Skip to main content
Article | Managing Risk

Reducing the impacts of terrorist attacks

The Protect Duty legislation consultation has started, but what can businesses do now?

Risk & Analytics|Risk Management Consulting

By Jim Fox and Al Coffey | June 18, 2021

There is a wealth of publicly available information on how organisations can reduce the impacts of a terrorist attack, this article highlights 5 key areas.

As the UK society begins to open up from the latest COVID-19 lockdown, we hope to see the increase in crowd levels and a return to normality as we knew it, many of us will be enjoying shopping, eating out at their favourite restaurant, and catching up with friends on a trip to the cinema.

The reality is that all of these places are viewed by those with terrorist ideology as potential targets for attack; many of them are iconic venues and hold large numbers of people throughout their opening hours and in some cases may appear to have little or no security measures.

The current UK Threat level for International Terrorism remains at SUBSTANTIAL as at Friday 18 June 2021, meaning that an attack is likely. These can range in a number of forms from specifically targeted Improvised Explosive Devices (IED’s) through to self-initiated low complexity/low tech vehicle and bladed weapon attacks.

Sadly, we saw the impacts of both of these types of scenarios in recent years with attacks on Westminster Bridge, Manchester Arena, London Bridge, Fishmongers Hall & Reading.

The Foreign Secretary (Dominic Raab) stated recently that whilst arrests for terrorism-related activity fell by 34% in 20201, Police & Security Services have foiled 28 terror plots since March 2017. Coupled with "worrying" numbers of young people being recruited during lockdown.

To reinforce this Deputy Assistant Commissioner Dean Haydon said officers had made 185 arrests across more than 800 live investigations during the pandemic - "stopping three possible terror attacks in the process”.

But those are just the headline figures, for each attack prevented, there are dozens more that never have the chance to begin in the first place. And despite this impressive work, the tempo of terrorist activity is increasing. With customers queuing outside, a requirement to eat on the business curtilage and an emphasis on maintaining social distance whilst beings searched will all have an effect on how security risks are managed.

As part of a wider process the home office are (at the time of writing) currently undertaking a consultation in relation a proposed new Protect Duty also referred to as ‘Martyn’s Law’2. The consultation is exploring whether venue operators should be required to consider the risk of a terrorist attack and take proportionate and reasonable measures to prepare for (and protect the public from) such an attack, the new ‘Protect Duty’ will take lessons learned following the attacks in 2017 and also follows discussions with victims’ groups such as the Martyn’s Law campaign, established by the mother of one of the victims of the Manchester Arena attack.

The consultation period concludes on 2 July 2021, with any new proposal moving to parliament thereafter as part of due process.

There are of course plenty of considerations for organisations wanting to become more resilient in this area. Willis Towers Watson, through its security risk consulting team Alert:24, highlights the following areas which they are working with clients to enhance.


Continuously risk assess your organisation. This should include risks to assets, all or specific staff, and nearby external buildings / organisations, such as transport hubs, symbolic landmarks and areas that host large public events and gatherings, like shopping centres, theatres and stadiums. The risk assessment should be based on probable attack scenarios and should be regularly reviewed. Important to this is monitoring the threat environment of your organisation, this can leverage open source information from government bodies or utilise external providers. The outcomes of the security risk assessment should inform the basis for appropriate and proportional implementation of physical security, for example the introduction of Hostile Vehicle Mitigation (HVM) at road entrances.


Deliver security awareness training. This should educate employees on security best practise in ‘peace time’ and during a live event (e.g. Run Hide Tell in a Terrorism scenario). Training should be regularly conducted and can be easily built into existing training programmes, like those for information security and compliance. Security awareness training can be developed internally or businesses can leverage external resources. The police, via the National Counter Terrorism Security Office (NaCTSO), offer a number of excellent free resources specific to terrorism security awareness, such as the ACT Business App and E-Learning platforms.

Crisis Management

During event – dynamic lockdowns, rehearsals etc. Not just security staff but ‘front of house’ (shop owners, receptionists, facilities management, etc) and after an event to include business continuity and recovery, medical or compassion leave, grief and trauma counselling.


Good communications are key both during and after a Terrorism event. Once a live Terrorism event has been identified or suspected, have a means of communicating a threat and its location en-masse to your colleagues. This can be achieved via something as a simple as a company-wide group email or App based systems. For organisations with mature security frameworks, mass notifications systems can allow control rooms to identify and immediately communicate with those in close proximity to the event and enable colleagues to ‘check-in’ or alert the organisation if they are in the danger area. After an event, whether your organisation has been directly affected or not, as a part of your crisis management planning have a strong communications plan that considers a terror scenario. This should be sensitive to the issue and consider the anxiety felt in the community after an attack and also aimed at reassuring colleagues of how you protect them.


Build relationships with key external stakeholders in advance, particularly the police, but also other like minded neighbouring businesses, your Local Resilience Forum (LRF) and your local Counter Terror Security Advisor (CTSA). Understand how these organisations can support you and what role they will play during a live terror event.

It’s important you don’t run your lives in constant fear of a terrorist attack, but rather that you have considered how as an organisation you would respond.





Risk Management Executive - Cyber Risk & Crisis Management

Director – Head of Alert:24

Related Capabilities

Related Industries

Contact Us