Workplace Violence Is Not Just a Security Risk — It Is a Business Risk
By John Gill and Matthew Doherty
When workplace violence occurs, the immediate focus is rightly on the people affected and the organization’s response. Protecting lives, supporting victims, communicating clearly, and stabilizing the workplace must always come first.
But the consequences to the organization rarely end when the incident is over.
A serious workplace violence incident can disrupt operations, affect employee morale, increase absenteeism and turnover, attract regulatory scrutiny, generate legal exposure, raise insurance and workers’ compensation costs, and damage an organization’s reputation. In some cases, it can also affect customer confidence, business continuity, labor relations, and leadership credibility.
That is why workplace violence prevention should not be viewed solely as a security responsibility. It is an enterprise risk issue that requires leadership attention, cross-functional coordination, and sustained organizational discipline.
Today’s workplace violence prevention programs must address a broad range of concerns, including harassment, intimidation, threatening communications, stalking, domestic violence spillover, insider threats, physical assaults, suicide risk, and targeted violence. While these matters may first surface as security, human resources, employee relations, or legal issues, their impact is often felt across the entire organization.
Workplace violence is one of the few risks capable of producing human, operational, legal, financial, regulatory, and reputational consequences at the same time.
When a Security Incident Becomes a Business Problem
Recent events illustrate how quickly workplace violence can evolve into a broader organizational challenge.
In 2025, a nurse at HCA Florida Palms West Hospital was critically injured after an alleged attack by a patient. The incident generated national attention, prompted renewed questions about safety in healthcare settings, and was followed by litigation alleging security failures. The hospital also reportedly took steps to increase security after the attack.
The 2021 shooting at a FedEx facility in Indianapolis similarly demonstrated how workplace violence can create long-term consequences beyond the immediate emergency response. Eight people were killed, several others were injured, and families of victims later filed negligence and wrongful death claims alleging that stronger security measures, training, and warning procedures could have prevented the attack.
These incidents are reminders that workplace violence is not simply an event to be managed after the fact. It can affect employee trust, organizational resilience, brand reputation, legal posture, and continuity of operations.
The data reinforces the concern. A Society of Human Resource Management (SHRM) survey found that 48 percent of HR professionals reported that their organization had experienced an incident of workplace violence, while roughly one in seven American workers reported not feeling safe at work. The Bureau of Labor Statistics reported 57,610 nonfatal workplace violence cases requiring days away from work, job restriction, or transfer during 2021–2022, with healthcare and social assistance accounting for nearly three-quarters of those private-industry cases.
For employers, the message is clear: workplace violence prevention is not only about responding to rare catastrophic events. It is also about recognizing and managing lower-level behaviors, repeated concerns, unresolved grievances, intimidation, threats, and environmental risks before they escalate.
Moving Beyond Incident Response
Historically, many organizations have focused on how they will respond if workplace violence occurs. Response planning remains essential. Organizations need emergency procedures, communication protocols, law enforcement coordination, crisis management plans, and post-incident support.
But mature organizations are asking a broader question:
How can risk be identified, assessed, managed, and reduced before an incident occurs?
That shift changes workplace violence prevention from a reactive security function to a proactive risk management discipline. It requires a coordinated process for receiving concerns, assessing behavior, evaluating context, documenting decisions, implementing interventions, and monitoring cases over time.
The objective is not to predict violence with certainty. No organization can do that. The objective is to identify concerning behavior, assess whether a person or situation may pose a risk, intervene appropriately, and reduce the likelihood of harm.
Effective programs bring together security, human resources, legal, compliance, risk management, employee relations, behavioral health resources, and executive leadership. Each function sees a different part of the risk picture. Security may be aware of access control concerns or threatening behavior. Human resources may know about performance issues, terminations, grievances, or workplace conflict. Legal may understand employment, privacy, disability, and duty-of-care considerations. Risk management may track claims, insurance, and operational exposure. Executive leadership sets expectations, allocates resources, and reinforces accountability.
Without a coordinated structure, critical information can remain siloed. With a structured program, organizations are better positioned to connect the dots, make informed decisions, and act consistently.
Compliance and Regulatory Expectations
Organizations are also facing increasing legal and regulatory expectations regarding workplace violence prevention. Requirements vary by jurisdiction and industry, but the overall direction is clear: employers are expected to take reasonable steps to identify, assess, and mitigate recognized workplace violence risks.
At the federal level, OSHA does not currently have a workplace violence standard that applies broadly to all employers. However, OSHA has stated that employers may be cited under the General Duty Clause when workplace violence is a recognized hazard and feasible methods exist to reduce the risk. OSHA has also issued guidance for higher-risk sectors, including healthcare and social services.
At the state level, requirements are becoming more specific. California’s SB 553, effective July 1, 2024, requires most California employers to establish, implement, and maintain a workplace violence prevention plan, train employees, maintain incident logs, and periodically review program effectiveness. Texas SB 240 requires covered healthcare facilities to establish workplace violence prevention committees and develop policies and plans for preventing and responding to workplace violence. New York’s Retail Worker Safety Act requires covered retail employers to adopt workplace violence prevention policies and provide workplace violence prevention training.
These developments are important even for organizations that are not currently subject to a specific workplace violence prevention mandate. They reflect a broader expectation that employers will have documented processes, trained employees, reporting mechanisms, incident review practices, and evidence of reasonable preventive action.
Organizations leading from the front are choosing not to wait for new mandates. They are developing comprehensive workplace violence prevention programs that align with recognized practices, demonstrate due diligence, and create a consistent framework for identifying risk, documenting decisions, coordinating interventions, and improving over time.
Building a Modern Workplace Violence Prevention Program
An effective workplace violence prevention program is built on more than a policy or emergency response plan. It requires a governance model that clearly defines ownership, decision-making authority, escalation pathways, documentation expectations, and executive oversight.
At the center of many mature programs is a multidisciplinary threat assessment and threat management team. These teams evaluate reports of concerning behavior, assess the level of risk, coordinate interventions, document decisions, and monitor cases over time. Importantly, the focus is not simply whether an individual made a threat. The more important question is whether the person may pose a threat, based on behavior, context, capability, intent, stressors, grievances, protective factors, and opportunities for intervention.
A modern program should include several core elements:
- Clear policy and definitions. Employees need to understand what workplace violence includes, how threats and concerning behaviors are defined, and what conduct is prohibited.
- Accessible reporting channels. Employees should have multiple ways to report concerns, including options that are easy to use, confidential where appropriate, and available to employees who may not feel comfortable going through a direct supervisor.
- Consistent triage and assessment. Reports should be reviewed through a defined process that considers urgency, behavioral indicators, known facts, potential victims, workplace context, and immediate safety needs.
- Multidisciplinary case management. Higher-risk or complex cases should be managed through a coordinated team that can draw on security, HR, legal, behavioral health, and operational expertise.
- Documented decisions. Organizations should document what was reported, what was assessed, who was consulted, what decisions were made, what actions were taken, and how the matter was monitored or closed.
- Training and awareness. Employees, supervisors, HR professionals, security personnel, and executives need role-specific training. Employees need to know what to report. Supervisors need to know how to respond. HR and security teams need practical tools for assessing and managing cases.
- Post-incident review and continuous improvement. After significant incidents, organizations should conduct structured reviews to identify lessons learned, update procedures, and address gaps in communication, staffing, training, technology, or escalation.
The effectiveness of a workplace violence prevention program is not measured only by how well an organization responds after an incident. It is measured by whether the organization can recognize emerging risk, coordinate informed decisions, intervene appropriately, and learn from experience.
Culture, Trust, and Reporting
A program can look strong on paper and still fail if employees do not trust it.
Many workplace violence concerns are first observed by coworkers, supervisors, front-line managers, reception staff, field employees, or others closest to the situation. They may notice escalating anger, fixation, threatening language, stalking behavior, domestic violence spillover, unusual communications, or changes in behavior. But they may hesitate to report if they fear retaliation, believe nothing will be done, worry about overreacting, or assume someone else already knows.
This is why culture matters. Employees must be encouraged to report concerning behavior early, even when they are unsure whether the behavior meets a formal threshold. Leaders should reinforce that reporting is not about punishment or labeling someone as dangerous. It is about getting the right people involved so concerns can be assessed professionally and managed appropriately.
The organization’s response to reports is equally important. If employees see that reports disappear into a black hole, confidence declines. If they see that concerns are handled fairly, consistently, and with appropriate discretion, trust increases.
A strong reporting culture also protects the organization. It helps identify patterns, supports earlier intervention, and creates a record that the organization took reasonable steps to understand and address risk.
Technology as an Enabler
Technology alone will not prevent workplace violence. It cannot replace judgment, governance, leadership, or trained professionals. But technology can support the processes that make prevention and intervention more effective.
Organizations increasingly rely on technology to manage reporting, investigations, threat assessments, case documentation, information sharing, analytics, and executive reporting. When aligned with sound governance and threat management practices, technology can improve visibility, coordination, accountability, and consistency.
A well-designed system can help organizations track reports, assign follow-up, document team decisions, identify repeat locations or recurring issues, monitor open cases, and generate trend data for leadership. It can also help ensure that sensitive information is protected and shared only with those who have a legitimate need to know.
Technology should be implemented carefully. Workplace violence prevention systems must account for privacy, access controls, data retention, employment law considerations, and fairness. The goal is not surveillance for its own sake. The goal is better reporting, better documentation, better coordination, and better decision-making.
Treating Workplace Violence as an Enterprise Risk
Once workplace violence is understood as an enterprise risk, the conversation changes.
It becomes a matter for executive leadership, not just security. It belongs in risk management discussions, not just emergency planning. It should be connected to employee relations, compliance, business continuity, crisis communications, legal strategy, insurance, and organizational culture.
Leadership should be asking practical questions:
- Do employees know how to report concerning behavior?
- Do supervisors know what to do when concerns are raised?
- Do HR, legal, security, and risk management have a shared process for reviewing cases?
- Are decisions documented consistently?
- Are higher-risk cases escalated appropriately?
- Are lessons learned from incidents and near misses?
- Does leadership receive meaningful data about trends, gaps, and program effectiveness?
- Are workplace violence risks considered during terminations, layoffs, facility changes, public-facing operations, domestic violence situations, and high-conflict employee relations matters?
These questions help move the organization beyond a compliance mindset. They also help leaders understand whether the program is functioning as intended.
Conclusion
Workplace violence prevention is about protecting people. That will always be the first priority.
But it is also about protecting the organization’s ability to operate, lead, serve customers, support employees, and maintain trust. A serious incident can create consequences that reach far beyond the moment of violence. It can expose gaps in governance, communication, documentation, leadership, and culture.
The organizations best prepared for the future will be those that recognize a simple truth: workplace violence is no longer just a security issue. It is a business risk that demands the same level of leadership, governance, and organizational discipline applied to every other critical enterprise risk.