In an age when cyberattacks and data breaches dominate headspace, several high-profile incidents—from workplace violence to threats against corporate executives—have reminded us that protecting people and physical sites is just as critical as safeguarding networks. The merging of cyber and physical security vulnerabilities means companies must think holistically about security, ensuring that prevention, swift intervention, preparedness, and leadership are fully aligned across all domains.
Nationally recognized workplace security advisor Felix P. Nater understands this compound threat. As president and owner of Nater Associates Ltd. and a Certified Security Consultant (CSC), Nater draws on more than 30 years in federal law enforcement and over two decades advising corporate leaders on violence prevention and threat management. His firm helps organizations design and execute workplace security strategies that integrate policy, training, and response planning. A retired U.S. Postal Inspector and Army Reserve Command Sergeant Major, Nater has developed a proactive framework rooted in leadership accountability and cross-functional coordination. His mission is to help employers anticipate and mitigate the complex, evolving risks that threaten employees, executives, and the enterprise itself. In a recent Q&A with ProSight, Nater discussed the impact of technology on security preparedness, rising concern about work-related violence, and the need for executives and other staff to take security training and precautions seriously and fully participate for them to be fully effective. The following has been edited for length and clarity.
Q: Regardless of the building, the size of company, etc., are there certain principles companies adhere to in protecting their employees from violent and/or targeted crime?
A: Yes, there are certain standards, principles, guidelines, and acceptable “best practices” pertaining to workplace security, workplace violence prevention, and executive protection that include threat assessment, risk management and CPTED (Crime Prevention Through Environmental Design) principles and guidelines.
Q: Do companies have a responsibility to do this by law or tradition? How might any type of government regulation dictate what companies should do to protect employees from violent crime perpetrated by outsiders?
A: Companies have a moral, ethical, and legal responsibility to provide employees safe work environments free from potential acts of violence. While local law enforcement agencies have criminal statutes to pursue conduct falling under the penal codes, companies have an implied responsibility—direct and indirect—through regulations and some state laws and standards, as well as guidelines introduced through industry security and safety associations as common practices. For example, the Occupational Safety and Health Administration (OSHA) regulation has typically been associated with workplace security; workplace violence prevention; and safety through education, information, enforcement, and fines as it relates to people, property, and premises. The OSHA regulation offers guidelines as a framework of information plus complementary instructions and content that educate and hold company violators accountable via fines. OSHA recommends use of external resources, recognizing that companies and law enforcement have limited resources. Local police agencies are not in ideal positions to support employers but are available. Therefore, protection of people, property, premises, and equipment must be the organization’s responsibility through senior management commitment and employee involvement, leadership involvement, and specified supported processes that can include external resources such as consultants, policies, and plans.
Q: Are there common gaps in security that businesses and companies have that you notice in your role? Without divulging information that could be harmful, is it possible to share examples or even the nature of such gaps and flaws?
A: Related to workplace security, workplace violence, and the active shooter threat (including executive protection, transportation security, and chain management), companies have gaps including:
- Outdated policies, plans, and procedures.
- Ineffective surveillance.
- Perimeter security challenges.
- Access control limitations.
- Visitor management control and design flaws.
- Lack of quality training impacted by scheduling.
- Insufficient protection measures.
- No worksite-specific analysis.
- Infrequent risk assessments.
These gaps can lead to significant financial, operational, and reputational costs, adversely impacting the business brand, reputation, and standing.
Q: How rapidly is the change in surveillance and communications technology changing the way corporate and business security is practiced? What are some examples?
A: Technology at large is having an impact and making a significant improvement. Workplace security technology plays a growing role in preventing and responding to workplace violence. The changes in surveillance and communications technology are both qualitative and quantitative, particularly in the enhancement of capabilities within bank lobbies, local banking, and ATMs related to:
- Enhanced area surveillance.
- Employee safety, alerts, notifications, and communications (as in mass communications and active shooter threats).
- Preventing unauthorized access.
- Clarity in capabilities to identify suspicious people, vehicles, and license plates.
- Protecting secure areas.
- Sharing information.
- Compliance regarding reporting and information management.
High-definition cameras, facial recognition software, and motion sensors help in continuously monitoring the workplace environment and detecting unusual activities. Advanced video analytics can detect suspicious behavior patterns, such as loitering or unauthorized entry into restricted areas. Access control employing biometric scanners and smart cards restrict unauthorized entry into sensitive areas, reducing the risk of violent incidents and pilferage. Meanwhile, communications technology like panic buttons and mobile apps allow employees to quickly alert security or emergency services in case of a threat, ensuring timely dissemination of information during emergencies. Security professionals can use knowledge of these technologies as part of a broader strategy to influence procurement decisions while creating a safer workplace, addressing the chronic threat of workplace violence across all industries within budgetary constraints.
In short, technology plays a pivotal role in enhancing workplace violence prevention efforts. It provides organizations with the means to detect, respond to, and mitigate violent incidents more efficiently. Technology is making a difference.
Q: On the other hand, how might technology be making it more difficult to protect executives and employees?
A:Technology (like AI) can lead to complacency in safety and security measures for companies. While offering significant benefits, overreliance leads to a false sense of security, alert fatigue, reduced human expertise, lack of content nuance (humans can benefit from intuition and gut feelings), and inability to handle zero-day threats. Of utmost concern is model drift caused by overdependence and a decrease in effectiveness over time. Because people are their own worst security threat and vulnerability, training is important. Merely procuring technology is not the solution, just like training alone is not the answer. Prevention involves integration, collaboration, coordination, communication, and execution of protocols. Security technology effectiveness, particularly in an AI-enabled world, involves a combination of technology and human expertise and oversight to provide context, accuracy, reliability and adaptability.
Q: What might the relationship be between online security/vulnerability for an executive and physical security/vulnerability? In other words, can online tracking and exploits be used to eventually conduct a physical attack? Are there examples and what can companies do to mitigate/prevent this?
A: The biggest threats to protecting executives and employees are the executives and employees who find execution cumbersome or unnecessary. Therefore, the difficulty is a lack of awareness and failure of those involved to follow protocols. Security technology can enhance executive protection through deployment of threat detection, improved communications, real-time drone surveillance, GPS tracking, and robust digital monitoring to identify and mitigate cyber and physical security threats. However, security is a team effort. Technology must be respected and protocols must be followed. Managing threats and risks requires an integrated effort. The human factor is the weak point. The difficulty is a lack of appreciation for the discipline needed in the execution and the failure of those involved to follow protocols. Cyber threats are the easiest methods to frustrate executives and expose their weaknesses.
Q: There have been several high-profile incidents targeting corporations (UnitedHealthcare, NFL) and instances of political violence recently. Is there a sense that this is a time of high vulnerability/danger for high-profile people and executives? Is it fair to say that the worry is more acute than, say, five or 10 years ago? If so, what does that mean for the physical security of executives? What are you hearing from your clients about this and their goals for security?
A: Clients and associates have expressed concern over the volatility in our world and the importance of managing risk when companies fail to make the connection with the meaning of “an ounce of prevention is worth a pound of cure.” The attitude some company leaders have shown is that prevention is not worth the effort. I say, pay me now or pay me later. The sense of vulnerability is a real and present danger that can be mitigated by quality training, security measures, and technology. In 2024 there were 462 publicly reported incidences of threats to high-profile individuals due to their status, amounting to 39 per month (according to the 2024 Annual TorchStone Global Executive Protection Report). Awareness of high-profile incidents can be of value, as in training personnel using the UnitedHealthcare shooting and others like it to dramatize the training value. Quality executive protection training and workplace violence prevention training can be enhanced by discussing the “why” and “how” of attitude, behavior, situational awareness, immediate response, and use of technology in reducing and managing risks. Distinct from other workforce type training, executive-level protection training can be challenging. Therefore, relationships will be essential in influencing the training’s value and establishing understanding. Scenario-based executive training may justify the training’s inconvenience as well as help with the understanding and awareness of the technologies deployed.
It is fair to say that the worry is more acute than five or 10 years ago. My clients and associates tell me that credibility is essential in winning over the executive’s trust and employee attendance. Employees may find workplace violence prevention training to be a repetitive experience not worth their time and attention. Active shooter training is described as scary and emotionally draining—and not incorporating employee input. They see the value in the training but would like to receive more insights relative to prevention, what causes the disgruntled employee to transition to threats of physical violence, and the leader’s role.
Q: Are you seeing evidence that companies/corporations are stepping up their security currently? Are there any statistics about workplace violence/spending on security we could cite?
A: I am noticing direct and indirect results, impacts, and factual evidence that companies/corporations are specifically stepping up their security or security technology procurement currently. What I have experienced is that procurement strategy is sometimes not consistent with sound rationale or principles. Company investment in workplace violence prevention security technology can be a cost-ineffective strategy for companies that lack formal programs, or program managers, and shoot from the hip rather than employ critical assessment and justified procurement.
Q: How might environmental, social, and governance (ESG) compliance or concerns play a role in the measures companies take to ensure the physical security of their employees and executives (related to crime/violence, not accidents)?
A: Interesting and important question. I began drafting my reports and conducting my workplace violence prevention assessments around the pillars of ESG. ESG has an impact on security management, emergency management, workplace security, and workplace violence prevention to include executive protection, chain management, technology, and security if aligned. ESG compliance can influence measures taken to ensure the physical security of employees and executives by emphasizing the importance of ethical behavior and corporate responsibility. Companies that are ESG compliant may prioritize initiatives to reduce their environmental impact (E), which can include measures to enhance workplace safety and security (SG). It would not be a surprise to see companies familiar with ESG implement Robust, Agile and Proactive (RAP) governance frameworks in alignment with the above and in alignment with industry standards in adhering to safe and secure workplace environments. ESG has a significant leadership role in organizational responsibility.
Q: Do you have any perspectives, anecdotes, or suggestions about bank corporation or bank branch security you would like to share? Has the increased digitization of banking changed the security profile of branches? Are they any more or less vulnerable to crime now than, say, 20 years ago? In general, how have practices and perspectives on bank branch security changed over the years?
A: Typical practices and perspectives on bank branch security have changed over the years. With the onset of digital banking, local branches have transformed into hubs addressing more complex customer needs and personalized interactions, thereby increasing potential customer-employee conflicts as the local branch caters to diverse customer needs. Transforming local branches into the hubs meant transforming physical space and changing the nature of employee-customer interactions and engagement. However, with the introduction of AI technology, it will play a valuable role in workplace violence prevention, conflict management, and incident management.
