Martyn’s Law: A New Era of Responsibility for Businesses and Venues
Our personal safety is something we all rely on, whether we’re at a concert, shopping centre, or a small local event.
The Terrorism (Protection of Premises) Bill 2024, better known as Martyn’s Law, is set to change the way businesses and venues think about protecting the people they serve, as well as contractors and third parties who support such events.
Named after Martyn Hett, one of the victims of the Manchester Arena bombing in 2017, this new law marks a significant step towards making public spaces safer.
I know I’m not the only person who was surprised to learn that, up until now, organisations running events—and those providing venues—have had no legal responsibility to protect us from such risks.
At its core, Martyn’s Law will require venues and businesses to take greater responsibility for protecting people from potential terrorist threats.
This means places like sports arenas, concert venues, and busy shopping centres will need to assess risks and implement appropriate measures to mitigate them.
Part of ensuring event safety involves venue owners demonstrating that they have taken reasonable steps to prevent an attack on their premises or event.
Preventing attacks requires organisations to understand both the potential attackers’ modus operandi and their own physical and digital environments.
Most organisations and businesses across all sectors now rely on digital technology to function. Those with significant venues also manage complex physical environments that must operate seamlessly.
Bridging Physical and Digital Security
Each of these environments—physical and digital—can be targeted by those intent on causing harm. Only by identifying the gaps between attacker capabilities and the risks posed by these environments can organisations develop and execute a prioritised improvement plan.
Potential attackers often exploit weaknesses in an organisation’s digital environment to:
- Extract knowledge that aids in planning an attack.
- Facilitate the attack itself.
- Disrupt the response to the attack.
Organisations with mature practices in data protection, GDPR/DPA 2018 compliance, and cybersecurity may find they already meet many of the requirements outlined in Martyn’s Law. However, those without such practices in place could face significant additional work to ensure compliance.
How Cybata Can Help
Cybata is a specialist consultancy in data protection, privacy, and cybersecurity, supporting organisations in meeting their digital compliance responsibilities.
Whether it’s providing education and training, conducting a gap analysis, or advising on remediation measures, Cybata is here to help.