← Insights

What CFOs Get Wrong About Executive Protection (And Why Finance Leaders Are a High-Value Target)

By Kenneth Wilson · Wilson Global Protection Group

The CFO’s name is on the earnings call transcript. It is in the 8-K filing announcing the activist settlement. It is in the proxy statement alongside the CEO, the creditor correspondence when the balance sheet is under pressure, and the acquisition announcement when a deal closes on contentious terms. Finance leaders at public companies, private equity-backed firms, and large financial institutions are publicly named, publicly vocal, and publicly associated with decisions that generate adversarial relationships — often at scale. Yet in most organizations, the CEO is in the principal protection tier and the CFO is not.

This is the gap. It is structural, consistent across sectors, and rarely examined by the people best positioned to close it.

Why the CFO Is a High-Value Target

The threat categories for CFOs are not abstract. They are tied directly to the functions that define the role.

Earnings calls are the most visible moment in a CFO’s professional calendar — named, recorded, and permanently archived. The EPS miss explanation, the guidance cut, the accounting restatement: these events generate verifiable adversarial relationships with retail investors, short sellers, and institutional holders who attribute losses directly to the individuals who signed the financials. In activist campaigns, the CFO is frequently the named counterpart — either as the target of the critique or as the company’s primary spokesperson for the capital allocation response. That visibility is professional function, not personal choice, but its security implications are almost never formally assessed.

M&A transactions compound the exposure in ways that persist long after the deal closes. When a firm acquires a distressed asset, initiates a hostile bid, or completes a transaction that results in workforce restructuring, the CFO is one of the accountable faces of that decision. Grievance actors in distressed creditor situations — vendors with disputed balances, former executives with contested employment agreements, institutional holders with concentrated losses — have specific identities in mind. The CFO is consistently one of them. Our analysis of the specific threat dynamics that emerge during these windows is covered in depth in the executive protection during M&A and activist campaigns article — the threat categories for CFOs in those situations are distinct from what the CEO faces, and require separate consideration.

At distressed firms specifically, creditor relationships can deteriorate in ways that generate genuine personal risk. Hedge funds with concentrated positions in the debt stack, trade creditors with outstanding balances, and equity holders facing dilution in a restructuring have documented histories of escalating from professional grievance to personal targeting. The pattern is more common at smaller and mid-market companies where the CFO is personally known to creditors, has made representations they later dispute, and where legal proceedings bring the relationship into direct adversarial confrontation. A structured security risk assessment is usually the first time a CFO has seen their specific exposure mapped — the intersection of their public profile, deal history, and counterparty relationships — laid against the current gaps in their protection posture.

The Budget Holder Blind Spot

There is a dynamic in corporate security programs that rarely surfaces in formal discussion but is near-universal in practice: the security team does not put the person who approves their budget on the principal roster.

CFOs own or heavily influence the EP line item in most organizations. They negotiate vendor contracts, approve the annual spend, and in some cases restructure the program when the cost does not align with their read of the risk. They are, in the most literal sense, the buyer of executive protection. And they are almost never the beneficiary of it.

This is not a deliberate exclusion — it is the product of two converging dynamics. First, security teams are institutionally incentivized not to create friction with the CFO. Recommending that the CFO is in scope for protection is a recommendation that could be read as self-serving — expanding the program’s footprint at the expense of the person who controls the budget. The easier path is to leave the CFO off the list and focus the program on the CEO, where the political environment is cleaner. Second, CFOs themselves tend to resist the framing. The orientation of most finance leaders is toward financial risk management, not personal security — and being placed on a principal roster can feel like a concession rather than a rational decision. The institutional dynamic that keeps the gap open is the same across industries: no one in the organization has an incentive to push the conversation, and the one person who could initiate it is the last one to see themselves as a threat target.

The result is a blind spot with a financial logic embedded in it. The same rigorous cost-benefit framework a CFO applies to every other budget decision — expected loss, probability-weighted outcomes, marginal cost of mitigation — is rarely applied to their own protection posture. This pattern is particularly acute at private equity-backed firms, where the CFO is frequently the most externally visible financial executive and the one most directly engaged in LP reporting, creditor negotiations, and portfolio company transactions that generate concentrated adversarial relationships.

The Public Disclosure Problem

SEC filings, earnings calendars, and investor relations materials collectively create a detailed operational schedule for anyone motivated to exploit it.

The CFO’s quarterly earnings call is announced weeks in advance on a public IR calendar, with a call-in number and replay capability. Roadshow schedules — the institutional investor meetings preceding a capital raise, secondary offering, or major acquisition — are often disclosed through press releases or banker outreach. Analyst days involve announced locations. Conferences involve named panels and published speaker schedules. Proxy filings disclose compensation structures and identify the CFO by name alongside their tenure, biography, and committee assignments. The operational picture this creates for a motivated actor is substantial, and it is built entirely from sources the CFO and their IR team have actively published.

What this means in practice is that advance work and route analysis for a CFO are not primarily about identifying unpublicized movements — they are about securing the predictable ones. When a CFO is traveling to Boston for an investor roadshow, staying at a predictable tier-1 hotel near the financial district, and meeting with institutional holders whose names appear in the public offering documents, the itinerary is largely reconstructable from open sources before the CFO’s flight lands. This is why advance work for high-profile earnings periods, roadshows, and analyst days is non-negotiable for any CFO with meaningful adversarial exposure. Our executive protection practice in New York — where the majority of earnings events, institutional roadshows, and investor day meetings occur — is specifically structured around this episodic, event-driven model. The protection scales to the exposure window, not to a continuous deployment that exceeds what the actual risk profile warrants.

What a CFO-Specific EP Engagement Looks Like

The right model is not a 24/7 detail. It is an episodic, trigger-based protection structure tied to the specific windows when CFO exposure spikes — and it is considerably more cost efficient than most finance leaders assume when they hear the words “executive protection.”

Three trigger windows define most CFO engagements. Activist filing periods — particularly 13D filings that name management and call for board representation or a leadership change — create an immediate threat environment. The personal animus that characterizes many activist campaigns is directed at both the CEO and the CFO, and the period between the filing and the resolution is when that animus is most operationally actionable. Earnings cycles represent the second trigger: the period immediately following a significant miss, a guidance cut, or a restatement disclosure is when grievance actors are most emotionally activated and most likely to move from online hostility to physical proximity. Deal close periods — when a transaction becomes public and adversarial reactions to it materialize — are the third consistent window.

Within those windows, the engagement is scoped to specific events: roadshows covered with advance work, earnings call locations managed, a close protection resource available during the highest-exposure periods. Outside those windows, the program operates at a monitoring posture, not a deployment posture. A corporate security consulting engagement that maps a CFO’s trigger windows across a calendar year typically identifies two to four periods per year where active protection is warranted. The cost of covering those periods is a fraction of what most executives assume when EP is mentioned, and it is proportional to actual exposure rather than continuous against a hypothetical threat baseline.

In organizations where a CEO-focused EP program already exists, adding CFO coverage is typically an extension of that structure — not a parallel operation requiring separate infrastructure. The same advance work methodology, the same close protection resources, and the same threat monitoring framework can be calibrated to cover a second principal, often at marginal cost relative to what the existing program already requires.

The Scoping Conversation

Determining whether a CFO is in scope is a structured process, not a judgment call made from general assumptions about their role. The scoping conversation examines four dimensions.

First, public profile and visibility: what can be reconstructed about the CFO from public filings, press coverage, earnings transcripts, and professional networks. Second, deal history and adversarial relationships: contentious transactions in the past 24 months, active or recent creditor disputes, activist campaign involvement, and any litigation in which the CFO is a named or implicated party. Third, travel patterns: the frequency and predictability of earnings events, roadshows, board meetings, and international travel, with particular attention to locations that are predictable from public calendars. Fourth, current protection posture: whether the CFO is covered under the firm’s existing EP program, and if so, whether that coverage is event-specific or generic, and whether it addresses the trigger windows outlined above.

From that conversation, the determination of scope and program structure is direct. A CFO with a quiet operating period, a clean recent deal history, and no material adversarial relationships in their current role may not be in an active-protection window. A CFO at a company in the middle of an activist campaign, preparing for a contested earnings call, or navigating a distressed credit situation with named counterparties is almost certainly in scope — and should have been from the moment those circumstances developed.

Our New York-based EP practice conducts these scoping engagements as a structured, 60-minute working session — a genuine assessment of the CFO’s current exposure, the relevant trigger windows in their near-term calendar, and what a proportional program looks like in practice. For CFOs who have never been on their own firm’s principal roster, and for finance leaders who own the EP budget and have never applied their analytical rigor to their own security posture, this is where the conversation starts.

Next Step

Schedule a $500 Scoping Consultation

A 60-minute structured assessment of your current exposure and the specific trigger windows in your near-term calendar — with Kenneth Wilson. We examine your public profile, deal history, travel patterns, and existing protection posture, then determine whether you are in scope and what a proportional program looks like. For CFOs who control the EP budget but have never been on the principal roster, this is the right starting point.

Book the $500 Scoping Consultation

Kenneth Wilson · CPO · PPS · EPS · CPS · SPI · New York