Why a Workplace Violence Prevention Program is Crucial to Avoiding the Next Attack

Workplace Violence | Threat Management Assessment

Why a Workplace Violence Prevention Program is Imperative to Avoiding the Next Attack

Contrary to many professions, a day where nothing happens is an ideal day for a security leader. However, in today’s threat environment, this seems increasingly challenging. Since 2020, workplace violence has seen a surge, with 60-65% of mass violence incidents taking place in the workplace.This is important because a work environment that doesn’t address workplace violence risk will conceal issues that will negatively impact employees’ morale, productivity, retention, and ultimately impacting overall business operations.

While workplace violence ranges from threats and verbal abuse to physical assaults and homicide, there is an increased focus on preventing black swan events due to their catastrophic impact and increasing prevalence in the workplace. Unfortunately, situations like this story are more and more common:

  • At 8:00 a.m. one workday in March an employee of a US corporation based in the East Coast came to the office appearing visually disturbed and very rigid — refusing to speak to co-workers and remove his leather jacket. 
  • After 35 minutes, he stabs one of his victims with a large knife. Two minutes later, the employee enters a meeting room, faces one of the managers and says “bye-bye” before shooting the next victim three times. He then proceeds to stab two other supervisors, shoot four employees, and stab a few others as he moves through the building. In the midst of this, the police are called (8:46 a.m.). 
  • The event concludes with the employee publicly executing an executive with a knife and a handgun in front of several terrified co-workers, after which he commits suicide as law enforcement responds.

Although horrifying events like this may seem sudden, there are always indicators in the hours, days, months, and sometimes even years leading up to them that signal the potential for violence.

Building Your Workplace Violence Prevention Program: Questions to Consider

Through the implementation of an effective Workplace Violence Prevention Program, your organization can take proactive steps to address threats head-on and avert activity before it’s too late. (SHRM) Here’s what you should consider before getting started:

  1. Screening — What measures are in place to screen for potential threats in the application process?
  2. Behaviors of Concern Recognition — Does your team have a structured way to identify dangerous personalities and measure the scale of violence that a behavior poses?
  3. Centralized Database — How do you record activity, recognize trends, and assess threats in real-time, as well as track your threat management and intervention strategy? 
  4. Physical Security — What resources are in place to monitor active threats and intervene when activity escalates?
  5. Policy + Training — How prepared is your management team to recognize behaviors of concern and refer employees to the appropriate resources?

1. Screening for Signals of Concern

When it comes to evaluating the root cause of many workplace violence incidents, organizations need to take a step back and evaluate the employee screening process. Effectively screening candidates in the application phase is an overlooked part of maintaining a safe and productive work environment.2 (Security Magazine)

Undoubtedly, strengthening applicant screening and incorporating field behavior threat detection and security interviewing provides a systematic approach to analyzing behavior. Depending on background checks or intuition leaves too much to chance and makes it easy to miss concerning behaviors and other crucial indicators that an in-person or even online interview would uncover. 

The Society of Human Resource Professionals shared “In more than 60,000 cases over the last 20 years alone, U.S. security, intelligence, military and law enforcement personnel were charged with major felonies. But thousands of these individuals passed background investigations either by using someone else’s name, ID, and Social Security number or by lying about degrees, work experience, finances, arrest records or citizenship status.” 3 (SHRM)

While the issue persists today, implementing more rigorous screening procedures can serve as a safeguard against potential acts of violence in the future. This approach helps organizations steer clear of hiring individuals who could potentially jeopardize the company’s well-being.

2. Recognizing Workplace Violence Behaviors of Concern

Recognizing dangerous personality disorders and how they can potentially impact your organization’s safety, day-to-day operations, and overall morale is a foundational element of a Workplace Violence Prevention Program. These may be identified by specific behaviors – both verbal and non-verbal. Joe Navarro, nonverbal communications expert and former FBI special agent, says “We are never in a state where we are not transmitting information.” 4 (Psych Central). Every observation factors into an individual’s assessment and those that are seemingly small may shine a light on events in the months ahead. 

Researchers such as Navarro and Dr. Reid Meloy, a forensic psychologist and F.B.I. consultant, have come up with industry terminology that allows teams to categorize behaviors into four primary personality disorders, enabling teams to better classify them:

Personality Behavior Examples Impact
Narcissistic Believing they are special and better than most people. Speak often about being in charge and exercising power and believe they only associate with ‘high status’ people. Egocentric and arrogant.
  • Employee who lies about their experience, skills or financial status
  • Employee who bullies, yells, or exhibits violent behavior
  • Employee who is vengeful or backstabbing
  • They yell, act out, are emotionally draining
  • They cause others to leave and impact retention
  • Count on others forgiving and forgetting
Emotionally Unstable Constant extremes, hypersensitive to insult, highly demanding, frequently triggered and highly intense.
  • Employee who is referred to as ‘crazy’ or ‘prone to outbursts’
  • Employee who is known for drama
  • Less likely to harm others or destroy property
  • When combined with a sadistic (controlling) personality, violence is likely 
Predator Lack empathy and care most about exploitation and personal gain. Leave jobs and plans unfinished and are often described as cold and calculating.
  • Employee who steals, lies, cuts corners
  • Employee who intimates for personal gain
  • Likely to do substantial harm 
  • Accounts for up to 75% of prison population
Paranoid Consumed by mistrust and fear. Speaks frequently about conspiracies or secret organizations, and frequently complains to administration with threats to involve a lawyer.
  • Disgruntled former employee shows up unannounced and armed.
  • Violence is most often the solution to their far-fetched goals

These behaviors don’t materialize suddenly; they typically originate from a triggering event in the threat actor’s past, setting off a chain reaction of suspicious indicators. As a result, this activity can be categorized into one or a combination of the dangerous personality types described above. For instance, an individual may have a history of substance abuse or a turbulent family environment. These factors prompt them to drop out of school, become entangled with extremist groups, withdraw from social interactions, and/or post disturbing content on social media. Ultimately, this chain of events results in adopting the persona of a predator or a paranoid individual.

In other cases, there may not be one triggering event, but many unrelated and nonsignificant events that are part of a bigger picture tied to an evolving threat. Meloy states that many violent actors share a common perception of having been wronged and tend to assign blame to a particular group. “The personal grievance, then, typically leads to the individual deciding that there is only a violent solution to the distress that they’re experiencing,” he said. 5 (New York Times) Finding a system to connect these red flags in real time and disperse information to the right people results in a much greater chance of stopping an evolving threat. 

3. A Centralized Database for Proactive Threat Monitoring

Having a structured way to proactively detect evolving threats instills confidence in organizations, ensuring that their time and resources are spent wisely, versus chasing after every signal that comes their way. Seemingly trivial red flags tend to proceed most attacks. With a tool that enables teams to easily report these signals into a database, connecting them in real time, security teams can jump on an evolving threat before an incident occurs.

When considering what tool is right for your organization, make sure it encompasses a way to:

  1. Log all activity — Every signal matters, from grievances filed by HR to interactions in team and 1:1 meetings. Ensure the appropriate teams have access to this tool.
  2. Identify trends in real-time — Identify recurring patterns or significant changes in behavior so you know the right time to look further into a potential issue. 
  3. Leverage an evidence-based threat assessment — A Structured Professional Judgment tool should be integrated into the database and leveraged during the full assessment cycle with the ability to collaborate across teams.
  4. Manage each case over time — Find a system that allows you to not only log all activity, but document phases and decisions made on the individual over time.
  5. Incorporate threat management principles — Your system should provide a full scope of threat mitigation, beyond identifying suspicious activity, and identifying next steps to responding and quickly resolving security incidents.  

4. Enhancing Safety through Physical Violence Prevention Measures

The last thing any security leader wants is to feel unprepared to face an imminent threat. As much as teams can work to prevent most attacks, there are times when leaders must quickly leverage available resources to quickly de-escalate a crisis, ensuring minimal impact on people, property, and reputation. Below are a few physical security capabilities and resources that teams should strongly consider:

  • Threat actor monitoring — Monitoring social media and other remote mechanisms for observing actors’ activities, disposition, and communication. 
  • Layered security measures — A defense-in-depth starting at the perimeter and continuing to the site’s interior, along with controlled or secure access points.
  • Technological security controls — Advanced access control systems, threat detection systems, surveillance systems, and alarm systems are integral in monitoring and controlling access to areas containing critical assets.
  • Protective agents — Depending on the organization, these individuals may need to be armed and covert to be prepared to act on an impending threat. 
  • Physical surveillance — Implementing field operators and agents to observe individuals of concern and how they interact with the environment around them, anticipating their next move. (For more serious threats, teams cannot rely on electronic surveillance alone to detect violence.) 
  • Workplace Violence Threat Assessment — Training security teams and relevant stakeholders on the Pathway to Violence to associate an activity or behavior on a scale and alert others before progressing towards pre-attack planning to de-escalate and avoid an unfortunate event.

Research specific to targeted violence, backed by WAVR-21 founders Dr. Stephen White and Dr. Reid Meloy, advises that individuals usually follow a “pathway to violence” from thinking about using violence to researching and planning, and then executing on that plan. Each step factors in psychological, behavioral, historical, and situational factors with continuous monitoring — as behaviors may evolve on a daily basis. Evaluating the risk level hinges on understanding the threat actor’s response to interventions. (i.e., interviews, listening to the rationale behind their actions, etc)6  

Teams are advised to consistently reassess and refine business continuity planning and allocate physical security resources in alignment with the evolving threat landscape.

5. Workplace Violence Prevention Policy + Training

Your employees are the foundation of your company, so ensuring they are supported and trained to identify threats is essential.7 (National Institute for the Prevention of Workplace Violence

When it comes to employee support, Employee Assistance Programs (EAPs) are the cornerstone in assisting employees to resolve personal problems that may be impacting them at work. (Society for Human Resource Management, US Dept of Health and Human Services) These programs may include anything from counseling to financial and legal services to critical incident response. 

When employees feel personally supported, they are more likely to feel empowered to identify and report concerning behavior. This is crucial because maintaining a safe work environment cannot rest on the shoulders of security teams alone — it needs to be a shared responsibility across the organization. Educating organizations on how to accomplish this takes practice and support from leaders across the company.8 Here are a few guidelines to consider (OSHA, Safety and Health Magazine):

  • Establish a clear policy for workplace violence to include violent action, verbal and nonverbal threats, and related actions and encourage workers to promptly report incidents.
  • Implement a system to recognize violence indicators through behavior threat detection, allowing leaders to recognize potentially harmful personality characteristics before an act occurs. 
  • Administer workplace digital literacy training that focuses on the specific threats faced by your organization and industry, considering that one in three US workers has little to no skills using digital devices.9 (Dark Reading)
  • Create a plan for maintaining security in the workplace, including establishing a liaison with law enforcement or others who are capable of assisting in the prevention of workplace violence.

Lastly, Investing in workplace violence prevention efforts and training also makes good financial sense, as the costs of workplace violence continue to increase. The National Institute for the Prevention of Workplace Violence estimates employee productivity can decrease up to 50% in the six to 18 weeks following a violent incident, while turnover can increase to upwards of 30% to 40%.10 (source: Campus Safety)


With a comprehensive Workplace Violence Prevention Program in place, security teams can have a much higher likelihood of preventing catastrophic events — such as the case of the employee who went on a suicidal rampage referenced at the beginning of the article. The following signals would have been identified in advance of the event:

  • During his hiring process, he noted that he was looking for a more stable, less emotional place to work. (His previous place of employment was working as a federal security officer with experience using firearms and tactical response training.)
    • Emotionally unstable personality characteristics prompt the hiring team to look further into his background via a more thorough reference check.
  • He was described as angry and frequently complained that he was being treated unfairly, filing multiple grievances over time, and winning one of them. He was granted a leave of absence six months prior to the incident. Before leaving, he voiced frustration that he was asked to do things outside of his job description.
    • Narcissistic personality characteristics exhibited consistently over time, such as being self-centered and entitled, signal to management that there is an underlying issue with the employee’s behavior.
  • Two months before the incident, he moved home to his parents’ house. In that same month, the police were called because he was holding a knife to his throat.
    • An effective centralized database would have flagged the encounter with law enforcement in real-time.
  • One month before the incident, he returned to his job and stated that he was extremely upset that an upper-level position he hoped to be promoted to had been filled. He felt that it was done to potentially undermine him.
    • Narcissistic personality characteristics of feeling entitled and having an exaggerated sense of privilege, combined with earlier behaviors logged in the system, would prompt the employee’s manager to seek additional help such as counseling or outside investigative services.
  • The employee shaved their head the week of the incident.
    • Extreme changes in behavior would be logged in the database and flagged as highly concerning due to the individual’s history.

This incident was one of nearly 400 workplace homicides that occur each year. While the statistics are overwhelming, there is more in our control than many realize. With the right processes and technology in place, this employee would never have been hired in the first place. 

As shared above, these signals can be captured and identified early —  empowering organizations to identify high-risk individuals before an act occurs so security teams can deservedly enjoy more quiet days in the months ahead.

1 OSHA Workplace Violence Reports: https://www.osha.gov/workplace-violence/risk-factors

2 Security Magazine, The modern approach to employee screening, vetting and background checks, June 17, 2022

3 SHRM, Do Organizations Rely on Background Checks Too Much?

4 Psych Central, How to Understand and Read Body Language, October 2021

5 New York Times, What Are the Real Warning Signs of a Mass Shooting? August 22, 2022

6 WAVR-21, Pathway to Violence: https://www.wavr21.com/pathway-to-violence-2/

7  National Institute for the Prevention of Workplace Violence, The Financial Impact of Workplace Violence

8 Safety and Health Magazine, A Look at Workplace Violence

9  Dark Reading, Are Your Employees Thinking Critically About Their Online Behaviors?, January 2023

10 Campus Safety, Preventing Workplace Violence: Early Identification and Intervention Go a Long Way, January 2023

Security Consulting

Rozin Security offers security consulting services to help you design a comprehensive and proactive security plan to meet the needs of your organization today, and over time.

Learn More >