Private Sector Counter Terrorism Mitigation

Published Seven Years Ago


This article was written in 2017 and published on the Mildot Advisory page and industry magazines in 2018. 

Back in 2017 government agencies did not understand private sector counter terrorism systems, and in some cases dismissed the approach, even though CT mitigation within the private sector has been around for decades.

A few points have been added since the reports on the Manchester Arena Bombing Attack have been published.

The Draft Terrorism (Protection of Premises) Act 2023, has lots of similarities with the below article points. 



The Basics Using the Brain Game


“One of the most important aspects of preventing an attack is making that attack harder for a terrorist to carry out. If businesses, and the public, had a clearer sense of the tactics a terrorist might use, then it follows that there is more chance of thwarting an attack.”

Lord Toby Harris – Oct 2016 Report

London’s Preparedness to a Terrorist Attack




Business Owners & Senior Management Barriers

The first hurdle for management is moving out of denial and removing any organisational barriers that have been imposed.

The ostrich syndrome to counter terrorism is not the way forward, it’s a common problem and needs senior stakeholder involvement to kick start the mitigation process. 

Relying on the Governments agencies as the main effort is a critical mistake. 

Legal teams are already preparing cases and waiting to launch liability claims from past events. 

Added text in 2022, Business and Government Agency naivety on the criticality of an attack has been explained to the whole country at the Manchester Arena Bombing Inquiry. 


Legal Obligations – Duty of Care – Liable Action

Businesses must understand their legal obligations, localised responsibilities, and contractual agreements.  Note: During a post attack inquiry is not the period to be asking these questions for the first time. 


a. Is the private sector On Notice for Terrorism & Modern Day Violent Crime incidents?

b. Have corporate management walked through the process of being investigated and answerable through the courts?

c. Will the business be liable and open to claims?

d. Health & Safety Laws already cover these type of incidents; do you know them?

e. Do corporate management understand the laws? Understanding whats reasonable and practicable within your responsibilities will mitigate and lower the criticality. 

f. Are employers responsible for staff actions – Will vicarious liability be applied by claimants?

g. Does your business hold None Damage Business Interruption Insurance?

h. Are there critical event management systems already in place?

i. Do senior management understanding the meaning of CRITICALITY within the security context?  Failure to understand the criticality of an attack has been laid out to the whole country at the Manchester Arena Bombing Inquiry.

j. Has your business used a private sector consultant for CT advice, or, have they relied on Police advisers?  There are major differences between the two options.

Private sector consultants have worked all over the world delivering mitigation against terrorist attacks and similar hybrid events. They know the realities of what can be achieved, and how a basic policy and accompanying procedures can substantially mitigate the criticality and safe lives.


Risk Assessment.

Priority document: The risk assessment team must be guided by an experienced private sector security professional. In-House Google search ninjas should be avoided. 

The RA and relevant attachments must detail the threats and the criticality on the business; they are also used within the business case to deliver mitigation or not. 

Security & Safety Plan

Keep It Simple & Effective

Produce your plan detailing what mitigation the business will implement based on the risk assessment and identified legal & duty of care responsibilities.

If its part of  an event planning process anticipate and explain what mitigation the business expect from Government Agencies. 

Avoid the common misconception and naive planning approach of asking Government Agencies for their advice on private sector security mitigation.  They are public sector staff and will only advice on what will assist Emergency Services Response.  

Government agencies are experts within their respective fields and will advice on their responsibilities and systems in order to shape the scene for their arrival.

Businesses can’t afford to leave mitigation to that advice, there will be Emergency Services Response Gaps, and after action litigation.

Ask yourself the question – When seconds count and emergency services are minutes or longer away – What action will you or your staff take during the Emergency Services Response Gap?

After action implications will be determined by the businesses prior planning and preparation. 

Use the MoSCoW principle throughout the planning process.  

Write minutes on all meetings with Government Agency representatives, all personnel who attend meetings should receive a copy of the minutes, this approach acts as a record for future reference.

When seconds count and emergency services are minutes away

Emergency Services Response Gap

As an example, some types of businesses can prioritise mitigation to where the business can have a practical impact.

Accept there will be an emergency services Response Gap and focus your efforts on that period of time. It could be 2 minutes or 15 minutes.

Employee and customer safety is the priority, focus on what can be achieved with staff situational awareness, risk communication and response procedures.

Apply a unified approach to raising awareness of all staff, this will act as a mitigation multiplier and significantly improve an organisations detection and response capability.

Liable actions will be instigated after the incident, all prior planning and mitigation taken & not taken will be assessed by the courts.

The Black Swann event excuse is no longer a viable option.


Staff Numbers (Mainly for Event Planning)

Focus plans on utilising current resources (all staff), stay away from the misconception its ONLY a security staff problem, its everybody’s issue to deal with.

The MoSCoW principle will keep this consideration on track.


Situational Awareness

The number 1 proven terrorism & violent crime mitigation strategy is staff situational awareness.

Use 2 to 5-minute toolbox talks, these work best at the start of a shift, delivered by a team leader, supervisor or management. It’s good practice to have a set of short briefs on Cue-cards, a white board or flip chart.  


Periods of Chaos

If an attack happens, there will be a period of No Control and Chaos.

Only individual actions by staff will be possible, it’s during this period that the subjects covered previously become critical information and effective action takes place. 

The approach is called Mission Command and a tried and tested life saver.


Rapid Risk Communication.

Communication systems are a high priority and a Must Have.  Verbal communications is the number one method using radios, PA Systems, and face to face.


All the above is achievable with minimal costs that are far outweighed by the benefits, it’s all about arming all personnel with useful information and businesses implementing a policy to educate staff and maintain awareness. 

The unified approach builds personnel & business resilience with the added value of mitigating other forms of workplace violence and assisting Government initiatives to create safe spaces for people and businesses to operate. 

Think about changing your approach and use the Phrase Hybrid Attack Mitigation, Terrorism is just one form of a critical event, violent crime is a serious concern within the UK and incidents are happening affecting all parts of society. 

By applying the above approach to modern threats of terrorism and violent crime, a business can improve its detection and response capabilities, and save lives.

Policy Escalation Option.  A good option for large companies with thousands of staff and multiple sites, or stand-alone facilities with footfall in the thousands, they can develop a policy that escalates with the UK Government Threat Levels.


Further Reading and Consultancy Advise

Our Premium Content Vault offers a comprehensive bank of protective security knowledge, providing cutting-edge insights and a wealth of information to elevate your understanding of protective security systems for Terrorism & Hybrid Threat Risk Management solutions.

Within this vault, you’ll gain access to a range of specialised resources for security professionals, risk managers, and decision-makers in the private sector.

To learn more about designing and implementing terrorism mitigation, click this link and access our Premium Content Vault.



Tony Gledhill, a seasoned protective security consultant and founder of Mildot Group. With extensive international experience for counter terrorism mitigation. Tony has designed and executed security strategies for leading energy and construction organisations operating in high-risk and complex environments.

His private sector expertise extends to training international government protection teams responsible for VIPs and critical assets, plus thousands of armed & unarmed private security guards. Leveraging over 16 years in the private sector after a distinguished 22-year military career, he brings a wealth of real-world knowledge.

Armed with real world operational insight, he knows what can be achieved with reasonable and practicable security solutions.