Protective security practitioners should refresh themselves of the Manchester Arena Inquiry Report, Volume One.  This Volume addresses the security arrangements at the Ariana Grande concert in Manchester (UK) associated with the terrorist attack in 2017.  It identifies missed opportunities that could have detected and deterred the terrorist or reduced the harm he caused.

Learning from tragedies is a sad necessity for continuous improvement in security and emergency risk management.  In the context of terrorism, professionally assessing and contextually applying the lessons from tragedies are essential requirements to mitigate the range of risks and improve personal safety and resilience.

Protective security practitioners should be considered as an integrated collective that comprises (but not limited to) security personnel, facilities management and venue operators.  Police officers involved in public events are also in this collective.

A Brief Recap

On 22 May 2017, 22 innocent people were murdered in Manchester at the end of a concert performed by the American artist, Ariana Grande.

The audience attracted over 14,000 people, many being teenagers and children.

The Reports states that the attack was carried out by Salman Abedi (identified in the Report as ‘SA’) aided by his younger brother Hashem Abedi (‘HA’).  HA encouraged and assisted his brother in the planning of the attack.  SA killed himself in the explosion.  He chose a place for the explosion where audience members would be meeting up with parents and others who had come to collect them.  He intended to kill many people.  The improvised explosive device (IED) was packed with nuts and bolts to act as shrapnel.

Besides the murdered victims, hundreds of other people at the venue were injured. Many victims suffer life‐changing physical and psychological trauma.  Others have horrible psychological pain.  The families of the victims will be affected for the rest of their lives.

There were acts of bravery by those who came to the assistance of the dying and the injured.  Many of the rescuers bear the scars of what they experienced.

Some of the important findings that need to be reflected on by physical protective security practitioners include:

Hostile Reconnaissance

For events like this concert, considerable and useful information for terrorists is available on the internet, viewed anywhere in the world before on-site hostile reconnaissance takes place.  Internet-based information can influence planners in their target selection from short-listed options and assist in planning the attack.

Typically for concerts and other major public events, the date of the concert, the venue, sometimes venue layout and intended audience profile are just a few of the facts in the public domain available to terrorists before an attack.  Site information is also available online other than official websites.

The term ‘hostile reconnaissance’ is used in the Report.  Hostile reconnaissance within policing and the security sector describes observation of a specific target by terrorists or other criminals as part of the planning of a hostile act on that target.

Hostile reconnaissance often involves multiple visits.

On 18 May, 21 May and on the afternoon of 22 May 2017, SA visited the Arena to carry out hostile reconnaissance.  These visits presented opportunities for security to detect, disrupt or deter him.

Because the CCTV was overwritten, it is not possible to know whether SA visited on earlier occasions prior to 15 April 2017.

On the night of the attack, SA had carried out final hostile reconnaissance of the Arena shortly after the doors opened.  His reconnaissance included staying in CCTV blind spots, the first time for 20 minutes and the second time for almost an hour.

Members of the public saw SA and thought he looked suspicious.  One person raised his concerns with a member of the security staff, but no effective action was taken in response.

Missed Opportunities

The Report stated identified that security arrangements for the Arena should have prevented or minimised the devastating impact of the Attack.  They failed to do so. There were opportunities which were missed leading to this failure.

The Report further stated that SA should have been identified on 22 May 2017 as a threat by those responsible for the security of the Arena and a disruptive intervention undertaken.


Volume One of the Report provides recommendations that should be fully examined by protective security practitioners.  The following are extracts of selected recommendations.

  1. Guard against complacency.

The Report stated that inadequate attention was paid to the national terrorist threat level by those directly concerned with security at the Arena.  The threat level was severe.  That meant that a terrorist attack was highly likely.

None of the people directly concerned with security at the Arena on 22 May 2017 considered it a realistic possibility that a terrorist attack would happen there.

  1. It is necessary to continuously remind those whose job includes being alert to the terrorist threat level and what that level means in relation to the possibility of an attack.

All risk assessments for large concert venues should include consideration of the risk of a terrorist attack.

  1. Robust procedures are necessary to counter the threat of a terrorist attack. The purposes of those procedures and the necessity of following them must be understood by those carrying them out.

The Report noted for necessary security procedures to be maintained, each person needs to be reminded of the counter-terrorism aspect of their activities.  The message that counter-terrorism measures are vital needs to be constantly reinforced.

  1. Those responsible for security should be briefed at every event about the current threat level and risk of terrorist attack.

The Report stated that those receiving the warning about the risk of attack have to be aware of the potential that they will become desensitised to the message.  Those giving the warning need to be aware of this and refresh the message so that it is sufficiently updated and relevant to attract the attention of the listener.

  1. Any and all suspicious behaviour by event-goers or members of the public close to a venue must be noted. It must be reported promptly so that investigations can be made, and action taken if appropriate.

The Report noted that when this recommendation is followed there will be false alarms.  While this may be frustrating, it is important that the way false alarms are dealt with does not discourage the reporting of suspicious behaviour.  This is an important aspect of security culture in any context.

If unnecessary reports are made, the remedy should be to train staff better to recognise suspicious behaviour, rather than criticise them for making the report.

It is not easy for staff, particularly junior ones, to make reports that they know may result in disruption to an event or inconvenience a large number of people. They need to be given the confidence to do so.

  1. Communication, coordination and co-operation between those with a responsibility for keeping the public safe.

The Report noted that one of the recurring themes of this Inquiry has been the need for co-operation between different people and organisations in the interests of everybody’s safety.

All employers are already under this duty by reason of the health and safety regime in relation to shared workspaces.

  1. Selecting appropriate staff.

It is critical that those undertaking these [counter terrorism] roles are selected with care.  This will include ensuring that they have the necessary maturity and confidence to speak up should the situation arise.

It should also include ensuring a background check proportionate to the role that they are undertaking has been conducted.

  1. Adequate training.

All people working in venues such as the Arena should be trained in the basics of counter terrorism.  The nature of the threat changes so it is important that there is regular refresher training.

The Reports

Protective security practitioners should read Volume One of the Report in full.

Please note that some may find the content of the reports distressing.

Volume Two of the Report (released November 2022) focuses largely on responses by emergency agencies.

Volume Three of the Manchester Arena Inquiry will consider whether the Security Service and Counter Terrorism Police could and should have prevented the Attack. It will examine whether and, if so how, SA became radicalised.

It will set out the steps which led to him being outside the concert with an improvised explosive device and what opportunities there may have been to disrupt, deter or divert him.

Parting Comments

Physical security vulnerabilities are anticipated by criminals.

Information about physical security vulnerabilities is sometimes accidentally, sometimes deliberately, provided to criminals by ‘trusted insiders’.

Physical security vulnerability assessments need to be holistic, objective and current.

Threat assessment, security and related systems, security operations, security posture, emergency communications, security and related emergency management training, precinct collaboration, police liaison, internet exposure are examples of elements that should be considered for a comprehensive physical security vulnerability assessment.

The Report’s findings and recommendations have relevancy to other property contexts that attract the public, for example CBD commercial office buildings, shopping centres and precincts, public hospitals, public transport, theatres, zoos, theme parks, holiday parks, government customer service offices and places of worship. Place management and risk management specialists at these properties should seriously examine the Report’s findings and recommendations for their specific contexts.

Planning for special events such as music festivals and periods such as the festive season should include a physical security vulnerability assessment.

Many venues have professional security management and experienced security personnel. Having an external consultant to provide fresh eyes, especially before and during a special or major event or period can make a significant and positive difference.

Assessments by independent consultants, expert in physical security vulnerability should be seriously considered. However, traditional and normative thinking that delivers typical risk assessments may not be fit for purpose.  This type of assessment requires left brain-right brain activity.



Geoff Harris, Principal Consultant – or Phone +61 2 9560 9933

Licensed security consultant – licence number 407641686


Integrated Security and Emergency Risk Management for Facilities, Crowded Places and Supply Networks.

Trusted independent security consultants since 1983

Master security licence 407642890



  1. The above article is of a general nature only, it is not a comprehensive analysis and not contextualised. The article is intended to stimulate and focus conversation on security and related risk management and in particular full reading of this Inquiry Report and other reports related to this attack.
  2. The discussion does not provide professional advice from us. Seek expert analysis and advice relevant to your specific context from trusted advisers. You are welcome to contact us.
  3. This article includes selected extracts of the Report, with some editing and commentary for blog and post purposes.
  4. The article may raise legal issues to contribute to relevance, but in no way provides expert legal opinion or professional legal advice.
  5. We do not provide endorsement or assessment on information or research provided by others that may be referenced in this blog or post.
  6. We do not claim intellectual property rights to reports, information or research sourced externally for this blog or post.
  7. We take no responsibility for privacy protection, cyber risks or associated legal obligations of websites linked in this blog or post.


Please Follow Us

Should you have a strategic, operational or compliance interest in the physical protection of people, infrastructure, property or supply chain, please ‘Follow us’ on LinkedIn.

By following us, you will receive important information pertaining to security and related emergency risk management.

Harris Security Management

 © Copyright. All rights reserved. Sydney, Australia 2022.