The U.K.’s terrorism landscape is constantly evolving. Security officials have acknowledged that new dynamics have made it more challenging to detect aspiring terrorists and prevent plots. In addition, recent incidents have prompted politicians and lawmakers to question the efficacy of existing legislation and introduce new laws that require organisations to take on greater responsibility to counter the terror threats confronting them.
MI5’s director, Ken McCallum, indicated in an update delivered in October 2024, that while the U.K. continues to face mostly Islamist extremist threats, followed by extreme right-wing threats, this categorisation no longer illustrates the wide range of beliefs and ideologies in play. Furthermore, he stated that British security services are encountering more unpredictable hostile threat actors that have only a loose understanding of the ideology they claim to have adopted. The director also noted that identifying credible plots is increasingly difficult due to the absence of claims of responsibility, the role of poor mental health, and the availability of extremist and inflammatory material online.
In July 2024, Axel Rudakubana launched a mass stabbing at a dance studio in Southport, northwest England, killing three and injuring seven. The attack embodied the changing terrorism landscape in the U.K. and the new obstacles confronting security services. In the aftermath of the attack, it emerged that Rudakubana was referred to the government’s Prevent counter-terrorism scheme three times before the incident. However, his apparent lack of adherence to a coherent ideology or ties to ideologically motivated groups contributed to opportunities to intervene being missed.
Following the Southport attack, Prime Minister Keir Starmer and Home Secretary Yvette Cooper announced plans to enhance the criminal justice system's ability to tackle violence-obsessed threat actors who are not driven by a specific ideology. This move aims to eliminate the divide between terror suspects and violence-obsessed actors by enabling arrests at any stage prior to an attack. Starmer also announced a public inquiry to investigate the "entire counter-extremist system" due to identified failings. Despite this, Home Office Minister Dan Jarvis declared that there will be no expansion of the official definition of extremism, even if the Southport attack demonstrated a need for "action on those drawn towards mixed ideologies and violence-obsessed young people".
Another example of an attack by a young adult focused on extreme violence was the Plymouth attack in 2021, where a 22-year-old shot and killed six people, including himself, as well as injuring others. The individual had expressed online that he was socially isolated and struggled to meet women – grievances that are becoming increasingly linked to acts of violence globally. Currently, the legal definition of terrorism requires a defendant to act or threaten to act "for the purpose of advancing a political, religious, racial or ideological cause", which does not cover the growing number of cases of self-directed attackers who are obsessed with violence.
The U.K.’s CONTEST counter-terrorism strategy is based on four principles:
Prevent: To stop people from becoming terrorists or supporting terrorism.
Pursue: To stop terrorist attacks from happening.
Protect: To strengthen our protection against a terrorist attack.
Prepare: To minimise the impact of a terrorist attack.
The aim of this strategy is to reduce the volume of terrorist attacks in the U.K., minimise the impact of any attacks that may occur, and allow people to live freely and in confidence. Despite the 2023 update to the strategy, stating that in the "face of an evolving threat", the system would be "even more agile", it has failed to address the growing threat of young men with an extreme fixation on violence. Therefore, Keir Starmer has launched an inquiry into the counter-terrorism system and its previous failings, stating that if the law needed to change “to recognise this new and dangerous threat”, then the government would “change it – and quickly”. This suggests new changes to the counter-terrorism strategies, namely the Prevent scheme, will be explored.
Furthermore, the recently enacted Protection of Premises Act (also known as Martyn’s Law) will increase the responsibility of public-facing businesses and organisations to protect their staff and patrons from terrorism. The Act aims to improve protection and preparedness by requiring the responsible parties to prepare certain events and premises against the risk of terrorism. Although the bill has now been given Royal Assent, it will not be implemented for at least 24 months, meaning that rules will not be in effect until April 2027 at the earliest. The bill has been designed to fortify the U.K.’s preparedness for, and protection from, terrorism and align with the four principles under CONTEST. Those responsible under the bill will be required to implement public protection procedures and measures, and as such be better prepared, ready to respond in the event of a terrorist attack.
Martyn’s Law will require organisations to undertake comprehensive risk assessments addressing the threat of terrorism to their premises or events, and to clearly define effective control measures. This includes accounting for currently underdefined categories of security risks in legislation – such as ideologically ambiguous or grievance-driven lone actors.
To assess risk effectively and implement proportionate mitigation strategies, it is essential that organisations understand their potential adversaries – whether ideologically motivated or not – and the methods they may employ. This may involve physical security enhancements, revised response protocols, and targeted training and awareness initiatives.
In the current threat landscape, a one-size-fits-all approach is no longer viable. Each organisation’s risk profile is shaped by a unique set of factors. Understanding what your organisation may represent to a hostile actor is more critical than ever, particularly as extreme ideologies are increasingly propagated online and expressed through acts of violence – often with only tenuous links between the attacker and the target.
The attacks on a dance class in Southport and a school in Luton illustrate this point. These institutions likely did not consider themselves viable targets – yet they were. In many respects, such incidents represent ‘terrorism in its purest form’, designed to provoke widespread societal anxiety. Similarly, it is unlikely that the victims of the Liverpool Women’s Hospital or the Fishmongers’ Hall attacks believed they were at risk.
These examples highlight the need for contextualised risk assessments that go beyond traditional conceptions of terrorism.
Terrorism evolves with trends. While certain ideologies may favour specific tactics, methods are constantly adapting and are often replicated across ideological lines. To mitigate the risk posed by all plausible threat actors, it is vital to understand their preferred modus operandi.
Ultimately, with the introduction of Martyn’s Law, there is now a heightened imperative for organisations to remain informed about changes in terrorism legislation, emerging threats within the U.K. and evolving attack methodologies. While compliance is essential, effective security risk management also plays a critical role in the most important aspect, which is preventing attacks and improving survivability in the event of an incident.
Alert:24 is WTW’s specialist security and crisis management advisory practice delivering intelligence, consulting, and training solutions that help identify, monitor, and manage security risk. If you would like to have a conversation with team to understand more about how they can support you in this evolving risk and regulatory landscape, please contact us.
