Demystifying Private Sector Counter Terrorism Mitigation

The Basics

Terrorism & Violent Crime that’s associated with overseas countries and a distance news story is happening in the United Kingdom. Government agencies have adapted rapidly to mitigate the threat. Still, the private sector is not keeping up with modern-day security planning and is On Notice for the threats & criticality of an attack. The private sector should be using what’s known as the Brain Game.

The private sector do not have 24/7 dedicated resources, legal powers and budgets to implement Government Agency protective security systems, and are not a feasible option for an open society

The first hurdle for corporate management is moving out of denial and removing any organisational barriers imposed by management; the ostrich syndrome is not the way forward, it’s a common problem and needs senior stakeholder involvement to kick start the process.

Legal teams are already preparing cases and waiting to launch liability claims from past events.  These teams take advantage of businesses that have remained in denial and not conducted any planning and preparation.

What level of understanding and awareness are the staff operating at?

  1. Unconscious Incompetence = They don’t know what they don’t know = Either living in denial or oblivious to the reality of modern day threats = Require Educating
  2. Conscious Incompetence = They know there’s a problem but have no knowledge or understanding of how to mitigate = Require Educating
  3. Conscious Competence = Able to think their way through a situation = Understand the threats, company policy and action plans  
  4. Unconscious Competence = Can automatically respond effectively = Optimum level of awareness

When seconds count and emergency services response is minutes or longer away – What action will you or your staff take during the Response Gap?

“One of the most important aspects of preventing an attack is making that attack harder for a terrorist to carry out. If businesses, and the public, had a clearer sense of the tactics a terrorist might use, then it follows that there is more chance of thwarting an attack.”

Lord Toby Harris – Oct 2016 Report

London’s Preparedness to a Terrorist Attack

Legal Obligations – Duty of Care – Liable Action

1. Start Point – Private Sector Counter Terrorism Responsibilities.

Businesses must understand their legal obligations, localised responsibilities, and contractual agreements. 

a. Is the private sector On Notice for these type of incidents?

b. Have corporate management walked through the process of being investigated and answerable through the courts?

c. Will the business be liable and open to claims?

d. Health & Safety Laws already cover these type of incidents.

e. Do corporate management understand the laws? Understanding whats reasonable and practicable within your responsibilities will mitigate and lower the criticality. 

f. Are employers responsible for staff actions – Will vicarious liability be applied by claimants?

g. Does your business hold None Damage Business Interruption Insurance?

h. Are there critical event management systems already in place?

2. Risk Assessment.

Priority document: The risk assessment team must be guided by an experienced private sector security professional and not academic theory based bluffers. In-House Google search ninjas should also be avoided.  The RA and relevant attachments are to be used to display realistic probabilities of various forms of attack and the criticality on the business; they are also used within the business case to deliver mitigation or not.  Mildot Consultants are available to advise any business on the Risk Assessment. 

Keep It Simple & Effective

3. Security & Safety Plan.

Produce your plan detailing what mitigation the business will implement based on the risk assessment and identified legal & duty of care responsibilities. If its part of  an event planning process anticipate and explain what mitigation the business expect from Government Agencies, avoid the common misconception and inadequate planning approach of asking Government Agencies for their advice on business management mitigation, they are public sector staff and will only advice on what will assist Emergency Services Response.

Government agencies are experts within their respective fields and will advice on their responsibilities and systems in order to shape the scene for their arrival. Businesses can’t afford to leave mitigation to that advice, there will be emergency services response gaps, and after action litigation (covered in later paragraphs).  The private sector can educate staff and raise awareness with the aim of recognising the signs, reporting suspicious activity, and allow thinking time to respond effectively.  

Private sector professionals (stay away from academic theory based bluffers) are the best option for advice on business counter terrorism mitigation and understand what comes under the heading of Criticality.  Use the MoSCoW principle throughout the planning process.  

Write minutes on all meetings with Government Agency representatives, all personnel who attend meetings should receive a copy of the minutes, this approach mitigates against poor advice etc etc.

Example CT Policy Table designed to escalate in line with UK Government Threat Levels

When seconds count and emergency services are minutes away

4. Emergency Services Response Gap.

Prioritise mitigation to where the business can have a practical impact and what’s within your legal & duty of care responsibilities. Accept there will be an emergency services Response Gap and focus your efforts on that period of time (just 1 example). It could be 2 minutes or 15 minutes.

Employee and customer safety is the priority, focus on what can be achieved with staff situational awareness, communication and response procedures before a critical event, and during the incident. Apply a unified approach to raising awareness of all staff, this will act as a mitigation multiplier and significantly improve the detection and response capability.

Liable actions will be instigated after the incident, all prior planning and mitigation taken & not taken will be assessed by the courts. The Black Swann event excuse is no longer a viable option.

5. Staff Numbers (Mainly for Event Planning)

Unless legally obliged or the budget allows, focus plans on utilising current resources (all staff), stay away from the increase numbers mantra. The MoSCoW principle will keep this consideration on track.

6. Tool Box Talks.

The number 1 proven mitigation strategy is staff situational awareness. Use 2 to 5-minute toolbox talks, these work best at the start of a shift, delivered by a team leader, supervisor or management. It’s good practice to have a set of short briefs on Cue-cards, a white board or flip chart.  Develop an awareness of threat activity carried out by criminals and terrorist.  

7. Periods of Chaos.

If an attack happens, there will be a period of No Control and Chaos. Only individual actions by staff will be actionable, focus efforts on simple plans for personnel to action (point 6) without any higher level control until the organised chaos period starts to come into effect. The approach is called Mission Command and a tried and tested life saver.

8. Rapid Risk Communication.

Communication systems are a high priority and a Must Have.  Verbal communications is the number one method using radios, PA Systems, and face to face.

Minimal Extra Costs Involved


9. Effective Information.

All the above is readily achievable, the costs are minimal, and it’s all about arming all personnel with useful information and businesses implementing a policy to educate staff and maintain awareness.  The unified approach builds personnel & business resilience with the added value of mitigating other forms of workplace violence and assisting Government initiatives to create safe spaces for people and businesses to operate. 

10. Mind Set.

Think about changing your approach and use the Phrase Hybrid Attack Mitigation, Terrorism is just one form of a critical event, violent crime is a serious concern within the UK and incidents are rising affecting all parts of society.  By applying the above approach to modern threats of terrorism and violent crime, a business can improve its detection and response capabilities, and save lives.

11. Policy Escalation Option

A good option for large companies with thousands of staff and multiple sites, or stand-alone facilities with footfall in the thousands, can develop a policy that escalates with the UK Government Threat Levels. An example CT policy escalation chart can be viewed from this link

Mildot delivers private sector Counter-Terrorism courses and also provide consultancy options:

Business Solutions for Management, Security and Safety personnel.

Situational Awareness for Counter Terrorism & Violent Crime delivered to all staff. 

See below security advisories to assist business


Call our team of security experts.

call now


Feel free to email any enquiries.

email us


Complete our online application form.