Security Intelligence

Kidnap Prevention for Executives: Personal Security That Reduces Risk | CloseProtectionHire

Q: "Which countries carry the highest kidnap risk for business executives travelling on corporate assignments?"

"Control Risks' Global Kidnap for Ransom Report 2024 identifies Mexico as consistently recording the highest documented kidnapping count globally, with Jalisco, Guanajuato, and Mexico City among the highest-incident states according to Secretariado Ejecutivo del Sistema Nacional de Seguridad Pública (SESNSP) statistics for 2024. Venezuela follows with a very high rate relative to its population -- InSight Crime's Organised Crime in Venezuela (2023) documents kidnapping as an endemic criminal activity with multiple actor types including security forces, organised crime groups, and opportunistic criminals. Colombia has seen a marked reduction in kidnapping since the FARC demobilisation under the 2016 peace agreement, but the Policía Nacional de Colombia's 2024 statistics confirm that the ELN and FARC dissident groups (particularly the AGC/Clan del Golfo) remain active in certain regions. Nigeria is categorised by OSAC's Nigeria Country Security Report 2024 as high-risk across multiple states, with the Northwest and Northeast particularly hazardous; targets include business travellers, oil and gas sector employees, and humanitarian workers. Papua New Guinea, Haiti, and parts of Honduras and Guatemala round out the current high-incidence countries. FCDO travel advice for each of these destinations recommends specific behaviour modification measures for business travellers, including avoiding displays of wealth, reducing predictability, and ensuring a reliable contact and check-in protocol."

Q: "What is express kidnapping and how does it differ from classical kidnap for ransom?"

"Express kidnapping -- secuestro express in Spanish -- is a short-duration, financially motivated crime in which the victim is taken and held for hours or at most a day or two, rather than the weeks or months that characterise classical kidnap for ransom. The perpetrators are typically criminal rather than politically motivated, and the financial demand is calibrated to what the victim can access immediately through ATM withdrawals rather than what a corporate employer can pay through a K\u0026R insurance claim. The pattern is highly consistent: victim is followed or grabbed in a known opportunistic location (airport arrivals, hotel entrances, nightlife venues, taxi ranks), driven to a series of ATMs, and forced to withdraw the daily limit multiple times if the captor group is organised enough to hold the victim across a midnight account reset. In some cities -- Mexico City, Bogota, Lagos, Manila -- express kidnapping of business travellers has become a sufficiently established industry that criminal groups operate dedicated recruitment and logistics functions. The OSAC advisory pattern for these cities identifies specific high-risk locations and times, particularly late-night taxi usage and unplanned cash machine visits. Protection from express kidnapping is primarily behavioural: vetted private transport from airport to hotel rather than street taxis; not withdrawing cash from exposed ATM locations; avoiding predictable late-night movement; and not displaying jewellery, watches, or electronic devices in public."

Q: "What behaviour changes most effectively reduce an executive's kidnap risk in high-threat markets?"

"The targeting cycle for classical kidnap for ransom requires surveillance of the target over an extended period -- typically 48 to 72 hours of pattern-of-life collection before a snatch is attempted. This means the most effective single control is disrupting the pattern. Specific behaviour modifications that reduce targeting risk: vary arrival and departure times and routes between accommodation and the workplace, avoiding any predictable schedule; use vetted drivers and vehicles from a verified security-approved supplier rather than street taxis or ride-hailing apps that expose location data; do not share travel schedules, hotel names, or arrival information by email, messaging app, or social media -- schedule information should be communicated only on a need-to-know basis to verified contacts; avoid highly visible public locations (specific hotels known to host Western business travellers, specific restaurants that are predictable for the sector) and reserve changes for the journey rather than pre-booking; ensure a nominated trusted contact in-country and in the home organisation knows the daily schedule and has a confirmed check-in protocol -- missed check-ins trigger an escalation process, not an assumption that the executive forgot to call. The ASIS International Travel Security and Personal Protection Standard 2019 recommends that pre-travel security briefings include specific behavioural modification guidance calibrated to the destination country's risk profile, not generic travel advice."

Q: "What is virtual kidnapping and how should executives and their families respond if they receive a kidnap demand call?"

"Virtual kidnapping is a fraud operation in which a caller claims to hold a family member hostage and demands immediate ransom payment -- while the supposed hostage is not actually in captivity and has no knowledge of the call. The operation exploits the emotional response of the recipient to short-circuit verification. The FBI documented this pattern in a June 2017 press release, with the scheme particularly targeting Spanish-speaking communities across the US-Mexico border. The pattern remains active in 2023-2024 across multiple countries. Recognising features of a virtual kidnapping call: the caller creates extreme urgency and insists the recipient not hang up or contact anyone else; background noise suggesting distress is audible; the caller has only basic information about the supposed hostage (name, general occupation) that could have been obtained from social media. Correct response: hang up or put the caller on hold, and immediately call the supposed hostage on their confirmed number. If the hostage answers, the call was virtual. If the hostage does not answer immediately, call a secondary contact who can physically confirm the hostage's location before any payment is considered. Family members of executives in high-risk posting countries should be briefed on this methodology before the posting begins. The briefing should include: what a virtual kidnapping call sounds like, the correct verification protocol, who to contact (security team, HR, or dedicated K\u0026R line), and what not to do (pay anything, stay on the line without verification, share financial information)."

Q: "How should organisations structure their pre-travel kidnap risk mitigation programme for executives visiting high-risk markets?"

"The pre-travel kidnap risk mitigation programme has four components. First, threat assessment: a country-specific risk assessment for each destination that is current (within 30 days), addresses kidnap risk specifically (not just general crime or terrorism), and identifies the actor types (politically motivated, criminal, opportunistic), victim profiles that have been targeted, and the specific risk locations and behaviours that have preceded incidents. Second, OSINT reduction: before travel, the executive's digital footprint in the destination country should be reviewed. LinkedIn profiles, social media posts referencing the destination, corporate website profiles that identify the executive by name and seniority, hotel reservation confirmations sent by unencrypted email, and flight itineraries in messaging app conversations all create data points that can be accessed. Third, operational security briefing: the specific behaviour modifications for the destination, vetted transport provider details, accommodation security, communication protocols, and the check-in schedule. Fourth, contingency planning: what happens if contact is lost, who is notified and in what sequence, whether K\u0026R insurance is in place and whether the executive has the emergency contact number, and whether the organisation has a retained K\u0026R response consultant on call. For the protective intelligence programme that underpins travel threat assessment, see our [protective intelligence guide](/blog/protective-intelligence-understanding-your-threat/). For crisis management when a security incident escalates to a kidnap situation requiring corporate response, see our [corporate crisis management guide](/blog/corporate-crisis-management-security-incidents/)."

Practical kidnap prevention guide for executives in Mexico, Colombia, Nigeria, and other high-risk markets. Covers express kidnapping, virtual kidnapping, the surveillance-to-snatch pipeline, and the behaviour changes that reduce personal targeting risk.

12 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

Kidnapping is a business risk in a specific set of markets, not a remote possibility. Mexico, Venezuela, Colombia, Nigeria, and parts of Central America and West Africa have documented, structured kidnap industries targeting business travellers, executives, and expatriate workers. In some of these markets the criminal infrastructure is sophisticated: surveillance operations, dedicated holding facilities, financial extraction teams, and payment processing.

Prevention is the only reliable strategy. Kidnap-for-ransom response – K&R insurance, negotiators, crisis management – is the contingency when prevention fails. The prevention programme is operational security applied to personal movement.

Country Risk Context

Mexico records the highest documented kidnapping count globally (Control Risks Global Kidnap Report 2024). SESNSP 2024 statistics confirm Jalisco, Guanajuato, and Mexico City as the highest-incidence states. Kidnapping is not exclusively opportunistic – organised criminal groups affiliated with cartel structures conduct structured targeting operations. Business travellers are targeted for perceived wealth and reduced likelihood of police involvement.

Colombia has seen significant reduction since the 2016 FARC peace agreement, but the Policía Nacional de Colombia 2024 statistics confirm the ELN and AGC (FARC dissident groups) remain active in specific regions. Bogota and Medellin are substantially lower risk than rural and peri-urban areas, but express kidnapping in urban environments remains documented.

Nigeria is rated high-risk by OSAC’s Nigeria Country Security Report 2024, with Northwest and Northeast states particularly hazardous. Oil and gas sector employees are the primary target profile, but professional business travellers in Lagos face urban criminal targeting.

Venezuela has endemic kidnapping documented by InSight Crime’s Organised Crime in Venezuela 2023, with multiple actor types including organised criminal groups, security forces, and opportunistic criminals. FCDO travel advice recommends against all but essential travel to most of Venezuela.

The Targeting Cycle

Classical kidnap for ransom requires surveillance before the snatch – typically 48 to 72 hours of pattern-of-life collection. Surveillance collectors observe regular locations, timing patterns, vehicle, and protective arrangements. The implication is straightforward: an executive with a predictable schedule is easier and cheaper to target than one who varies it.

The prevention measures address each point in the targeting cycle:

Route and timing variation. Leave the hotel at different times. Use different entry and exit points. Do not have the same vehicle and driver every day unless the driver and vehicle have been vetted and the route is actively changed.
Accommodation security. Hotel name and room number should not appear in unencrypted communications. Check-in should not be conspicuous. Paying by corporate card rather than cash reduces the signal of available funds.
Schedule information discipline. Meeting schedules should be communicated on a need-to-know basis. Detailed itineraries sent by unencrypted email create targeting data before the executive arrives.
Driver and vehicle vetting. Vetted, security-approved transport providers are the single most important protective resource for business travellers in high-risk markets. Unvetted taxis and ride-hailing apps expose location data and create the pickup scenario most associated with express kidnapping.

Express Kidnapping

Express kidnapping is short-duration and financially driven – hours to a day, calibrated to ATM withdrawal limits rather than ransom negotiation. The pattern: the target is grabbed or coerced at a high-risk location (airport arrivals, hotel entrance, nightlife venue), driven to ATMs, forced to withdraw multiple times.

Prevention is behavioural. Vetted private transport from airport to hotel eliminates the highest-risk pickup location. Avoiding isolated cash machine withdrawals eliminates the funding mechanism. Not displaying high-value watches, jewellery, or phones reduces the initial targeting signal.

Virtual Kidnapping

Virtual kidnapping requires no physical control of the victim. The caller claims to hold a family member hostage and demands immediate payment – while the supposed hostage is unaware of the call and is elsewhere. The FBI documented this fraud pattern in June 2017, with the scheme active across the US-Mexico border and subsequently spreading to other markets.

The fraud mechanism is urgency: the caller insists the recipient stay on the line and not contact anyone. The correct response is to put the call on hold and immediately dial the supposed hostage’s confirmed number. If the hostage answers, the call is fraud. Family members of executives in high-risk posting countries should receive this briefing before the posting begins.

For the protective intelligence programme underpinning travel threat assessment, see our protective intelligence guide. For crisis management when a security incident requires corporate-level response, see our corporate crisis management guide.

For the upstream oil and gas operating environment – Niger Delta and Gulf of Guinea kidnap patterns, Iraq convoy security, ASIS 2012 armed security contractor management guidelines, PFEER Regulations, the UN Voluntary Principles, and K&R insurance retainer arrangements for long-duration postings – see our oil and gas upstream security guide.

James Whitfield is a Senior Security Consultant with 20 years of experience in executive protection, travel security, and kidnap risk management.

Summary

Key takeaways

Mexico records the highest documented kidnapping count globally -- Control Risks 2024 -- with organised criminal groups operating structured targeting operations

SESNSP 2024 statistics confirm Jalisco, Guanajuato, and Mexico City among the highest-incidence states. Kidnapping in Mexico is not exclusively opportunistic -- organised criminal groups including cartel affiliates conduct structured targeting operations that include surveillance, target selection based on perceived wealth, and logistics for holding and extraction. Business travellers are targeted because they are perceived as wealthier than local residents, less likely to involve the police, and more likely to have employer-funded payment capability. The threat profile requires specific pre-travel preparation, not just awareness.

The surveillance-to-snatch pipeline typically requires 48-72 hours of pattern-of-life collection -- disrupting routine is the most effective single control

Classical kidnap for ransom operations require surveillance of the target before the snatch. Surveillance collectors observe the target's regular locations, timing patterns, vehicle, and protective arrangements over multiple days. Varying arrival and departure times and routes, using different vehicles and entry/exit points, and avoiding predictable venues removes the predictability that surveillance relies on. An executive who leaves the hotel at the same time every morning in the same vehicle to the same destination provides a surveillance collector with a confirmed opportunity within 24 hours. An executive who varies all of these is significantly more difficult and expensive to target.

Express kidnapping is prevented by specific behaviours, not security guards -- vetted transport and avoided ATM exposure are the primary controls

Express kidnapping targets of opportunity at specific locations and times: unvetted taxis from airports and hotels, exposed ATM withdrawals in unfamiliar areas, late-night movement without confirmed transport, and isolated cash withdrawals following visible displays of jewellery or high-end phones. The prevention is behavioural. Vetted private transport from airport to hotel eliminates the highest-risk pickup scenario. Not using visible cash-dispensing machines in public areas eliminates the funding mechanism. The security programme for an executive in an express kidnapping environment prioritises these two controls above all others.

Virtual kidnapping exploits emotional response to bypass verification -- the correct response is to hang up and call the supposed hostage directly

A virtual kidnapping call creates extreme urgency and insists the recipient stay on the line and not contact anyone else. This is the fraud mechanism: verification collapses the scam. The correct response to any kidnap demand call is to immediately attempt to reach the supposed hostage by their confirmed number while the demand call is on hold or after disconnection. If the hostage answers, the call was a fraud. Family members of executives in high-risk markets should be briefed on this verification protocol before the posting begins -- the emotional urgency of a kidnap demand call makes it extremely difficult to think clearly in the moment without prior briefing.

Pre-departure OSINT reduction is as important as in-country behaviour -- hotel names and schedule data in unencrypted messages create targeting risk

An executive whose hotel name appears in a WhatsApp message to a client, whose LinkedIn profile shows a business trip to Lagos, and whose assistant sends a detailed arrival schedule by email has provided targeting information to anyone with access to those channels before the trip begins. Pre-departure OSINT reduction means: not posting destination information on social media, not including hotel names and flight details in unencrypted communications, briefing the executive's assistant on information security for travel scheduling, and reviewing any publicly visible itinerary information. The targeting may begin before the executive boards the plane.

FAQ

Frequently Asked Questions

Control Risks’ Global Kidnap for Ransom Report 2024 identifies Mexico as consistently recording the highest documented kidnapping count globally, with Jalisco, Guanajuato, and Mexico City among the highest-incident states according to Secretariado Ejecutivo del Sistema Nacional de Seguridad Pública (SESNSP) statistics for 2024. Venezuela follows with a very high rate relative to its population – InSight Crime’s Organised Crime in Venezuela (2023) documents kidnapping as an endemic criminal activity with multiple actor types including security forces, organised crime groups, and opportunistic criminals. Colombia has seen a marked reduction in kidnapping since the FARC demobilisation under the 2016 peace agreement, but the Policía Nacional de Colombia’s 2024 statistics confirm that the ELN and FARC dissident groups (particularly the AGC/Clan del Golfo) remain active in certain regions. Nigeria is categorised by OSAC’s Nigeria Country Security Report 2024 as high-risk across multiple states, with the Northwest and Northeast particularly hazardous; targets include business travellers, oil and gas sector employees, and humanitarian workers. Papua New Guinea, Haiti, and parts of Honduras and Guatemala round out the current high-incidence countries. FCDO travel advice for each of these destinations recommends specific behaviour modification measures for business travellers, including avoiding displays of wealth, reducing predictability, and ensuring a reliable contact and check-in protocol.

Express kidnapping – secuestro express in Spanish – is a short-duration, financially motivated crime in which the victim is taken and held for hours or at most a day or two, rather than the weeks or months that characterise classical kidnap for ransom. The perpetrators are typically criminal rather than politically motivated, and the financial demand is calibrated to what the victim can access immediately through ATM withdrawals rather than what a corporate employer can pay through a K&R insurance claim. The pattern is highly consistent: victim is followed or grabbed in a known opportunistic location (airport arrivals, hotel entrances, nightlife venues, taxi ranks), driven to a series of ATMs, and forced to withdraw the daily limit multiple times if the captor group is organised enough to hold the victim across a midnight account reset. In some cities – Mexico City, Bogota, Lagos, Manila – express kidnapping of business travellers has become a sufficiently established industry that criminal groups operate dedicated recruitment and logistics functions. The OSAC advisory pattern for these cities identifies specific high-risk locations and times, particularly late-night taxi usage and unplanned cash machine visits. Protection from express kidnapping is primarily behavioural: vetted private transport from airport to hotel rather than street taxis; not withdrawing cash from exposed ATM locations; avoiding predictable late-night movement; and not displaying jewellery, watches, or electronic devices in public.

The targeting cycle for classical kidnap for ransom requires surveillance of the target over an extended period – typically 48 to 72 hours of pattern-of-life collection before a snatch is attempted. This means the most effective single control is disrupting the pattern. Specific behaviour modifications that reduce targeting risk: vary arrival and departure times and routes between accommodation and the workplace, avoiding any predictable schedule; use vetted drivers and vehicles from a verified security-approved supplier rather than street taxis or ride-hailing apps that expose location data; do not share travel schedules, hotel names, or arrival information by email, messaging app, or social media – schedule information should be communicated only on a need-to-know basis to verified contacts; avoid highly visible public locations (specific hotels known to host Western business travellers, specific restaurants that are predictable for the sector) and reserve changes for the journey rather than pre-booking; ensure a nominated trusted contact in-country and in the home organisation knows the daily schedule and has a confirmed check-in protocol – missed check-ins trigger an escalation process, not an assumption that the executive forgot to call. The ASIS International Travel Security and Personal Protection Standard 2019 recommends that pre-travel security briefings include specific behavioural modification guidance calibrated to the destination country’s risk profile, not generic travel advice.

Virtual kidnapping is a fraud operation in which a caller claims to hold a family member hostage and demands immediate ransom payment – while the supposed hostage is not actually in captivity and has no knowledge of the call. The operation exploits the emotional response of the recipient to short-circuit verification. The FBI documented this pattern in a June 2017 press release, with the scheme particularly targeting Spanish-speaking communities across the US-Mexico border. The pattern remains active in 2023-2024 across multiple countries. Recognising features of a virtual kidnapping call: the caller creates extreme urgency and insists the recipient not hang up or contact anyone else; background noise suggesting distress is audible; the caller has only basic information about the supposed hostage (name, general occupation) that could have been obtained from social media. Correct response: hang up or put the caller on hold, and immediately call the supposed hostage on their confirmed number. If the hostage answers, the call was virtual. If the hostage does not answer immediately, call a secondary contact who can physically confirm the hostage’s location before any payment is considered. Family members of executives in high-risk posting countries should be briefed on this methodology before the posting begins. The briefing should include: what a virtual kidnapping call sounds like, the correct verification protocol, who to contact (security team, HR, or dedicated K&R line), and what not to do (pay anything, stay on the line without verification, share financial information).

The pre-travel kidnap risk mitigation programme has four components. First, threat assessment: a country-specific risk assessment for each destination that is current (within 30 days), addresses kidnap risk specifically (not just general crime or terrorism), and identifies the actor types (politically motivated, criminal, opportunistic), victim profiles that have been targeted, and the specific risk locations and behaviours that have preceded incidents. Second, OSINT reduction: before travel, the executive’s digital footprint in the destination country should be reviewed. LinkedIn profiles, social media posts referencing the destination, corporate website profiles that identify the executive by name and seniority, hotel reservation confirmations sent by unencrypted email, and flight itineraries in messaging app conversations all create data points that can be accessed. Third, operational security briefing: the specific behaviour modifications for the destination, vetted transport provider details, accommodation security, communication protocols, and the check-in schedule. Fourth, contingency planning: what happens if contact is lost, who is notified and in what sequence, whether K&R insurance is in place and whether the executive has the emergency contact number, and whether the organisation has a retained K&R response consultant on call. For the protective intelligence programme that underpins travel threat assessment, see our protective intelligence guide. For crisis management when a security incident escalates to a kidnap situation requiring corporate response, see our corporate crisis management guide.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.