Situational Awareness

Last week, we looked at the hidden threats lurking in plain sight that can be identified using open source intelligence (OSINT). Considering that May is ‘AGM month’ in London, we considered how these threats can be used to target executives attending AGMs. This week, we go deeper into how situational awareness, not just cyber or physical security, is essential for real executive protection.

Because the question is no longer if someone is watching your AGM.
It’s who, how, and what they’re doing with what they learn.

The Illusion of Control at Corporate Events

When most firms plan their AGMs, risk management focuses on logistics: the venue, security guards, comms strategy, and investor relations. But few ask the deeper, strategic questions:

• Who’s listening that shouldn’t be?
• What breadcrumbs are we dropping through body language, dialogue, or digital trails?
• How much could a threat actor deduce from a single livestream

Your average public company AGM is no longer a closed-door, insider affair. In 2025, over 1,200 AGMs are being held in London alone across the FTSE 350. This increase in AGMs signifies not only a shift toward greater transparency but also a rise in associated risks. AGM dates, venues and attendees are publicised in advance. This means that potential threat actors know where your executives will be and when. This is an unavoidable reality. The question is how to protect your executives given heightened levels of exposure.

According to Capital IQ data:

• 62% of AGMs are livestreamed
• 31% of AGMs publish speaker names, job titles, and contact emails in investor briefs
• 45% of AGMs include direct Q&A segments with senior leadership, often posted verbatim online

As these meetings become more public and interactive, the associated risks are more pronounced, demanding that companies implement robust risk management strategies.

Imagine you’re a competitor or a hostile activist. You attend an AGM virtually, wait outside the venue, or better yet, walk into the physical venue wearing business attire. No one questions you. You:

• Watch the CEO reveal near-term priorities
• Capture the names of mid-tier executives from the panel slides
• Listen for mention of new contracts, office openings, or shifting business units
• Cross-reference LinkedIn, Zoom replays, and Companies House filings

Within 90 minutes, you’ve created a high-confidence profile of the firm’s operational focus, corporate structure, and senior leadership exposure.

This is not science fiction. This is OSINT reality.

Training the Mindset: What We Do at Futurum Risk

Futurum Risk’s Situational Awareness & Threat Mapping Programme is built to close this gap.

We take corporate teams, from executive assistants to CISOs, through immersive simulations of high-visibility corporate events. In one of our core modules, participants play both host and hostile. We teach them to:

• Spot social engineering cues at reception desks
• Detect surveillance behaviour in real-world environments
• Audit livestream content and control over disclosure
• Use real OSINT tools to understand what outsiders see

Our goal? To make every stakeholder ask one critical question in every interaction:

“If I weren’t meant to know this, how easily could I still find out?”

Because protection starts with perception.

Glass Houses and Public Floors

Hosting an AGM without situational awareness is like conducting a private meeting inside a glasshouse, with the lights on, curtains open, and a public address system broadcasting outside.

You’ve secured the door.
You’ve locked the safe.
But you’ve made the room visible to anyone who cares enough to look.

A Real World Precedent: Defence Data in the Open

The personal data of 20 defence executives was recently found circulating in open-source datasets, including names, addresses, email patterns, and, in some cases, even family details. None of this information was hacked. It was all legally public but poorly managed.

These same risks are present across industries such as oil and gas, banking, insurance, and corporate HQs throughout London. We’ve witnessed firsthand how easily valuable data can be exposed when adequate risk management and data protection strategies are not in place.

Tailored Risk Realities and Strategic Blind Spots

While situational awareness should be a baseline across all sectors, the nature of the threat, what’s exposed, who’s watching, and how they exploit the data, varies greatly from one organisation to another. Some industries, often less in the public eye or seemingly “low profile,” are especially prone to being targeted due to their overlooked vulnerabilities. These sectors are attractive to malicious actors precisely because they tend to operate with less scrutiny, making them ripe for exploitation.

A common trend our intelligence teams observe is that unassuming entry points, like the reception desk, are often the first line of attack. Reception areas, typically seen as customer service points rather than security zones, are a weak spot across many fields.

Untrained personnel routinely fail to challenge unauthenticated visitors, especially when they present vague, non-threatening stories. This overlooked vulnerability is one of the easiest for adversaries to exploit.

Mitigation Tip: Treat receptionists like security personnel. Train them in behavioural threat detection, challenge protocols, and escalation procedures.

Another major risk emerges in sectors that are highly targeted by activists and external interest groups. These organisations, whether motivated by ideology or competition, tend not to require direct access but instead exploit public events, like public speeches or shareholder meetings.

For example, it’s not uncommon for adversaries to take public remarks made by executives and geo-tag them to deduce future business operations or project timelines, all without ever setting foot inside a facility. This kind of intelligence gathering can lead to quick, coordinated actions, like protests or public challenges, based solely on external observations.

Mitigation Tip: Implement real-time monitoring of public-facing events. Have analysts monitor and model how adversaries might interpret content during live events.

Lastly, many sectors operate under the false assumption that anonymisation is enough to safeguard their data. However, even in fields that may seem disconnected from direct adversarial interest, threat actors specialise in piecing together fragmented data. What may appear as innocuous, anonymised information can be aggregated and cross-referenced, giving adversaries the complete picture they need to exploit weaknesses.

Mitigation Tip: Adopt a “zero attribution” policy. Never assume that data anonymisation alone is sufficient protection against targeted efforts to link information.

Case Study: Norex Resources

In a recent high-stakes scenario, we explored a situation involving Norex Resources, a prominent company hosting its AGM in a historic London venue.

During the event, the CEO delivered a detailed public address, discussing plans for future regional expansions. But an uninvited attendee, posing as a journalist and using a LinkedIn credential, gained access to the event. This individual recorded the entire speech and, through a combination of satellite imagery and corporate registration data, uncovered sensitive details that weren’t meant to be disclosed.

Within just 10 days, activist groups were already protesting at a site for a new facility, one that had yet to be publicly announced.

The breach? A seemingly routine Q&A session that allowed critical information to slip through the cracks.

To address the situation, the company implemented executive coaching and enhanced security measures for future events, ensuring better protection against such vulnerabilities.

Train for Reality, Not Comfort

Situational awareness doesn’t mean paranoia. It means a deliberate, proactive posture in environments where exposure is inevitable.

Your executive team, your physical venues, your investor materials, they are all signals. And in the world of threat intelligence, signals are data.

At Futurum Risk, we help companies shift from reactive security to strategic awareness. We don’t just help you spot the threat, we teach you to think like the threat.

Because your next breach may not begin with malware or protestors.
It may begin with a perfectly normal AGM, and a single person watching quietly, recording everything.