Case Study: Manchester Arena Bombing

by David Brook

On 22nd May 2017, the UK suffered its most deadly terrorist attack since the 7/7 London bombings when Salman Abedi detonated a suicide belt at the Manchester Arena. This atrocity led to the loss of twenty-two innocent lives and over 800 casualties with critics suggesting that this was due to flawed training practices and weak security procedures (Deeming, 2018).

Evidence presented to the Manchester Arena Inquiry has heard there were numerous missed opportunities to prevent, deter, detect, delay, or mitigate against the attack with questions raised about the quality of terror attack planning, levels of training, implementation of protective security measures and preparedness, and failures of police patrols and emergency services response (Manchester Arena Inquiry, 2020).

The events leading to the Manchester Arena atrocity were preceded by a timeline of UK terrorist attacks since 9/11:

  • 7/07/2005: Fifty-two people killed, and hundreds injured by suicide bombers in London. This demonstrates the impact of a Person Borne Improvised Explosive Device (PBIED) attack.
  • 30/07/2007: Five people injured during Vehicle as Weapon (VAW) Attack at Glasgow Airport.
  • 02/04/2011: Police officer killed by car bomb (IED) in Omagh.
  • 22/05/2013: Fusilier Lee Rigby killed near Woolwich barracks in south-west London. The hostility of this Marauding Terror Attack signified a change in attack methodologies.
  • 16/06/2016: MP Jo Cox murdered by a far-right extremist near her constituency office in Birstall, West Yorkshire. Again, another MTA.
  • 22/05/2017: Five people killed, and dozens injured in Westminster Bridge attack (combined VAW and MTA).

In my opinion as highlighted in assignment one this provides some evidence to support the assumption that returning ISIS inspired Jihadi’s present a real and significant threat to community safety. Evidence of this can also be seen across Europe with specific attacks in Berlin, Florida, Nice and Paris highlighting the vulnerability of Publicly Accessible Locations (PAL’s) to terrorist attacks.

This should have acted as a risk indicator due to the reality of the current threat and had a risk management model been implemented at the Manchester Arena then measures would have been implemented which either prevented or minimised the impact of the attack.

Once again, we see the notion and mobilisation of lone wolf attackers which reinforces the emergence of a fifth wave of terrorism.

As I reflect upon this timeline It makes me question if pre-attack intelligence was considered in context and if so, how this was built into the terror attack planning, training, and protective security measures at the Manchester Arena. It also raises questions re post event response and recovery.

During volume one of the inquiry Chairman Sir John Saunders highlighted missed opportunities for detecting or stopping Salman Abedi or reducing the harm that he caused. These included:

  • Missed opportunities to identify or respond to hostile reconnaissance,
  • Flawed training practices with security operatives blatantly bypassing the content of online counter terrorism courses,
  • Failures of venue management to adhere to their responsibilities, and the co-operability between stakeholders, including Manchester Arena, SMG, and Showsec,
  • Lack of regard to health and safety compliance in particular the absence of effective risk management protocols which considered the threat and risk of a terrorist attack including the failure to consult with expert counter terrorism police officers such as Counter Terrorism Support Advisors (CTSA’s) and the utilisation of stewards undertaking a SIA licensed role.

As I examine the volume one findings it appears that two possible hostile reconnaissance incidents were identified in the weeks leading up to the concert yet failures of communication between one security manager and another meant that no action was taken to improve protective security measures. In my view this complacent approach to security risk management highlights a lack of professionalism and understanding of the threat posed by the realism of this phenomena.

The flawed training practices raise numerous concerns, most notably that security operatives did not have the knowledge, skills, abilities, or behaviours to effectively undertake their roles. However, in my view this also identifies a failure to embed a learning culture into the organisation involved.

The lack of communication and inter-operability between stakeholders also raises issues relating to roles, responsibilities, and the issue of grey space. In my view this lack of clarity presents an element of risk however it appears that no visible attempts were made to implement reasonably practicable measures to mitigate against this risk. In my experience had the organisers consulted with their local CTSA’s then I am confident that this issue would have been flagged and risk mitigation measures implemented.

During volume two of the inquiry Chairman Sir John Saunders highlighted a number of failures of the emergency response to the suicide bombing stating that avoidable mistakes had been made. The failures in emergency response included the facts that:

  • No-one declared a major incident,
  • Fire crews took more than two hours to attend,
  • The number of paramedics were not sufficient for the scale of the event,
  • There were failures to set up triage facilities to support life-saving interventions,
  • Communication between emergency responders was poor with no single multi-agency rendezvous point, control room, and forward command post,
  • First aid training was inadequate with staff lacking qualifications, skills, and experience.

The failure of the police, fire, and ambulance services to respond to the Manchester Arena incident suggest that they failed to adopt and implement the Joint Emergency Services Interoperability Principles (JESIP). In my view had they applied the five key concepts:

  • Co-location,
  • Communication,
  • Co-ordination,
  • Joint understanding of risk,
  • Shared situational awareness,

then it is possible that lives would have been saved.

The scathing reports which followed publication of volumes one and two will hopefully serve as a wakeup call for all those involved in providing protective wrap round security measures across PAL’s.

With volume three due to consider whether the Security Service and Counter Terrorism Police could and should have prevented the attack this will no doubt lead to further calls to overhaul the approach to security and event management protocols.

I work for SecuriGroup, a large security and event company with over 3000 staff working across all of the UK, including North Ireland and the Republic of Ireland. We provide security and protective services to a diverse range of clients protecting politicians, critical infrastructure, and many other high-profile venues. Undoubtedly the findings from this inquiry will have a huge impact on our organisation as we respond to the lessons to learn.

With the anticipation of the Protect Duty (Martyn’s Law) also expected during the next 12 months I envisage that we will build on existing protocols and continue to drive our approach through our commitment to public safety. We have already invested heavily in our approach to training and security risk management, and I believe that this will ensure that we are in a healthy position once the Protect Duty is implemented.

Volume one of the Manchester Arena Inquiry exposed the risks associated with non-engagement and flawed practice interventions which in my view highlights the need for a complete overhaul of the Private Security Industry (PSI) and its approach to managing the learning and development functions. Whilst the Security Industry Authority (SIA) have made recent improvements with regards the introduction of top up training in my view this does not go far enough. I believe we need a radical overhaul of the training and development functions within the industry.

In conclusion the overarching theme of the Manchester Arena inquiry is one of catastrophic failure and this should serve as a timely reminder for all stakeholders that lessons need to be learned. In my view the solutions are clear. These include:

  • Taking purposeful action to raise professional standards and reinforce a shared commitment to protective security measures and levels of ‘preparedness’,
  • Introduce a licenced Security consultant role to ensure compliance across all publicly accessible locations,
  • Develop ‘Centres of excellence’ for safety, security, and service to benchmark best practice,
  • Introduce structured Career Development Pathways, to support progression routes,
  • Introduce mandatory education and training across all levels of the private security industry,
  • Embrace a system of consequences to address the issue of non-engagement to mandatory education and training,
  • Reward those who engage in education and training through career progression routes,
  • Provide real work time opportunities to support learning and professional development ensuring that staff are paid when they take part in mandatory training,
  • Support education and training with scenario and competency-based learning,
  • Introduce a system of on the job mentoring to ensure that learners can develop the confidence in their abilities, and transfer knowledge into workplace competencies,
  • Introduce a learner passport which will be checked at live venues by an independent body,
  • Introduce mandatory upskilling of industry trainers with a requirement to align to the twenty professional standards for further education,
  • Encourage membership of a professional body to maintain currency of knowledge, support the expansion of professional networks and build upon existing best practice.

With the PSI currently facing the combined risks of:

  • Fallout from the Coronavirus pandemic,
  • Threats to national security through domestic and international terrorism and,
  • The uncertainties of a post Brexit future,

lessons need to be learned across this sector, to ensure that all organisations and employees have the knowledge, skills, abilities, and behaviours to enable them to deliver a professional service which mitigate risk and meets the demands of the twenty first century.


  • Deeming, H. (2018). The Kerslake Report: An independent review into the preparedness for, and emergency response to, the Manchester Arena attack on 22nd May 2017. Retrieved from (PDF) The Kerslake Report: An independent review into the preparedness for, and emergency response to, the Manchester Arena attack on 22nd May 2017 (
  • Joint Emergency Services Interoperability Principles. (2013). Working together, saving lives. Retrieved from
  • Manchester Inquiry. (2020). The Manchester Arena Inquiry. Retrieved from