The Watch Blog

Convoy Group | Dec 18, 2025

2025 Year in Review: Top Security Lessons from the Field & What’s Next for 2026

top security lessons from 2025

2025 exposed vulnerabilities that many organizations believed were someone else’s problem. From ISIS-inspired vehicle attacks to healthcare workplace violence reaching crisis levels, the year proved that physical security gaps carry catastrophic consequences. As we enter 2026, we must recognize the importance of:

  • Constant proactiveness in our security planning.
  • Ensuring interoperability of our security and intelligence systems.
  • Understanding and contextualizing the threat and hazard landscape.
  • Taking a principles-first approach to security services.

Five Security Incidents, Threads, and the Lessons we Learned in 2025 

New Orleans ISIS-Inspired Vehicle Attack (January 1, 2025)

Shamsud-Din Jabbar drove a pickup truck into crowds on Bourbon Street, killing 14 and injuring 57. The attack was premeditated; Jabbar planted Improvised Explosive Devices (IEDs) hours earlier, posted ISIS allegiance videos, and bypassed malfunctioning bollards designed to prevent vehicle access. Law enforcement stated that “driving a vehicle into a crowd is not particularly a thing that any law enforcement agency can be prepared for”.​

Lesson: Perimeter security infrastructure requires regular testing and maintenance. Bollards that malfunction or aren’t deployed create catastrophic vulnerabilities during high-traffic events. And, contrary to the claim made after the incident, this is something we can be prepared for.

Las Vegas Cybertruck Explosion at Trump Hotel (January 1, 2025)

Matthew Livelsberger, a 37-year-old Green Beret, detonated 60 pounds of explosives outside Trump International Hotel after using ChatGPT to plan the attack. He wore Meta smart glasses, drove a rented vehicle loaded with fireworks and fuel, and shot himself before detonation. Seven were injured.​

Lesson: Threats from individuals with specialized training pose unique risks. AI-assisted attack planning and vehicle-borne IEDs require threat assessments that account for technological evolution, threat capabilities and intent assessments, and a deep understanding of the threat landscape.

Pennsylvania Governor’s Residence Firebombed (April 2025)

Cody Balmer scaled security fences and threw Molotov cocktails into Pennsylvania Governor Josh Shapiro’s residence while the family slept. Security cameras recorded the breach, but state troopers failed to intercept. Balmer admitted he brought a sledgehammer in case he encountered the Governor.​

Lesson: Technical surveillance without monitoring and integrated response protocols is “security theater.” Real-time monitoring must integrate with trained personnel authorized to intervene immediately, and there must be clear standard operating procedures (SOPs) in place for decision-making.

Healthcare Workplace Violence Crisis (2025)

Workplace violence in healthcare reached crisis levels, with workers five times more likely to experience violence than other occupations. A Pennsylvania hospital shooting left one police officer dead and five wounded after a patient’s husband – upset about care decisions – opened fire. Healthcare violence cost U.S. hospitals $18.27 billion in 2023 alone.​

Lesson: De-escalation training, visitor management processes, and panic alarms are a minimum requirement for healthcare facilities. Staff safety requires behavioral threat assessment programs and security personnel trained in mental health crisis response.

Professional Athletes Targeted by Organized Theft (September-November 2024, continuing into 2025)

The FBI documented organized theft groups breaking into at least nine professional athletes’ homes through 2025. Crews conducted extensive surveillance, posed as delivery personnel, used Wi-Fi jammers to disable security systems, and targeted luxury goods.​

Lesson: High-net-worth individuals require layered security – alarms alone don’t suffice. Trained residential security teams, social media discipline and protective intelligence, and integrated surveillance systems can prevent targeting. The bottom line is that executive protection extends beyond travel to and from events and venues.

Two Security Consulting Case Studies: Making a Tangible, Relevant Difference

Case Study 1: Private School Security Transformation

A private school relied on contract security guards with high turnover, inconsistent access control across disparate campuses, and emergency plans that had not been thoroughly tested. Leadership was committed, but day-to-day security performance varied dramatically between locations.

Our comprehensive security audit revealed:

  • Guards unfamiliar with Standard Response Protocol (SRP) procedures.
  • Multiple uncontrolled building access points with disabled door alarms.
  • Video surveillance on separate platforms with no central management.
  • No formal Incident Command System (ICS) structure during drills.
  • Open perimeters adjacent to public sidewalks exposing students during transitions.

Implemented Solutions:

  • Restructured security staffing with performance metrics, site-specific orientation, and quarterly training requirements.
  • Designed and installed secure vestibules at main entrances mirroring best practices.
  • Integrated access control and video management systems campus-wide.
  • Established National Incident Management System (NIMS)-compliant Emergency Operations Plan with defined Incident Commander roles.
  • Institutionalized tabletop exercises with documented after-action reports.

2026 Takeaway: Strong security culture requires clear accountability structures. Training compliance tracking, vendor performance audits, and integrated technology platforms reduce reactiveness within security programs, ensures compliance, and ultimately creates a safer environment.

Case Study 2: College Campus Security Operations Overhaul

A multi-campus college operated with fragmented policies, no Security Operations Center (SOC) procedures, and concerns about contract security provider qualifications. Emergency plans existed but lacked NIMS/ICS compliance, and high volumes of mental health-related security calls overwhelmed untrained personnel.

Our security audit identified:

  • No standardized Security Operations Center training or operating procedures.
  • Absence of centralized electronic access control creating accountability gaps.
  • Security responses to mental health crises without coordination with student support services.
  • Missing comprehensive use-of-force and incident reporting policies.
  • Firearms storage and accountability concerns for armed security leadership.

Implemented Solutions:

  • Developed SOC charter with defined roles, standard operating procedures, and incident management protocols.
  • Created phased electronic access control implementation plan campus-wide.
  • Integrated security with mental health through multidisciplinary threat assessment methodologies.
  • Established comprehensive policies on use of force, violence prevention, and Clery Act-compliant incident reporting.
  • Implemented standardized firearms storage with formal sign-in/sign-out accountability systems.

2026 Takeaway: This college faces unique commuter campus challenges. Security must be integrated with student services, facilities, and administration under unified command.

What’s Next for Private Security in 2026

Pennsylvania businesses, educational institutions, healthcare facilities, and high-profile individuals should prioritize:

  • Threat and Vulnerability Assessments: Identify gaps before incidents expose them. Annual reviews examining physical security, access control, emergency response capabilities, and vendor performance.
  • Executive Protection: High-visibility and at-risk leaders require security details during travel, residential security assessments, and advance route planning. The targeting of public officials and executives accelerated in 2025.
  • Protective Intelligence: Proactive threat monitoring, social media tracking, and behavioral analysis help identify risks. Intelligence-driven security prevents incidents rather than reacting to them.
  • Security Program Development and Management: Comprehensive security programs require strategic planning, policy development, vendor oversight, and continuous improvement. Organizations need defined security objectives, measurable performance metrics, and accountability structures.
  • Integrated Emergency Operations: NIMS/ICS-compliant plans with trained Incident Commanders, regular tabletop exercises, and documented after-action reviews that drive continuous improvement.
  • Vendor Accountability: Security guard performance metrics, training verification, and capability assessments ensure contracted personnel meet standards and understand organizational protocols.
  • Security Technology Integration: Access control, surveillance, and emergency notification systems that communicate enable faster response and better situational awareness during critical incidents.
  • Security Training: De-escalation techniques, behavioral threat assessment, active threat response, and executive protection fundamentals equip personnel to handle evolving threats. At Convoy Group, we partner with Franciscan University’s Center for Criminal Justice, Law, & Ethics to deliver executive protection training.
  • Workplace Violence Prevention: Behavioral threat assessment programs, anonymous reporting systems, and multidisciplinary response teams reduce risk across all sectors – especially healthcare, education, and retail.

2025 taught Pennsylvania that reactive security costs more than proactive security, whether that cost is counted in dollars, reputation, or lives. Organizations entering 2026 with comprehensive security assessments, trained personnel, and integrated systems will be better prepared to face last year’s threats, and new ones.

The gap between organizations that suffered security incidents in 2025 and those that didn’t was planning. Organizations entering 2026 should prioritize comprehensive security program audits and threat vulnerability assessments to identify gaps before incidents expose them. At Convoy Group, we work with businesses, educational institutions, healthcare facilities, and high-profile/at-risk individuals to develop integrated security strategies grounded in intelligence and operational best practices.

Related posts:

  1. The Major Considerations for Advance Planning in Executive Protection
  2. How to Use Social Media as an Early Warning System in School Safety and Security Programs
  3. Advancing Campus Safety: The Strategic Role of Risk Assessments
  4. When Public Information Becomes a Pre-Incident Indicator

Tags

Categories

About

The Convoy Group is your trusted source for all things security-related, from insider safety tips to insights into industry innovations. Our team of global security and intelligence experts is committed to providing top-notch personalized security solutions because safety always comes first.