Demystifying Private Sector (so called) Counter Terrorism Mitigation

The Basics Using the Brain Game

The private sector do not have 24/7 dedicated resources, legal powers and budgets to implement Government Agency (Public Sector) protective security systems, and these systems are not a feasible option for the Private Sector in an open society.

The first hurdle for corporate management is moving out of denial and removing any organisational barriers imposed by incompetent management, the ostrich syndrome is not the way forward, it’s a common problem and needs senior stakeholder involvement to kick start the mitigation process.  Relying on the Governments online awareness presentation as the main effort is a critical mistake. 

Legal teams are already preparing cases and waiting to launch liability claims from past events.  Business and Government Agency naivety on the criticality of an attack is being laid out to the whole country at the Manchester Arena Bombing Inquiry. 

The phrase Counter-Terrorism is a misnomer, private sector mitigation in the United Kingdom is more about Anti-Terrorism and definitely Emergency Response, the following text will outline the realism of what can be achieved and is a proven approach from countries that are plagued with attacks and acts of violence. 

When seconds count and emergency services are minutes or longer away – What action will you or your staff take during the Emergency Services Response Gap?

“One of the most important aspects of preventing an attack is making that attack harder for a terrorist to carry out. If businesses, and the public, had a clearer sense of the tactics a terrorist might use, then it follows that there is more chance of thwarting an attack.”

Lord Toby Harris – Oct 2016 Report

London’s Preparedness to a Terrorist Attack

Legal Obligations – Duty of Care – Liable Action

1. Start Point – Private Sector Terrorism Mitigation Responsibilities.

Business must understand their legal obligations, localised responsibilities, and contractual agreements.  Note: During a post attack inquiry is not the time to be asking these questions for the first time.  The Government are currently assessing the implementation of a new law called Protect Duty, initial thoughts are it will fall short and continue to allow soft targets to be unprepared – Hopefully Not! 

a. Is the private sector On Notice for Terrorism & Modern Day Violent Crime incidents?

b. Have corporate management walked through the process of being investigated and answerable through the courts?

c. Will the business be liable and open to claims?

d. Health & Safety Laws already cover these type of incidents; do you know them?

e. Do corporate management understand the laws? Understanding whats reasonable and practicable within your responsibilities will mitigate and lower the criticality. 

f. Are employers responsible for staff actions – Will vicarious liability be applied by claimants?

g. Does your business hold None Damage Business Interruption Insurance?

h. Are there critical event management systems already in place?

i. Do senior management understanding the meaning of CRITICALITY within the security context?  Failure to understand the criticality of an attack is now being laid out to the whole country at the Manchester Arena Bombing Inquiry.

j. Has your business used a private sector consultant for CT advice, or, have they relied on the Public Sector Police CT advisers?  There are major differences between the two options, Government agency advisors have no private sector management experience and rely on theory based information from other Government agency advisors who also have no private sector experience.

Private sector consultants have worked all over the world delivering mitigation against terrorist attacks and similar hybrid events, they know the realities of what can be achieved, and how a basic policy and accompanying procedures can substantially mitigate the criticality and safe lives.  Their knowledge is gained from real-time experience from living and operating in complex and challenging environments, thats in complete contrasts to others who are theory based and solely worked in the UK.

2. Risk Assessment.

Priority document: The terrorism & violent crime risk assessment team must be guided by an experienced private sector security professional and not academic theory based bluffers. In-House Google search ninjas should also be avoided.  The RA and relevant attachments must detail the threats and the criticality on the business; they are also used within the business case to deliver mitigation or not.  Mildot Consultants are available to advise any business on the Risk Assessment. 

Keep It Simple & Effective

3. Security & Safety Plan.

Produce your plan detailing what mitigation the business will implement based on the risk assessment and identified legal & duty of care responsibilities. If its part of  an event planning process anticipate and explain what mitigation the business expect from Government Agencies, avoid the common misconception and naive planning approach of asking Government Agencies for their advice on business management mitigation, they are public sector staff and will only advice on what will assist Emergency Services Response.

Government agencies are experts within their respective fields and will advice on their responsibilities and systems in order to shape the scene for their arrival. Businesses can’t afford to leave mitigation to that advice, there will be emergency services Response Gaps, and after action litigation.  The private sector can educate staff and raise awareness with the aim of developing thinking time to respond effectively during the Emergency Services Response Gap and lower the criticality.  

Private sector professionals (stay away from academic theory based bluffers) are the best option for advice on business counter terrorism mitigation and understand what comes under the heading of Criticality.  Use the MoSCoW principle throughout the planning process.  

Write minutes on all meetings with Government Agency representatives, all personnel who attend meetings should receive a copy of the minutes, this approach acts as a record for future reference.

Example CT Policy Table designed to escalate in line with UK Government Threat Levels

When seconds count and emergency services are minutes away

4. Emergency Services Response Gap.

Prioritise mitigation to where the business can have a practical impact and what’s within your legal & duty of care responsibilities. Accept there will be an emergency services Response Gap and focus your efforts on that period of time. It could be 2 minutes or 15 minutes.

Employee and customer safety is the priority, focus on what can be achieved with staff situational awareness, risk communication and response procedures. Apply a unified approach to raising awareness of all staff, this will act as a mitigation multiplier and significantly improve the detection and response capability.

Liable actions will be instigated after the incident, all prior planning and mitigation taken & not taken will be assessed by the courts. The Black Swann event excuse is no longer a viable option.

5. Staff Numbers (Mainly for Event Planning)

Unless legally obliged or the budget allows, focus plans on utilising current resources (all staff), stay away from the increase numbers mantra. The MoSCoW principle will keep this consideration on track.

6. Tool Box Talks.

The number 1 proven terrorism & violent crime mitigation strategy is staff situational awareness. Use 2 to 5-minute toolbox talks, these work best at the start of a shift, delivered by a team leader, supervisor or management. It’s good practice to have a set of short briefs on Cue-cards, a white board or flip chart.  

7. Periods of Chaos.

If an attack happens, there will be a period of No Control and Chaos. Only individual actions by staff will be possible, it’s during this period that the subjects covered previously become critical information and effective action takes place.  The approach is called Mission Command and a tried and tested life saver.

8. Rapid Risk Communication.

Communication systems are a high priority and a Must Have.  Verbal communications is the number one method using radios, PA Systems, and face to face.

Minimal Extra Costs Involved


9. Effective Information.

All the above is achievable with minimal costs and far outweighed by the benefits, it’s all about arming all personnel with useful information and businesses implementing a policy to educate staff and maintain awareness.  The unified approach builds personnel & business resilience with the added value of mitigating other forms of workplace violence and assisting Government initiatives to create safe spaces for people and businesses to operate. 

10. Mind Set.

Think about changing your approach and use the Phrase Hybrid Attack Mitigation, Terrorism is just one form of a critical event, violent crime is a serious concern within the UK and incidents are happening affecting all parts of society.  By applying the above approach to modern threats of terrorism and violent crime, a business can improve its detection and response capabilities, and save lives.

11. Policy Escalation Option

A good option for large companies with thousands of staff and multiple sites, or stand-alone facilities with footfall in the thousands, can develop a policy that escalates with the UK Government Threat Levels. An example CT policy escalation chart can be viewed from this link

Mildot delivers private sector Counter-Terrorism courses and also provide consultancy options:

Business Solutions for Management, Security and Safety personnel.

Situational Awareness for Counter Terrorism & Violent Crime delivered to all staff. 

Published Sep 2018. Revision 3.  Oct 2020

See below security advisories to assist business


Call our team of security experts.

call now


Feel free to email any enquiries.

email us


Complete our online application form.