Demystifying Private Sector Counter Terrorism Mitigation

The Basics

Terrorism & Hybrid Attack threats within the United Kingdom have been evolving over the last few years, Risks have developed that are normally associated with overseas countries and a distance news story, the private sector is adapting slowly but can move forward at a better rate of pace to keep in step with UK Government Initiatives using whats known as the Brain Game.

The private sector do not have 24/7 dedicated resources, legal powers and budgets to implement Government Agency protective security systems, and are not a feasible option for an open society

The first hurdle for corporate management is moving out of denial and removing any organisational barriers imposed by management, probably imposed due to their inability or lack of understanding for implementing counter terrorism mitigation, its a common problem and needs senior stakeholder involvement to kick start the process.

UK businesses can apply the same systems to support the UK Government & Police Initiatives, to create a ‘whole-of-society’ approach and deliver safe spaces for people to live and businesses to operate, it fits in well with the Protect & Prepare objectives of CONTEST. 

“One of the most important aspects of preventing an attack is making that attack harder for a terrorist to carry out. If businesses, and the public, had a clearer sense of the tactics a terrorist might use, then it follows that there is more chance of thwarting an attack.”

Lord Toby Harris – Oct 2016 Report

London’s Preparedness to a Terrorist Attack

Legal Obligations – Duty of Care – Liable Action

1. Start Point – Private Sector Counter Terrorism Responsibilities.

Businesses must understand their legal obligations and any localised responsibilities to do with councils and contractual agreements.  Is the private sector On Notice for these type of incidents? Walk through the process of being investigated and answerable through the courts – will you be liable and open to claims? Health & Safety Laws already cover these type of incidents; do your corporate management understand the laws? Understanding whats reasonable and practicable within your responsibilities will mitigate the business criticality if compensation and government agency investigations seek legal action. Does your business have None Damage Business Interruption Insurance? Does the company already have critical event management systems?

2. Risk Assessment.

Priority document – The risk assessment team must be guided by an experienced private sector security professional and not an academic theory based bluffer – In-House Google search ninjas should also be avoided. 

Keep It Simple & Effective

3. Security & Safety Plan.

Produce your plan detailing what mitigation the business will implement based on the risk assessment and identified legal & duty of care responsibilities, if its part of  an event planing process anticipate and explain what mitigation the business expect from Government Agencies, avoid the common misconception and poor planning approach of asking Government Agencies for their advice on business management mitigation, they are public sector staff and will only advice on what will assist Emergency Services Response.

Government agencies are experts within their respective fields and will advice on their responsibilities and systems in order to shape the scene for their arrival. Businesses cant afford to leave mitigation to that advice, there will be emergency services response gaps and after action litigation (covered in later paragraphs).  The private sector can educate staff and raise awareness with the aim of recognising the signs, reporting suspicious activity, and allow thinking time to respond effectively.  

Private sector professionals (stay away from academic theory based bluffers) are the best option for advice on business counter terrorism mitigation and understand what comes under the heading of Criticality.  Use the MoSCoW principle throughout the planning process.  

Ensure minutes are taken on all meetings with Government Agency representatives, all personnel who attend meetings should receive a copy of the minutes, this approach mitigates against poor advice etc etc.

When seconds count and emergency services are minutes away

4. Emergency Services Response Gap.

Prioritise mitigation to where the business can have an effective impact and what’s within your legal & duty of care responsibilities. Accept there will be an emergency services Response Gap and focus your efforts on that period of time (just 1 example). It could be 2 minutes or 15 minutes.

Employee and customer safety are the first priority, focus on what can be achieved with effective staff awareness, communication and response procedures prior to a critical event, and during the incident. Apply a unified approach to raising awareness of All staff, this will act as a mitigation multiplier, and significantly improve the detect and response capability.

Liable actions will be instigated after the incident, all prior planning and mitigation taken & not taken will be assessed by the courts, the Black Swann event excuse is no longer a viable option.

5. Staff Numbers (Mainly for Event Planning)

Unless legally obliged or the budget allows, focus plans on utilising current resources (all staff), stay away from the increase numbers mantra. The MoSCoW principle will keep this consideration on track.

6. Tool Box Talks.

The number 1 proven mitigation strategy is staff situational awareness. Use 2 to 5 minute toolbox talks, these work best as a brief prior to shift, delivered by a team leader, supervisor or management. It’s good practice to have a set of short briefs on Cue-cards, a white board or flip chart.  Develop an awareness of threat activity carried out by criminals and terrorist.  

7. Periods of Chaos.

If an attack happens, understand there will be a period of No Control and Chaos, only individual actions by staff will be actionable – focus efforts on simple plans for staff to action (point 6) without any higher level control until the organised chaos period starts to come into effect. The approach is called Mission Command and a tried and tested life saver.

8. Rapid Risk Communication.

Communication systems are a high priority and a Must Have.  Verbal communications is the number one method using radios, PA Systems, and face to face.

Minimal Extra Costs Involved


9. Effective Information.

All the above is easily achievable, the costs are minimal, and it’s all about arming all personnel with effective information and businesses implementing a policy to educate staff and maintain awareness.  The unified approach builds staff & business resilience with the added value of mitigating other forms of workplace violence and assisting Government initiatives to create safe spaces for people and businesses to operate. 

10. Mind Set.

Think about changing your approach and use the Phrase Hybrid Attack Mitigation, Terrorism is just one form of a critical event, violent crime is a serious concern within the UK and incidents are rising affecting all parts of society.  By applying the above approach to modern threats of terrorism and violent crime, business can improve their detect and response capabilities, and save lives.

Mildot deliver 2 IOSH Approved Counter Terrorism courses and also provide consultancy options:

Business Counter Terrorism Course for Management, Security and Safety personnel.

Situational Awareness for Counter Terrorism & Violent Crime delivered to all staff. 

See below security advisories to assist business


Call our team of security experts.

call now


Feel free to email any enquiries.

email us


Complete our online application form.