← Insights

Buyer Segments · 6 min read · May 30, 2026

Why CHROs Are Now the Decision-Makers for Executive Protection — and What They Get Wrong

How HR and People leaders are inheriting duty-of-care obligations that used to belong to security directors — and the 3 gaps that expose their executives to risk.

By Kenneth Wilson, CPO, EPS, PPS · Wilson Global Protection Group

Something has changed in how executive protection decisions get made inside large enterprises and financial services firms — and almost no one is talking about it.

Over the last decade, a quiet structural shift has taken place: dedicated Corporate Security Director roles have been eliminated at hundreds of mid-market and large-cap companies. The cost-cutting rationale made sense in a spreadsheet. The residual duty-of-care obligation it created for HR and People functions did not come with a budget line, a vendor relationship, or a training curriculum. It just landed.

If you are a CHRO or Chief People Officer at a financial services firm, a Fortune 500 enterprise, or a large private company today, there is a reasonable chance you are legally and organizationally responsible for a set of executive protection decisions you never trained for — and may not realize you own.

The Shift Nobody Talks About

The traditional model had a clear structure: a VP or Director of Corporate Security owned the executive protection relationship, managed the EP vendor, and made the call when a C-suite executive needed coverage. HR owned workforce policy. Security owned physical protection. The two functions intersected occasionally but operated in distinct lanes.

That model assumed the Corporate Security Director role still existed. At a significant share of mid-market and enterprise firms, it doesn’t — or the role has been so narrowed in scope that it covers facilities and badging but not principal-level close protection. The functions that used to flow through that role — executive travel approvals for elevated-risk destinations, threat assessments for high-profile executives, stalking and harassment response plans, EP vendor selection and oversight — went somewhere when the role was eliminated. In most organizations, they fell into HR.

The problem is structural: HR inherited the responsibility without the institutional knowledge, the vendor relationships, or in many cases the budget authority to execute it properly. Most CHROs I speak with are managing one or more of these situations in exactly the way a person manages something they were never trained for — by handling incidents as they arise, relying on general counsel for guidance when the situation escalates, and hoping the gaps don’t become visible in a way that reaches the board.

What CHROs Are Now Responsible For

In concrete terms, this is what the duty-of-care obligation looks like when it sits in HR:

Executive travel approvals for high-risk destinations. When a CEO travels to Lagos, Bogotá, or Riyadh, someone in the organization needs to make an informed decision about whether that trip requires security support, what form that support takes, and what the documentation trail looks like. In most organizations today, that conversation either doesn’t happen or passes through HR without a formal framework for making it.

Domestic threat assessments for high-profile executives. When a C-suite leader is named in a harassment complaint, receives credible threats via social media, or is involved in a contentious public dispute, the question of whether to engage executive protection resources belongs to someone. In the absence of a dedicated security director, that someone is typically HR.

Stalking and harassment response plans targeting executives. The threat landscape for senior executives has expanded. Activists, disgruntled former employees, adversarial investors, and fixated individuals all represent documented threat categories for senior corporate leaders. When HR is managing the HR-side of a termination or a contentious compensation dispute, the question of whether there is an EP response protocol sits directly in HR’s lane.

EP vendor selection and oversight. When the firm decides to engage a close protection services provider for a board member traveling to an elevated-risk region, someone has to select, vet, and manage that vendor relationship. In the absence of a security director, HR often inherits that responsibility — usually without the evaluation criteria to do it well.

The 3 Gaps That Expose Executives to Risk

After working with HR and People leaders across financial services, enterprise, and family-backed firms, the same three gaps appear consistently.

Gap 1: Conflating Office Security With Close Protection

Access control systems, badging protocols, lobby security, and visitor management are all real and important security investments. They are also categorically different from close protection services for a mobile C-suite principal. A firm that has invested heavily in physical security infrastructure at its headquarters often has zero coverage for its CEO from the moment that CEO exits the building.

Close protection is not an extension of office security — it is a separate discipline with different training requirements, different operational protocols, and different threat models. Conflating the two produces a posture that is robust in the one environment where executives are most institutionally protected (the office), and absent in the environments where they are most exposed: in transit, at events, traveling internationally, and at home.

Gap 2: Reactive Rather Than Proactive Threat Posture

The most common trigger for engaging EP in organizations where HR owns the function is an incident — a threat, an altercation, a public confrontation. By that point, the protection gap has already been real for some period of time.

The standard of practice in professional executive protection is a threat assessment and monitoring program that runs continuously, not episodically. This means the EP provider knows the principal’s travel cadence, public profile, known threat indicators, and any relevant intelligence before a situation escalates. When circumstances change — a high-profile deal announcement, an activist campaign, a contentious termination — the protection posture adapts in advance. Reactive engagement means the coverage arrives after the threat has materialized. Proactive posture means the framework to respond is already in place.

Gap 3: Vendor Selection by Price, Not Capability

When HR is selecting an EP vendor without established criteria, price tends to become the primary differentiator. The lowest bid on a retainer sounds like responsible procurement. In executive protection, it almost universally produces the wrong outcome.

What price-based vendor selection misses: principal-level access and discretion (the ability to operate inside a senior executive’s schedule without creating friction), advance work capability (the operational intelligence work that happens before a principal travels), crisis protocols (what the provider does, who they call, and what authority they have if something goes wrong), and the credentials and direct experience of the individuals who will actually be in the field. A retainer priced to win a bid is typically priced to deliver none of these things at the standard the situation requires.

A security risk assessment is the right starting point for vendor evaluation — it establishes what coverage is actually needed before the firm tries to price it.

The Ask-Before-You-Need-It Principle

The CHROs who manage this function well share one practice: they establish the EP relationship before a threat materializes. They brief the provider on the principal profile, travel cadence, known risk factors, and any existing threat intelligence before the first engagement. They have a defined protocol for what triggers protective coverage, who authorizes it, and how the provider communicates with HR, legal, and the executive’s office.

This isn’t a complex or expensive undertaking. It is a structured conversation and a documented framework — the kind of work a credentialed EP consultant can produce in a single engagement. What it creates is institutional clarity: the CHRO knows what the firm’s posture is, the provider knows the principals they are protecting, and the organization can demonstrate to a board, an insurer, or general counsel that it has taken the question seriously.

The organizations that end up in the most exposed positions are not those that have evaluated executive protection and made a deliberate decision to carry a lower protection posture. They are the ones that have never had the conversation at all — and discover, in the aftermath of an incident, that the responsibility was sitting with HR the entire time.

How Kenneth Wilson Works With HR and People Leaders

Wilson Global Protection Group works directly with CHROs and Chief People Officers to build protection frameworks that scale with the executive team — without the overhead, complexity, or budget footprint of a full security department.

The starting point is a $500 scoping consultation: 60 minutes with Kenneth Wilson (CPO, EPS, PPS) that maps your principal population, travel footprint, existing security posture, and the specific gaps your organization is carrying. The output is a written assessment and protocol recommendation — structured for board and legal review — that gives HR a concrete, documented starting point for the conversation about what a proper program looks like.

This is not a sales call. It is a structured working session designed to produce something immediately useful, whether or not a full engagement follows. A proper security risk assessment and written protocol recommendation is itself a duty-of-care demonstration — evidence that your organization took the question seriously, engaged qualified expertise, and documented its findings before the board asked the question.

Next Step

Schedule a $500 Scoping Consultation

A 60-minute structured assessment of your organization’s executive protection posture — led by Kenneth Wilson (CPO, EPS, PPS). We map your principal population, travel footprint, existing protocols, and the specific gaps HR is currently carrying. The output is a written assessment and protocol recommendation structured for board and legal review.

Schedule a $500 Scoping Call

Kenneth Wilson · CPO · PPS · EPS · New York