and find the needle in the haystack,” Hayes says. “How do we identify the serious threat individual among hundreds of thousands of people posting inappropriate things?” 

To download the full report, go here.