Workplace violence has, and increasingly so, become a mainstream operational, legal, and reputational concern for organizations across sectors.
For years, many workplace violence programs were built around compliance, with a written policy, periodic training, and a response plan for when something went wrong. But today, that model is being challenged.
One of the most important shifts shaping workplace violence prevention today is the emergence of a multi-state regulatory baseline.
Legislation like California’s SB 553 and New York’s Retail Worker Safety Act has moved expectations beyond high-risk sectors and into general industry. At the same time, other states and jurisdictions are introducing or expanding requirements around written plans, training, incident reporting, and risk assessments.
One of the clearest signals of this shift is how workplace violence is being enforced in the absence of a single federal standard.
OSHA has increasingly relied on the General Duty Clause to cite employers when violence is considered a “recognized hazard” and reasonable preventative measures were not in place. In these cases, the issue was that the program was not operationalized.
For example, OSHA investigations into workplace violence incidents have repeatedly found gaps such as:
In several cases, businesses had experienced prior threats or near-misses but had not updated their programs or implemented preventative controls. After an incident occurred, these gaps became the basis for citations and financial penalties.
One must remember that even in regions without explicit mandates, these baseline laws we are seeing from state to state are influencing what regulators, insurers, and courts consider “reasonable” prevention efforts. Businesses are expected to demonstrate that they have a structured, documented, and actively managed workplace violence prevention program, regardless of location.
Another clear trend is the shift away from static policies toward continuous program management.
Historically, workplace violence plans were often created once and revisited only after an incident. Today, many are treating prevention as an ongoing system, and one that is regularly reviewed, tested, and refined.
This includes:
As we talk about the ‘baseline’ standard, it is important to point out that effective programs require coordination across multiple functions, including but not limited to, security, HR, legal, operations, and executive leadership. Yet in practice, these teams often operate with different data, tools, and priorities. Closing this gap is becoming a key differentiator.
Organizations demonstrating tangible progress in establishing and maturing their threat management capabilities are characterized by active engagement in a set of core, interconnected initiatives, such as centralized reporting and case management for full visibility across teams,through to creating clear ownership and accountability at the leadership level.
Perhaps the most significant, and often overlooked, shift is the increasing importance of early detection.
Research and incident trends continue to show that threats emerge out of clear warning signs. Changes in behavior, expressions of grievance, or escalating language are things that all emerge before an incident occurs. What’s changing is where those signals are found:
This varied source array creates a gap for some. While internal reporting systems are improving, external visibility remains limited or highly manual, leaving security teams to react to incidents rather than identifying risks early enough to intervene.
The trajectory is clear in that workplace violence prevention is becoming more proactive, more data-driven, and more integrated into broader risk management strategies.
Regulators are placing greater emphasis on documentation and evidence. Employees expect safer, more transparent workplaces. And organizations are recognizing that prevention is a critical component of duty of care, brand protection, and operational continuity.
The question is no longer whether to have a workplace violence prevention plan.
It’s whether that plan is actually capable of identifying risk early enough to make a difference.