The Threat Threshold Framework determines whether and at what level executive protection is warranted by scoring four dimensions: threat actor capability, intent, targeting specificity, and your own vulnerability profile. This framework replaces reactive, emotion-driven security escalations with structured professional assessment.
Why Structured Assessment Matters
Most principals engage executive protection after a triggering incident — a threatening letter, a confrontational interaction, an alarming piece of news. This reactive posture means protection often begins after exposure has already increased. Equally important: the assessment sometimes determines that protection is NOT warranted at the level a principal believes. Over-deploying security creates operational disruption and can elevate a principal's perceived profile without corresponding safety benefit.
The Four Assessment Dimensions
Dimension 1: Threat Actor Capability Does the identified threat actor have the means to cause harm? Score: No capability (0) / Limited capability (1) / Demonstrated capability (2) / Verified capability with means (3)
Dimension 2: Intent Has the actor expressed or demonstrated intent to cause harm to the specific principal? Score: No expressed intent (0) / General hostility (1) / Specific verbal threats (2) / Specific threats with behavioral escalation (3)
Dimension 3: Targeting Specificity Does the actor have specific knowledge of the principal's location, schedule, or vulnerabilities? Score: No specific knowledge (0) / General public information (1) / Specific schedule/location data (2) / Demonstrated surveillance capability (3)
Dimension 4: Principal Vulnerability How exposed is the principal to a potential threat actor? Score: Hardened / low exposure (0) / Moderate exposure (1) / Significant exposure (2) / High exposure with predictable patterns (3)
Threat Threshold Score Interpretation
Applying the Framework: Example Scenarios
Scenario A: A tech executive receives a series of online threats following a controversial product announcement. Accounts are anonymous with no prior behavior history and no specific schedule or location information. Score: Capability 0, Intent 1, Specificity 0, Vulnerability 1 = 2. Response: Monitor; no coverage change warranted yet.
Scenario B: A terminated senior executive sends a letter to the principal's home address with specific references to their morning routine. The individual has a prior domestic violence record. Score: Capability 2, Intent 2, Specificity 2, Vulnerability 2 = 8. Response: Immediate full-time coverage; law enforcement file opened; residential security assessment.
Tactical Perspective
The most common error in threat assessment is treating all threats equally. A principal who receives 50 generic online messages a week and one specific, credible physical threat often focuses resources on volume rather than severity.
The Threat Threshold Framework forces dimensionalized thinking. Capability without intent is monitoring. Intent without capability is documentation. Only the combination of all four dimensions justifies protective resource deployment.
GetProtectors conducts structured Threat Assessments as the first step of every engagement. Book a consultation to begin your assessment before exposure increases.
Frequently Asked Questions
Who should conduct a Threat Assessment — internal security staff or an outside firm? Outside firms bring objectivity and pattern-matching across many threat environments. Internal staff bring contextual knowledge. The final assessment should be documented for Duty of Care purposes.
How long does a professional Threat Assessment take? A basic assessment takes 4 to 8 hours of analyst time. A complex assessment involving multiple threat actors and international exposure can take several days.
Should I share my Threat Assessment results with law enforcement? For assessments scoring 7 or higher involving specific threats from identified individuals, sharing with law enforcement is advisable.
How often should a principal reassess their threat environment? Minimum annually; after any major public exposure event; and immediately upon receiving any threat communication.
Can the Threat Threshold Framework be applied to organizations? Yes, with modification. Organizational threat assessments score threats against specific executives, facilities, or operational assets rather than a single principal.
*Schema recommendation: Article schema with HowTo scoring framework, FAQPage schema, Service schema for Threat Assessment services.*