Threat Assessment for UHNW Principals: How Close Protection Professionals Evaluate Risk

A close protection programme that is not grounded in a current, specific, and calibrated threat assessment is not close protection — it is security theatre. The most common failure mode in UHNW security is a programme that was designed for a threat picture that no longer exists, that was never accurate to begin with, or that fails to distinguish between the specific threat facing a particular principal and the generic threat that applies to any person of wealth. Effective threat assessment is the foundation on which every other element of the protective programme is built.

The threat assessment framework

FFGR uses a structured threat assessment framework that evaluates four primary dimensions for each principal: Threat (who specifically might wish to harm or target the principal, and what capability do they have), Vulnerability (what specific exposures does the principal have that a threat actor could exploit), Criticality (what are the consequences of a successful attack — not just physical, but financial, reputational, and operational), and Probability (given the threat, the vulnerability, and the current environment, how likely is an incident in the relevant timeframe). This framework avoids the binary thinking — 'there is a threat' / 'there is no threat' — that leads to either under-protection or over-protection.

Specific vs generic threat

The most important distinction in close protection threat assessment is between specific and generic threat. Generic threat is the statistical likelihood of crime in a given geography — useful context but insufficient as a basis for programme design. Specific threat is the documented or assessed intention of an identifiable individual or group to cause harm to a named principal. Most UHNW principals in stable jurisdictions face primarily generic threat, and their programmes should be calibrated accordingly — effective, proportionate, and sustainable. A small proportion face specific threats, and those principals require a fundamentally different programme.

Threat typology: the principal categories

• Grievance-based threat: former employees, business counterparts, or personal relationships with a specific grievance against the principal. The most common category of specific threat, and the most amenable to early identification through intelligence.
• Ideological threat: activists, extremists, or politically motivated individuals who target the principal because of their industry, business decisions, or public positions. Increasingly relevant for technology, resource extraction, and financial services principals.
• Financially motivated threat: kidnap for ransom, extortion, and targeted theft — threats driven by the principal's perceived wealth and the criminal calculation of return on risk.
• State-linked threat: intelligence collection, influence operations, or state-directed approaches to the principal driven by their knowledge, technology, relationships, or political significance.
• Stalking and fixated individuals: individuals who have developed an obsession with the principal, typically without a rational grievance or ideological motivation. Difficult to predict, often underestimated, and requiring a specific behavioural intelligence approach.

The intelligence cell

An effective threat assessment is not a one-time exercise — it is a continuously maintained intelligence picture. FFGR's intelligence cell tracks open-source information relevant to principal-specific threats: social media activity, court records, business filings, activist and online community activity, dark-web monitoring (on request), and — where operationally relevant — the activities of known or assessed threat actors. The intelligence picture is updated at minimum monthly for active mandates and immediately if a trigger event occurs (a major business announcement, a significant dispute, a media event that elevates principal visibility).

Calibrating the programme to the assessment

The output of a threat assessment is not a recommendation for maximum security — it is a recommendation for appropriate security. A principal with a low specific threat, moderate generic threat, and high public profile requires a different programme than a principal with a documented specific threat, a complex operating environment, and a preference for minimal visibility. FFGR's programme designs are explicitly linked to the current threat assessment, reviewed when the assessment changes, and structured to escalate or de-escalate proportionally as the threat picture evolves.