Security Radar 2025

Foreword

Collaboration will reshape the future of security, with momentum for that will continue to build.

Professor Martin Gill Professor of Criminology, Director of Perpetuity Research, and Founder of the OSPAs and TECAs

Last year was a year of foundations. Rising retail crime and high-profile incidents sharpened awareness of risks organisations face and the importance of resilience to their security response. Legislation such as the Worker Protection Act and the Terrorism (Protection of Premises) Act 2025 (commonly referred to as ‘Martyn’s Law’) have brought security into sharper focus at board level. The industry also began to show that it could do more than respond – it could lead.

That groundwork has set the stage for the next 12 months. This year feels different: momentum is building. Government, policing and private security are more aligned than ever before. Moreover, more state agencies recognise that collaboration is no longer a choice but a necessity. New initiatives, such as Project Pegasus, have demonstrated how intelligence sharing tackles prolific offenders.

As well as targeted collaborative initiatives, the CEOs of leading security firms are now working together to set higher standards. And new laws, like Martyn’s Law, are raising the bar for every organisation, placing prevention and preparedness at the heart of security.

“For buyers of security, industry momentum means higher standards, smarter intelligence and stronger protection.”

For organisations procuring security, these changes matter. The officers on your sites are part of a sector that is professionalising at pace – better trained, better connected and better equipped to protect your people, assets and reputation. What once felt like a fragmented industry is beginning to speak with one voice, benefitting you, your customers and the wider public.

Challenges remain: the security sector must address its image, overcome fragmentation and present clearer evidence of value. But the direction of travel is clear. Security is no longer a support service working in the background – it is a trusted partner in enabling safer communities and more resilient organisations.

The next 12 months is the time to convert momentum into measurable change through enhanced collaboration. The opportunity is here: to elevate standards, to build stronger partnerships, to present a more coordinated sector to government and to show that the true value of security is as much about enhancing customer value as it is about keeping people safe.

1. Security strategy

The next 12 months will see more collaboration and interoperability to deliver better public safety.

Shaun Hipgrave Director Protect and Prepare, Homeland Security Group, (HSG) Home Office

In 2024’s Security Radar, Mitie’s Jason Towse said the security industry of tomorrow would be “more collaborative, professional and technology-led.” That still stands. What’s changed in the last 12 months, however, is the focus, context and accountability.

We (UK government) have moved the Security Industry Authority (SIA) into the Homeland Security Group (Home Office). Regulation of officers’ licenses and the venue obligations under Martyn’s Law now sit under one minister and one protective-security conversation, rather than in silos. That’s not admin tidying; it’s intent. It raises the bar on standards and puts public safety at the top of the agenda.

There is more work out there – more venues, more events – but parts of the sector still carry malpractice (training shortcuts, tax issues) and a mindset where cost trumps everything. That has to change if we want the SIA badge to mean something for the public – a visible “haven for safety” that people can trust. Licensing the right people, doing proper checks and improving training quality are all vital for safer communities.

“Security isn’t about hitting targets or chasing contracts – it’s about better public safety. That must be our North Star.”

My focus for the next 12 months

1) Public safety as the North Star
If an initiative doesn’t make the public safer, it’s noise. That is how I judge policy and how organisations should judge propositions. The minister, Dan Jarvis, has tasked the SIA to tackle malpractice – from poor training to weak checks and business licensing – so the licence signals trust and competence. The regulator shift enables alignment of venue duties and officer standards to achieve the Government’s goal of better public safety.

2) Collaboration, with one voice
Competition is healthy, fragmentation isn’t. Aviation and defence show you can compete commercially yet present a single, credible voice to government. I expect the security sector to organise itself accordingly and for buyers to lean in. The apprenticeship levy is under-used; collaboration is how we turn levy cash into real skills and career pathways.

3) Quality over quantity when it comes to professionalism and skills
We have around half a million licence holders; the task is raising the floor, not chasing raw numbers. Priorities are to clean up training, strengthen vetting and business licensing, and evidence competence beyond the bare minimums. When the public sees an SIA badge, I want them to know they can approach that person for help and get it.

4) Interoperability, not islands
Control rooms with thousands of cameras can’t be monitored by human eyes alone. We need AI-enabled detection feeding officers who are trained to act. This must all be within a single, rehearsed plan that spans venue operations, street environment and policing. One plan, where prevention and response are designed together.

5) Educated buying
Specify outcomes, not hours. If you procure security solely on unit cost, you will get box-ticking. If you procure for public safety outcomes (i.e. prevention metrics, near-miss capture, joint exercises, evidence quality) you will drive the behaviour this industry needs.

The three priorities I’m asking everyone to adopt are public safety, collaboration and interoperability. Make them practical. Ensure we coordinate under a single industry voice, raise standards and training, and consider people, tech and procedures as one. That is how we will deliver safer communities for the public.

2. Legislative change

The next 12 months will see organisations be held accountable. Those that are proactive will reap the benefits. 

Barrie Millett Director of Assurance and Corporate Security, Mitie

Paul Furnell Director, Safeguarding and Safer Communities, Mitie

With new security legislation coming into effect, organisations no longer have a choice about how much resource they should allocate to preparation. Now the onus is on demonstrating proof of proactive compliance.

Martyn’s Law is now on the statute book, with regulator and Home Office guidance being finalised and a phased implementation in place. The Worker Protection Act (WPA) changes mean employers must show reasonable, anticipatory steps on harassment. And national security guidance asks the private security industry to test who we work for and why. The next 12 to 24 months are about demonstrating how you are preparing for and are adhering to the legislation.

What’s changed? And why does it matter?

We’re already seeing management boards of organisations start to ask a different question about their security provisions: not “Do we have a policy?” but “Can we evidence what we do, who owns it and whether it works?” 

For Martyn’s Law, that means proportionate procedures, regularly reviewed, exercised and recorded. For the WPA, it means treating unwanted behaviour (including from third parties where relevant) as a live safety risk. And for laws regarding state threats, it means applying clear and well-managed checks so security teams don’t unintentionally help criminals or Nation State Actors. The common thread is accountability you can demonstrate.

Starting with the Worker Protection Act, what do organisations need to think about and action now?

• Evidence beats assertion: “Reasonable steps” and “proportionate measures” aren’t tick-boxes; they’re a defensible programme in court. Start with a risk assessment, add targeted training and scenarios, and keep a dated audit trail showing decisions, actions and re-tests. Regulators don’t expect perfection – they expect progress you can prove.

• Don’t mark your own homework: Bring in independent consultation on complex security legislation like Violence Against Women and Girls (VAWG), the night-time economy, public-facing venues or complex estates. A short, external stress test does two jobs: it improves outcomes and gives your board (and, if needed, a tribunal) confidence that your approach stands up.

• Join up HR and security: Too many organisations separate people issues from security risk. Patterns in grievances, exit interviews and incident logs (handled lawfully and purpose-limited) are protective intelligence. Share them with safeguarding and security teams so you can prevent harm, rather than just respond. 

• Expect reporting to rise first: When you launch new channels, training or personal safety tools like WalkSafe, incident reporting should also go up. Treat that as a culture KPI. What matters is what you do next: support for individuals, timely investigations, resolution of incidents and learning loops.

• Upskill the front line: Your officers, hosts and supervisors need to be able to recognise behaviours linked to harassment and know exactly how to escalate. That training protects people and gives you actionable evidence when things go wrong.

“Security laws have moved from ‘coming soon’ to ‘prove it.’ Your best defence is a clear evidence trail of proactive steps – across HR, legal and security – not a policy on a shelf.”

And for Martyn’s Law, what are the key actions organisations must consider and start taking?

• Act early for maximum preparedness: Use the current guidance from the Home Office as a starting point and review your existing procedures now to spot gaps and take action. This will give you time to test and adjust before the end of the implementation phase, which will likely not be before April 2027.

• Stay up to date on progress: Either by partnering with an independent expert, or dedicating your own resource. It’s important to stay close to the progress and any future changes in guidance to be sure you aren’t caught out when the implementation phase is over.

• Clearly define expectations: Make sure your on-site teams know what is expected of them, and provide training when and where appropriate. A good place to start is the Action Counter Terrorism (ACT) training, provided by UK Government.

• Align from top to bottom: Martyn’s Law will have a major financial implications for organisations that don’t comply, so it’s vital that everyone understands what is needed, from the top down.

In terms of the National Security Act, recent guidance underpins the fact that security professionals may be attractive to state actors looking to undertake malign activity in the UK and you may be at risk of committing an offence under new legislation. 

We can all help to harden our society against state threats. 

• Be vigilant: have an awareness of state threats activity and the signs you can look out for. 

• Due diligence: you should establish who your client is and whether they are part of a foreign power. 

• Spread the word: tell those who work across the sector about the legislation and how to comply. 

The real test for this coming year is the day-to-day experience of staff and visitors. Build proportionate measures, clear accountability and a visible evidence trail. You’ll not only remain compliant, but deliver safer outcomes and more resilient operations.

3. Violence against women and girls

Progress on VAWG will be defined by incident reporting and collective action.

Emma Kay Founder and CEO of WalkSafe

Despite recent legislative progress, such as the Crime and Policing Bill in July 2025 making it illegal to depict any act of strangulation within pornography, the UK still has a long way to go in order to meet its commitment of halving violence against women and girls (VAWG) within a decade.

Refuge, the largest specialist domestic abuse organisation in the UK, reports a 9% rise in strangulation of women and girls aged 16-25 from the previous year, suggesting that the problem is worsening, not improving.

On the one hand, public awareness of VAWG is rising. In March 2025, Netflix’s award-winning Adolescence gave many parents a chilling wake-up call. A week later, Sir Gareth Southgate’s Richard Dimbleby Lecture kept the issue of toxic masculinity and unhealthy online habits in the spotlight. Yet, on the other hand, increasing polarisation across the mainstream and social media landscape threatens to drown out these warnings. In fact, a recent Ipsos UK survey found that over half (51%) of respondents think VAWG levels are actually increasing.

Cuts to public funding are an obvious issue. Another is the lack of alignment between stakeholder groups, such as business improvement districts (BIDs), policing, councils, and private organisations. The result is a “postcode lottery” of safety initiatives, with some communities better served than others, while marginalised groups risk being further left behind.

“There is no such thing as “low-level” data. Given that perpetrators often start small before escalating their behaviours, every incident matters and should be reported.”

Right now, too much goes unreported. That means we can’t see the full scale of the problem or tackle it effectively. And let’s be clear: there is no such thing as “low-level” data. Given that perpetrators often start small before escalating their behaviours, every incident matters and should be documented. Sharing this information with existing databases, such as policing, private security and organisations own data, enables earlier interventions and safer outcomes. This burden shouldn’t be left solely to women. More men, whether witnesses, colleagues or community members, must take action and share the responsibility for change.

Organisations will have to step up. With the introduction of the Worker Protection Act in 2024, and with public funding stretched, private sector leaders must do more to prioritise safety not just at work, but on commutes and at events. Those who do so will not only see indirect benefits, such as better retention rates or a happier workforce. These actions will have a ripple effect across society, shaping attitudes and expectations beyond the office.

The next 12 months will require a more coordinated and sustained approach. Councils, policing, BIDs, charities and private sector organisations will be expected to lead the charge. But as individuals, we have a responsibility to do better and help deliver meaningful progress.

4. Rising extremism

The tempo and complexity of extremism has evolved, security has to collaborate and act fast to combat it.

Abu Ahmed Deputy Director, Head of Joint Security & Resilience Centre

The threat picture has broadened significantly. The current landscape is an overlapping mix of extremist activity, misinformation, disinformation, organised crime and hostile state activity – with social media able to turn local flashpoints into national flair ups rapidly.

Most protests are lawful, but the operational reality is delicate: policing resources are stretched, tensions are high and a single clip online can escalate faster than our ability to police it.

So how do we respond? First, by widening the lens. We [UK government] have consciously shifted from a terrorism-only frame to a whole-of-society approach. We need government, police, businesses and communities pulling together because the solutions live in that overlap between knowledge, intel, and capabilities. That means drawing on local expertise, building durable partnerships and coupling proportionate regulation with practical support.

Second, we have to balance tech and human judgement. In my Home Office role, I see world-class innovation across the UK that can help police, protect venues, and strengthen borders; our security sector is an export success story, and that capability matters domestically as much as it does for UK PLC.

“We’re all doing this in the eye of a potential media storm.”

Despite challenges, there is significant, positive progress. Clearer duties (e.g., Martyn’s Law risk assessments) and new levers (the Online Safety Act strengthening Ofcom’s hand on disinformation and misinformation) are raising standards and accountability. But paperwork isn’t the point – implementation is.

Practically for organisations, they should work to build a joint plan with local police and authorities; map lawful protest scenarios alongside disorder triggers; stand up real-time social monitoring and a plain-English comms playbook; use national guidance (e.g., ProtectUK) and stress-test roles and responsibilities under Martyn’s Law; and prioritise tech that shortens time-to-insight without sidelining human decision-making.

Strategically, leadership is key. Leaders in businesses and organisations need the emotional intelligence to navigate polarisation within their own workforce, set values clearly, and communicate with their people when protests or online storms land at their front door. The aim isn’t to eliminate risk – it’s to be agile, proportionate and trusted when it counts.

5. Next-gen threats

Organisations will need to adopt a new risk management playbook to get ahead of next-gen security threats.

Rachel Webb Chartered Security Professional and Professional Doctorate candidate in Security Risk Management

While emerging tech and AI are often hailed as the solution to a range of operational challenges, what’s less discussed is how these technologies are changing the threat landscape, or how we can mitigate against the risks these technologies themselves present.

From AI-driven disinformation and cyber-enabled physical attacks to 3D-printed weaponry and autonomous drone incursions, organisations will need to embed new practices into their existing processes and empower younger, digitally native generations to rethink security from the ground up.

The next-gen threat landscape is complex and fast-moving. The line between cyber and physical threats is blurred, leaving organisations exposed on multiple fronts. A single cyber attack could disable physical security controls, and coupled with AI-generated deepfakes or fake news, could incite real-world physical unrest. The Southport tragedy, and the unrest that followed, is a chilling example of the effects of rapidly spreading disinformation.

Autonomous drone incursions are another example of how threats are evolving. Future attacks will be scheduled, programmed and deployed remotely, making them both faceless and increasingly sophisticated. Criminals using these techniques are only going to get more intuitive and devious.

Organisations need a new risk management playbook with diversity and inclusivity at its heart. It should hold insights gathered from different voices throughout the organisation, not just those who have traditionally made decisions. In particular, I think the Gen Z workforce will add a lot of value.

“The next-gen risk management playbook isn’t about predicting every threat – it’s about building the adaptability and culture to face whatever comes next.”

So, what are the key characteristics of this new playbook?

1) Cross-domain thinking
Next-gen threats aren’t just for IT or security teams to manage. Everyone has a part to play, whether they’re in HR, recruitment, marketing, sales, procurement or something else. Build this culture of resilience by weaving security messages into training, company meetings and internal comms.

2) Cross-domain information sharing
Share insights beyond security teams. For example, a report on violence against women and girls (VAWG) informs risk policies and also recruitment and retention strategies – such as whether Gen Z workers are more engaged with employers who publicly champion safety initiatives.

3) Continuous skills development
Blend traditional security expertise with modern tech literacy. Upskill leaders through education from tech specialists, for example, drone hobbyists coming into the workplace and explaining the practicalities of landing a drone on a roof. Similarly, beat the echo chamber by creating regular forums where Gen Z employees share next-gen threat insights directly with senior leadership.

4) Scenario-based exercises
Push the boundaries of exercises with next-gen threat scenarios. For instance, drop a hypothetical drone incursion into a crowd control exercise or empower Gen Z employees to design attack simulations that challenge leadership assumptions and typical exercises.

5) Adaptive risk frameworks
Any good security professional will say that your risk frameworks need to be constantly updated. That’s nothing new, but there’s now a need to go further. It’s imperative to start stress-testing them with unknown and “what-if” threats in order to learn what really works and what doesn’t from a security standpoint.

Resilience is built on people. In the next 12 months, the organisations that thrive won’t just buy the latest tools; they’ll invest in skills, talent and partnerships. The next-gen risk management playbook isn’t about predicting every threat – it’s about building the adaptability and culture to face whatever comes next.

6. Technology and AI

This is the year of technology evolution, not revolution. The formula for security tech success will be adopting tools that deliver true business value, not just the latest innovation.

Christian Watts Director, Mitie Fire and Security Systems

Last year we advised to get moving with new technology to protect your organisation and be sure you don’t get left behind. We were proved right; steady AI adoption nudged security from reactive to predictive: fewer false alarms, earlier detection, faster investigations and lower operating expenses. Now, the conversation shifts from “What tech do we need?” to “How can that technology drive more effective and efficient security?”

Organisations need to be smart. Both the private sector and policing need clear use cases and measurable KPIs. That means pairing real world goals with performance metrics (incident reduction, time-to-evidence, false alarm rates, operator productivity) and trust metrics (transparency, auditability) to make sure investment is working. And yes, this requires an understanding of which technologies are actually worth the investment. There are thousands of AI tools promising the earth. It’s a bit of a Wild West. The antidote is partnering with people who cut through the noise, bring the right big-tech links and proven deployments and help you test before you scale.

The tech challenge varies by estate. Greenfield control rooms can be stacked with automation from day one – AI-enabled video, smart sensors, integrated platforms – to monitor better and prepare evidence faster. Legacy sites, especially in the UK, where outdated systems are rife, face trickier retrofits. But the answer isn’t rip-and-replace, it’s continuous improvement with thought-out, sequenced upgrades that avoid costly rework and keep services running.

Of course, AI is stealing all the headlines. And it is already paying off to those embracing it (and pairing investment with results). It’s helping automate manual checks, correlating large data sets across sensors and systems, speeding operator decisions, containing incidents quicker and testing virtual scenarios with predictive analytics and digital twins. It’s helping drive down false alarms and operating costs. As adoption ramps up, we expect early generative AI pilots in control rooms – for example, natural-language queries and assistants that help collate evidence.

“There’s no tech or AI ‘big bang’ – this is a year of evolution.”

There are plenty of challenges alongside that promise, but don’t let the headwinds stall you. Ethics, safety, trust and evolving legislation become powerful enablers when handled well, and much of that comes down to training. With AI, there’s a steep learning curve for security professionals, so those organisations that truly understand the technology and its application will be best placed to upskill their teams. Long story short, there won’t be an AI “big bang”. This year and beyond it’s all about steady progress and evolution.

The technology conversation is not all about AI. The rest of your tech stack – including remote diagnostics tools, cloud and software-as-a-service platforms, security reporting platforms, building management systems (BMS) and the wider property tech stack – improves uptime and reduces lifecycle cost. The combined impact is more than the sum of its parts. When access control, CCTV, fire, HVAC, lighting and lifts talk to each other, operators get a calmer, clearer workspace – fewer surprises, fewer engineer call-outs, more days where everything just works.

In summary, the next 12 months will reward organisations that adopt technologies delivering meaningful business value, not just noise.

7. Integrating private security and law enforcement

Coordinated information sharing will enable more effective police deployment and real consequences for crime.

Jason Towse Managing Director, Mitie Business Services

The Pegasus Partnership is a collaboration between retailers and policing to tackle shop theft through improved information sharing. It enables law enforcement to deploy resources where they are needed most. In its first year of operation, the initiative saw 148 arrests and a 50% reduction in offending from organised crime groups. This demonstrates that when private security works alongside policing, prolific offenders can be brought to justice at pace. The next year is about scaling that blueprint into a more unified, everyday model of public safety.

The gap between law enforcement and private security has been closing for some time now. Thanks to initiatives like the Police Retail Crime Action Plan in 2023 and the Government Crime Action Plan in October 2023 (underpinned by the Pegasus Partnership), integration is improving across the board. It’s not perfect; policing remains largely tactical, and while the first phase of the government’s £200 million investment to boost neighbourhood policing has been delivered, progress is yet to be felt on the ground. But the launch of the ‘Tackling Retail Crime Together’ retail crime strategy alongside Minister of State for Crime, Policing and Fire, Dame Diana Johnson, shows a positive direction of travel.

The most important shift in the new strategy is moving from ad-hoc information sharing to always-on collaboration. This takes form in what the strategy calls a “fusion cell”. This fusion cell is hosted by law enforcement and provides an end point for all intelligence relating to retail crime. It enables aggregated data to be ‘fused’ and used to inform enforcement activity by agencies including police and trading standards. Crucially, this approach is inclusive by design. While organisations compete commercially, the model allows them to collaborate against common offenders while sharing only criminal-activity data (not consumer data).

The Transport sector shows what good looks like. Rail has one national police partner, so it’s easier to agree hotspots, plan patrols and follow through. I expect that model to spread. In business districts, shopping centres and leisure venues, the goal is to organise locally so we speak to police as one group, not dozens of separate sites. Organisations could look to better utilise Business Crime Reduction Partnerships (BCRPs), who work with police and the local authority to tackle and reduce crime and disorder affecting businesses and the wider community.

“With retailers and businesses working together to share anonymised data, policing is getting the intelligence needed to make our shops safer.”

Remember that evidence is what secures police time. Anecdotes and hearsay aren’t enough; usable evidence is. The bar is simple: could the police act on the information provided, without having to ring the location for more information? That requires labelled video clips, short notes, clear timelines and statements. When every incident is “arrest-ready” and provided in a timely manner, arrests, charges and sentencing follow.

Beyond retail, sectors like finance and professional services face organised protest and disruption. Responses can be inconsistent if each building acts alone. The fix is to convene local groups that bring property, security, legal and comms together with police on a regular cadence. One organised forum with agreed priorities and escalation routes will always beat many uncoordinated requests.

Perhaps the biggest change is cultural. Collaboration is now required between retailers, landlords, centre managers, transport operators, technology providers, policing and private security providers. To keep these stakeholder aligned, it’s important to agree what data is shared, how privacy is protected, and to use neutral, interoperable systems so everyone can contribute. That’s how collaboration stops being a project and becomes part of how we keep communities safe.

What organisations should do now

• Plug into the feeds. Ensure your incident platform can export structured data (ideally via API) into local or sector “fusion” arrangements. Ensure it works to commonly agreed standards and be clear on what you’ll share, what you won’t, and who signs it off.

• Make incidents arrest-ready. Audit CCTV, digital evidence and statement workflows against the “act today” test. Train and quality-assure to that standard, ensuring you have the right skill sets in the building to provide evidence ready packages.

• Convene your patch. In business districts, retail parks and mixed-use sites, set up a working group if there isn’t one to collaborate and present information to police as one, rather than going to the police individually or ad-hoc. If a group exists, join it and help make it more effective.

• Focus on the right interventions. To see real change, we need to break the cycle of offending. Look into civil remedies and support that aims to rehabilitate offenders, as this may prove more effective than prison time for some prolific offenders.

• Measure consequence, not clicks. Track arrests, charges and sentencing weeks alongside incidents and shrink; focus effort where collaboration changes outcomes.

The bottom line? The next 12 months is the time integration becomes infrastructure. Organisations that share clean data, present ready-to-use evidence and act as conveners (not just customers) will see the biggest gains in visible policing and real consequences for crime.

The time for action

Being reactive is not enough. Organisations must act.

Mitie’s Security Radar 2025 highlights, through seven key priorities, that the UK security landscape has changed, and will continue to change, at rapid pace. For organisations it is a business imperative that they understand how these changes impact them, their colleagues, and their community. Now is the time for action. Working together to enable safer communities in which everyone can thrive.