Counter-terrorism protective security: building preparedness for the unexpected

Why is it important for organisations to build capability in counter-terrorism protective security and preparedness?

The risk from terrorism is constantly evolving – from changing attack methodologies and target selection to the capabilities of hostile actors.

Incidents such as the Manchester Arena attack highlight the risks posed by inadequate preparedness and a mindset where staff assume “someone else will deal with that”.

Organisations should instead foster a culture where all staff – from frontline personnel to senior leadership – feel confident to question unusual situations and challenge activity that doesn’t feel right.

Organisations that consider the risk of terrorism, embed effective security systems, and prepare for disruption are often better equipped to respond not only to terrorism-related incidents, but also to wider operational, financial, and commercial threats.

The Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP) provides a strong foundation for organisations by developing awareness of attack methodologies, how attacks are prepared, what to look out for, and the importance of building the right organisational mindset.

Without going into sensitive detail, can you share an example of where effective preparedness made a real difference?

In my experience providing protective security advice for major events, one of the greatest risks is often the unpredictable.

While organisations can implement mitigations for known threats – such as entry searches or hostile vehicle mitigation measures – it is often unexpected incidents that place the greatest pressure on security operations. I always advise organisers of major multi-day events that, at some point, something unforeseen is likely to threaten to seriously compromise event security.

The ability to respond quickly and effectively is what makes the difference between a safe event and one where the safety of attendees or VIPs could be compromised.

For that reason, I strongly advocate the importance of contingency planning and encourage organisers to think carefully about how they would respond if things go wrong – particularly in relation to decision-making processes and escalation routes.

In high-pressure environments, what separates effective decision-making from ineffective responses?

Preparation is critical. Effective decision-making relies on:

• Clear planning before an event or incident
• A well-understood chain of command
• Defined roles and responsibilities
• Confidence to make decisions within agreed areas of responsibility

This becomes even more important during large-scale or high-profile events involving multiple agencies, locations, and operational teams.

Individuals responsible for different aspects of security – from hotels and venues, to secure transport movements and the personal protection of key attendees – must have a clear understanding of both the scope and limitations of their decision-making authority, without being hindered by unnecessary bureaucracy.

Ineffective decision-making often occurs where people do not fully understand their role, leading either to disproportionate responses – or, in some cases, no action being taken at all.

How important is it for professionals to understand the limits of their role in protective security?

No protective security professional can be an expert in every area.

Threats, attack methodologies, and technologies continue to evolve rapidly, influenced by developments in global conflict, cyber threats, and emerging technologies such as drones.

Because of this, seeking specialist support should be viewed as a normal and necessary part of effective protective security planning. When reviewing the security arrangements for a major event or organisation, I would reasonably expect any security professional to seek specialist support in one or more areas.

Understanding the limits of a role – and knowing when to escalate or seek expert advice – is an important part of effective preparedness.

If an organisation wanted to sense-check its current level of preparedness, what questions should it ask?

I’d encourage organisations to consider four key areas:

1. How do you respond to emerging threats?

Prepared organisations have clear frameworks for managing evolving threats and crises, rather than relying on ad hoc responses.

2. What is the culture of preparedness within your organisation?

Preparedness should be embedded into everyday operations – from staff training and awareness through to physical security checks and cyber hygiene.

3. How do you identify emerging threats?

Organisations should know how to access relevant intelligence, guidance, and trusted security information, and ensure it is effectively shared internally.

4. How do you learn from experience?

Prepared organisations regularly review what worked well, what didn’t, and how risks continue to evolve over time.

What have large-scale national events taught you about planning for the unexpected?

One of the biggest lessons I have learned is that organisations must plan not only for expected risks, but also for disruption that cannot always be predicted.

You need to plan for the unexpected, identify your contingencies, and make sure they are properly considered and resourced – you might not need them, but you never know…

I recall one major government summit hosted in a remote location. Once the event had concluded, the protected convoy transporting the host departed for the local airport via the only major route out of the area, while those responsible for security began reflecting on what had been a successful operation.

However, just 20 minutes from the airport, an entirely unrelated road traffic collision involving a tractor transporting hay bales, a caravan fire, and exploding gas canisters blocked the route completely.

The convoy was forced to divert immediately through narrow country lanes, demonstrating just how quickly operational plans can change – and why effective contingency planning is essential.