Lessons from Manchester: A Review of Volume 1 Manchester Arena Inquiry – an Australian perspective

The 20th anniversary of the 9/11 attacks is a poignant reminder of the horror that can be unleashed when terrorism is allowed to run its course. This event evoked a paradigm shift in the world of security, where intelligence-led policing (Phairoosch 2019), urban design, and policy have driven security awareness and adoption. At its core security is about understanding and mitigating threats or risks. Broader trends such as the decline in property crime, escalation of cybercrime and the heightened risk of lone wolf attacks (Spaaij 2010) provide a valuable contextual framework within which these risks can be analysed and control measures can be adopted into organisational policy and practice. Lone wolf attacks such as the recent knife attack in a New Zealand supermarket in June 2021, or the lone gunman that attacked and killed 51 people in Christchurch in 2019 are recent examples. The June 2021 release of Volume 1 of the Manchester Arena Inquiry Report presents another example of this type of attack on a crowded place, and with it a number of recommendations and lessons (Saunders 2021). This article aims to summarise some of these recommendations and draw out action points to asset owners, operators and event organisers; and in doing so provide an Australian perspective.

The Attack

The terrorist attack on the Manchester Arena was carried out on 22 May 2017 at the conclusion of an Ariana Grande concert using a Person Borne Improvised Explosive Device (PBIED), killing 22 innocent victims. The perpetrator, who killed himself in the process, detonated the PBIED close to the exit doors, targeting an area where a lot of the concert goers were meeting up with their parents or others who had come to collect them (Saunders 2021, p. 1).

Hostile reconnaissance

The Inquiry sets out that its objective is to reduce the risk of such an event happening again. Prior to the attack, the perpetrator carried out hostile reconnaissance of the venue by exploiting a blind spot in the CCTV coverage (Saunders 2021, p. 12). Hostile reconnaissance is used to describe observational activities that are undertaken by criminals or terrorists to identify opportunities of attacking a target or planning a hostile act. The detection of someone carrying out hostile reconnaissance is a critical part of any counter terrorism strategy and can be achieved through CCTV observation, security patrols or through public reports of suspicious activity. In the case of the Manchester attack, there were a number of missed opportunities from a security operations perspective on that fateful night, the most critical of these being the failure of security personnel to act following a concern expressed by a member of the public (Saunders 2021, p.28).

The shortcomings of the security operations in the specific instance of the Manchester Arena were compounded by a number of different stakeholders and service providers, each operating under commercial pressures to increase profitability and competitiveness, failing "to take necessary steps, some of which would have involved the spending of additional money, in order to provide a sufficient level of protection against the terrorist threat" (Saunders 2021, p. 45).

Enforcement of Security Licensing

The Inquiry found that a number of security industry licensing conditions were ignored, resulting in unlicensed individuals without the requisite qualifications carrying out searches and a failure to comply with the minimum stewards/staff to public ratio required to carry out crowd management and threat monitoring duties (Saunders 2021, p.52). These licensing breaches, despite being criminal offences carrying imprisonment terms, rely largely on information from police officers and public complaints in order to be identified and enforced. This is not dissimilar to the situation in Australia where a number of companies and designers continue to provide security services despite not having the requisite security license.

Voluntary systems are inadequate in providing a proper level of protection to the public

Similar to the Australian context with the Centre for Counter Terrorism Coordination, the advisory system in the UK operating under the National Security Council and CPNI, provides advisory services that are voluntarily enacted by asset owners. Furthermore, the system does not encompass service providers like the security guarding and personnel company, which may have benefited from the Counter Terrorism Security Advisor (CSTA) system (Saunders, p.57). The Inquiry found that a "voluntary system is inadequate to provide a proper level of protection to the public" (Saunders 2021, p.61). In terms of deficiencies, the Inquiry pointed out that the CCTV coverage was inadequate, there were issues with the efficacy of the security patrols, and there was inadequate co-operation between the various stakeholders, in particular the exclusion of security service providers from CSTA briefings.

The need to engage a Security Expert

The Inquiry report highlighted the need for the asset owners and operators to engage a security expert beyond the expertise provided by CTSA (Saunders 2021, p. 69). The role of the security expert is to undertake a comprehensive review of the security arrangements at Manchester Arena and the provision of subsequent advice and recommendations. The significance of the venue and the over one million people that attended events there each year meant that simply adopting industry standard practice is not adequate. Furthermore, the challenges unique to the architectural design and operational requirements of the Arena, required the engagement of an expert security consultant who could conduct a comprehensive risk assessment and provide counter terrorism control measures tailored to the Arena (Saunders 2021, p.70). The role of such a security expert would be to conduct a comprehensive review of all security measures and operations that would yield changes to how events were run in practice by interviewing and consulting all key security personnel. Such a comprehensive approach would also have identified inadequacies in the CCTV coverage, the security patrols and procedures, and may have prevented the attack or reduced the impact through measures such as extending the security perimeter and the deployment of search before entry security procedures (Saunders 2021, p.75).

Terrorism threat mitigation measures

The Inquiry specifies a non-exhaustive set of measures that in finds could have been utilised at the Manchester Arena in mitigating the threat of terrorism including risk assessment, training, hostile reconnaissance response, establishing a larger security perimeter, CCTV monitoring and better security patrols (Saunders 2021, p. 77).

Risk assessment

SMG had a generic risk assessment in place to cover its activities. This risk assessment failed to take into account the assessment of the risk of a terrorist attack, nor the control plan or in other words the measures, systems, processes, or procedures that need to be in place to mitigate the risk. While SMG did have a risk assessment for the Ariana Grande concert, this did not identify terrorism as a risk or a threat and "descended into a box ticking exercise" (Saunders 2021, p.78). An effective risk assessment would have identified the deficiencies in the security operations at the Arena. These include scope/coverage and operation of the CCTV cameras, definition of the security perimeter, scope/coverage and operational procedures for patrolling, effectiveness of communication between the various security stakeholders and the procedure for carrying out of a pre-egress check of areas - that was specifically identified as resulting in a missed opportunity to stop the attack. Almost all the stakeholders involved had their own risk assessments, however none of these were adequate and critically none of these documents were "being reviewed with the appropriate frequency at the time of the Attack" (Saunders 2021, p. 84). In other words, once the risk assessments were carried out, they were filed away and not used as an active live document that fed into the process of event planning and the ensuing operations. A comprehensive security risk assessment will provide a security risk management framework, that identifies risks posed by crime, cybercrime and terrorism and is driven by the specific context of the site or venue and the broader context of the terrorism threat level, which is Australia is provided via the National Terrorism Threat Advisory System, that is currently at 'Probable' on a five tier scale, as shown in Figure 1. The terrorism risks assessment is driven by these inputs and likewise the risk control plan for each threat identified changes with an increasing threat level. The Inquiry found that a significant oversight in the preparation of risk assessments was adopting a spreadsheet-based check-box approach and ignoring the "Severe" national threat level in the UK at the time (Saunders 2021, p.88).


The Inquiry found that the CCTV operators were not adequately trained for counter terrorism surveillance operations, whereas the stewards were provided online training in counter terrorism without an in-person component with a practical component (Saunders 2021, p. 96). Furthermore, the various service providers and the event managers did not undertake any joint training in counter terrorism, that may have drawn out the importance of operational communication and collaboration. The report also highlighted the importance of training refresher courses and operational briefings that reinforce the vital operational elements of counter terrorism, with a caution regarding the briefing message being ignored because of repetition of the same message (Saunders 2021, p.103). It is further recommended in the report that individual understanding of any online learning components need to be validated by providing staff with the opportunity to demonstrate their understanding in practice whether this be achieved through a period of mentorship or onsite training (Saunders 2021, p.103).

Figure 1. Australia's Current Terrorism Threat Level: 'Probable' (NTTAS)

The Inquiry report found deficiencies in the hostile reconnaissance response, establishment of an adequate security perimeter and effective operational use of Control rooms and CCTV to identify suspicious behaviour (Saunders 2021, pp.111-117). It considers the existence of CCTV blind spots and highlights the role of comprehensive risk assessments needing to identify these blind spots and mitigating the risks posed through upgrades to the CCTV system or accounting for the blind spots through operational means such as patrols and regular communications with the Control Room. Any operational requirements for Control Room staff need to be factored into the minimum resourcing for such operations, clearly distinguishing between requirements for event days as opposed to dark days (Saunders 2021, pp.117-131). Another contributing factor was the inadequacy of the security patrols, with no clearly defined patrol routes and operational procedures agreed upon by the event management team and the security service provider (Saunders 2021, pp.132-136).


In concluding Volume 1 of the Inquiry report, Saunders (2021) proffers a set of recommendations. Prime amongst these is the need to guard against complacency. Intelligence operations have matured significantly since the 9/11 attacks and national terrorism advisories provide a useful indication of the likelihood of a terrorist attack and this translates to being operationally alert to the threat of a terrorist attack. In keeping with this, every risk control plan must be designed so that every threat level has a specific set of risk control measures that are realised in operational practice. This is critical to successful counter terrorism, as distinct from an approach of analysing terrorism related risks in terms of likelihood and consequence and failing to do anything; because an almost never likelihood paired with a catastrophic consequence means that an unchanging risk factor becomes an excuse for complacency and inaction. This necessitates that risk assessments are not carried out as check-box exercises as part of event management, but rather a licensed security expert is retained to conduct comprehensive risk assessments for every venue and each event which involves significant numbers of people attending. A comprehensive security risk assessment will engage all security stakeholders and arrive at a risk control plan that can be utilised to derive a robust set of procedures, that can only be realised into practice if they are used as blueprints to provide training. Training needs to be effective, practically validated, regular and be delivered to all stakeholders. Additionally, security outcomes rely on effective strategies for communication, coordination, and co-operation between all the security stakeholders. In this regard, regular security workshops are useful forums to bring all the security stakeholders on the same page, to seek operational input to make security a practical reality and to build an organisational security culture. In Australia, there are valuable resources available to help with counter terrorism planning, but the engagement of a licensed security expert is critically important in understanding and implementing these within a security risk management framework. A summary set of recommendations for asset owners, operators and event managers is provided below.

Figure 2. Summary of recommendations for asset owners, operators and event managers

This cycle of risk assessments, risk control plans, security procedures and training should be reviewed on a regular basis so that contextual changes are being accounted for and security procedures remain proactive and relevant. The threat level, relevance and specific procedures should be an integral part of security briefings to all security stakeholders for every event. A key part of security procedures is the reporting and response around suspicious behaviour or events, which can be honed with counter terrorism training for security personnel such as CCTV operators, stewards, or patrol officers. Any hostile reconnaissance should be identified, recorded and reported to the National Security Hotline.

Saunders (2021, p.155) identifies that mitigating the risk of terrorist attacks begins in the planning and design stage for venues that accommodate large numbers of people. The engagement of a security expert and application of Crime Prevention Through Environmental Design (CPTED) methodologies at the design stage, as with crime, yields significant benefits in terms of terrorism attack risk mitigation, and from a commercial standpoint mitigates the need for expensive security after-measures or operational requirements, that multiply over the life of an asset.


Phairoosch, A 2019, Intelligence-led policing: interpretation, implementation and impact, Macquarie University, Sydney, Australia.

Spaaij, R 2010, 'The Enigma of Lone Wolf Terrorism: An Assessment' Studies in Conflict and Terrorism, vol. 33, no. 9, pp. 854-870, doi: 10.1080/1057610X.2010.501426.

Saunders, J 2021, 'Report of the Public Inquiry into the Attack on Manchester Arena on 22nd May 2017' Manchester Arena Inquiry Volume 1: Security for the Arena, available at: https://files.manchesterarenainquiry.org.uk