Closing the gap on executive digital exposure risk

ISJ hears exclusively from Boris Dzhingarov, CEO of ESBO about how security teams should manage and reduce executive digital exposure risk.

For a long time, executive protection (EP) was a straightforward game:

1. Secure the transport
2. Vet the advance locations
3. Harden the residence

Today, the first breach of an executive’s safety rarely happens at the front gate. It happens on a spoofed LinkedIn profile, a leaked password dump or a family member’s public Instagram story.

Bad actors aren’t looking for a gap in the fence; they are mining personal digital footprints to impersonate leadership, bypass corporate firewalls or triangulate physical locations.

The problem is that ownership of this risk is often a mess. IT locks down the work laptop, EP watches the perimeter, Comms handles the brand and Legal worries about privacy.

In the cracks between these silos, digital exposure grows.

Security leaders must stop treating executive digital risk as a “privacy perk” and recognise it as a critical attack surface requiring a unified response.

What is executive digital exposure risk?

“Executive digital exposure” is just a fancy term for the aggregate vulnerability created by an executive’s online life. It’s the sum of every scrap of data available to an adversary that can be weaponised.

This is fundamentally different from standard enterprise cyber-risk. Enterprise security is about hardening infrastructure.

Executive exposure bleeds into the personal lives of leadership and their families, which are areas corporate tools usually can’t touch.

The speed is different, too.

A deepfake audio clip or a doxing campaign can wreck a reputation or trigger a physical threat in minutes, long before a traditional SOC ticket gets filed.

The spill over goes both ways: a compromised personal Gmail can be the backdoor into the company and a corporate crisis can bring protestors to the executive’s driveway.

Exposure surfaces

To get a handle on this, you need to break the threat down into the following:

Identity surface – Someone stealing the executive’s face, name or voice to trick others.

• Stop waiting for someone to report a fake profile. Use automated tools to constantly scan social platforms and domain registries for lookalikes
• Work with platforms to verify official accounts immediately. A verified presence is a security control as it makes it much harder for imposters to fool people
• Find and lock down old, dormant accounts the executive hasn’t used in years. These are easy targets for takeover because nobody is watching

Access surface – The weak spots in personal accounts that serve as a backdoor to the company or a leak for private data, e.g., the personal iCloud account protected by a password from 2018.

• Draw a hard line. Personal email cannot be used for corporate business. This isn’t just advice; it needs to be an auditable policy
• Help executives set up hardware security keys (like YubiKeys) for personal accounts. For high-value targets, SMS-based 2FA isn’t strong enough anymore
• With permission, extend basic cyber-hygiene help to the immediate family. They are often the soft entry point for phishing attacks targeting the principal

Narrative surface – Weaponising context or information to damage reputation and stock price. This includes “cheapfakes” (misleading edits) or digging up ancient content to fuel a new fire.

• You need to baseline the sentiment. Monitor the volume and tone of conversation around the executive. If negative sentiment spikes at 2 AM, that’s usually a leading indicator of a coordinated attack
• Have legal-approved templates ready for disinformation. When a viral lie takes off, speed is your only real counter-measure
• Regularly remove the executive’s personal info from people-search sites. This reduces the ease of doxxing significantly

Location surface – Leaking real-time data or patterns of life that reveal where people are.

• Train the executive and family to scan photos for landmarks or reflections before hitting post. And never post in real-time. Use a “post-departure” delay
• Look at the settings on fitness apps (Strava, Garmin) and car telematics. Location sharing should be locked down to trusted contacts only
• Get the executive’s aircraft into privacy programs (like the FAA’s LADD) to hide flight data from public tracking sites

Closing the gap operationally

You can’t just buy software to fix this. It requires a cross-functional model. The best teams form a “fusion cell” that meets quarterly, with clear paths for when things go wrong.

Executive Protection (EP) owns the physical response. They need real-time digital intelligence to adjust travel routes, assess venue safety or increase residential security posture before a threat manifests physically.

Cybersecurity/IT owns the technical controls. They manage the monitoring tools, deploy hardware keys and handle incident response when personal accounts are compromised.

Comms/PR owns the narrative. They are the first line of defence against reputational attacks and must be looped in immediately to manage public perception when impersonation occurs.

Legal/HR owns the takedown and privacy. They handle the cease-and-desist orders to platforms and manage the delicate privacy implications of monitoring employees’ personal lives.

Who does what?

• Monitor: The SOC or a dedicated analyst watching the dashboard
• Escalate: A single point-of-contact who decides: is this a PR headache or a safety threat?
• Approve: Legal counsel for takedowns; C-suite for public statements
• Respond: EP for physical threats; IT for digital containment

First-month priorities

If you are starting from zero, don’t worry about complex policy yet, just prioritise visibility and locking the doors.

• Week 1: The map – Run an Open Source Intelligence (OSINT) check on the principal and what is out there right now? Following this, map every social account, find the home addresses exposed on data broker sites and list every device touching corporate data

• Week 2: The locks – Move the executive and their assistant to phishing-resistant multi-factor authentication on all major accounts. After this, start the verification process for the main social profiles to establish a “source of truth”

• Week 3: The takedown – Turn on the automated listening tools and then decide exactly what counts as a takedown request (e.g., “impersonation with intent to defraud”) and know exactly who to email from the platforms to get it done

• Week 4: The drill – Run a one-hour tabletop exercise with EP, Comms and cyber. Scenario: “A deepfake video of the CEO announcing layoffs goes viral while they are overseas.” Test the phone tree. Who calls whom? Where are the passwords? Its important to find the friction points presently rather than later

How to measure success

You can’t manage what you don’t measure. Forget vanity metrics and look at speed and hygiene.

• Time to detect: How long between an imposter account going live and you seeing it?
• Takedown speed: Average time from detection to removal.
• Hardening: What percentage of executive accounts are locked with hardware keys? (Aim for 100%).
• Exposure: Is the number of data broker listings with the home address going down?
• Drills: Are you actually practicing the response annually?

Executive protections new role

Executive protection isn’t just about bodyguards anymore as a close protection agent can’t stop a wire transfer triggered by a deepfake.

A secure car won’t stop a narrative that destroys a reputation, therefore meaning that we have to treat digital exposure as an operational risk, managed with the same discipline as physical logistics.

The goal isn’t to hide the executive from the world, it’s to make sure they can operate in it safely.