Countering Hybrid
Threats: Strategic Insights from Simon Martindill in Security Journal UK
In a featured analysis with Security Journal United Kingdom (SJUK), Simon Martindill, Head of G4S UK Academy, shares how modern industrial security must evolve to meet hybrid security threats.
03 Mar 2026
In previous decades, industrial security was characterised primarily by the physical strength of perimeters and the presence of guards. While protests were typically visible groups picketing outside with placards. Manufacturing sites have long been a focal point for such activity. With protesters having the ability to cause severe financial impact by disrupting critical supply chain links at the source. However, in 2026 the concept of a traditional perimeter and a traditional protest has fundamentally changed.
Modern protests have moved away from simple, spontaneous gatherings. They are now highly coordinated operations that blend digital tactics with physical disruption. Modern industrial security now requires a new approach to counter the ‘hybrid’ protest threat of insider infiltration, digital mobilisation and coordinated physical disruption.
To remain relevant, security strategies must shift towards a model of unified resilience - a pre-emptive defence that integrates physical, digital and human intelligence.
The lifecycle of a hybrid protest campaign
Disruption campaigns often begin months in advance in encrypted online spaces, where activists research corporate vulnerabilities, supply chain chokepoints and executive movements.
A central tactic is insider infiltration. Operatives with clean records secure employment to map layouts, identify security gaps and leak schematics or shift patterns to external cells. By the time a physical disruption occurs, organisers often have detailed knowledge of security blind spots. These operations are increasingly shaped by strategic convergence, with separate groups forming coalitions to share resources, tactics and intelligence, strengthening coordination and impact.
Targeting the leadership and supply chain
The modern threat now extends far beyond the facility fence line. Hybrid tactics involve targeting corporate leadership during travel or at private residences, utilising a coordinated combination of physical surveillance and digital agitation. Recently a water company had to assign a specialist bodyguard to its chief executive following a surge in targeted threats. While the chief executive of another utility company was confronted at a London railway station by an activist group.
Supply chain vulnerability represents another critical frontline. Disruption occurs during transit and at distribution hubs. Various decentralised movements have demonstrated surgical precision, using insider knowledge to target infrastructure and disable logistics networks. Whether it is blockading major hubs in Doncaster or disabling machinery with expanding foam, the impact of individuals with deep knowledge of logistical corridors is felt across the entire system.
The pivot to unified resilience
We are witnessing a profound strategic convergence where disparate activist groups are no longer operating in silos. They are actively exchanging tactical lessons and normalising rapid escalation from lawful protest to high-impact direct action. For industrial security, this means your threat profile can change overnight as tactics perfected in one sector are 'downloaded' and deployed against another.
Unified Resilience is our only viable defence against this shared intelligence. It is a shift from siloed, reactive security to a holistic ecosystem where physical measures, cyber-defence and human intelligence are fused. It means treating a digital 'ping' on a server with the same urgency as a physical breach of the fence line, ensuring that every layer of the organisation operates under a single, proactive shield.
Implementing unified solutions
To remain relevant, security strategies must shift towards this model of unified resilience - a preemptive defence that integrates several key pillars:
-
Detection: Modern officers must be skilled in behavioural detection - the ability to identify the ‘unusual’ or subtle indicators of hostile reconnaissance before an incident begins.
-
Mastery of de-escalation: In an era of high-tension confrontations, officers must be experts in calming hostile situations, utilising psychological tools to manage aggression and prevent physical flashpoints.
-
Tactical intelligence: Effective protection requires officers to be familiar with the principal protest movements likely to target their specific facility. By understanding the ‘hooks, targets and narratives’ of activist groups they can anticipate the specific tactics used in a disruption campaign.
-
Specialist vulnerability & penetration testing: Organisations must proactively test both IT networks and physical access points. This means testing the psychological resilience of the workforce and the integrity of physical entry points before they are exploited.
-
Hybrid space protection: Specialist security now includes services that were once considered peripheral, such as boardroom bug sweeps and executive protection that covers the journey between home and work.
To remain relevant, security strategies must shift towards a model of unified resilience.
Zero trust and legislative context
The final layer of the solution is zero-trust physical access. Similar to digital security models, physical access is micro-segmented. Employees and contractors are granted access only to the specific zones required for their roles at specific times. This reduces the harm that a disgruntled or radicalised insider can cause. By segmenting the factory floor, organisations ensure that a breach in one area does not lead to a total site shutdown.
The regulatory landscape has tightened with the Terrorism (Protection of Premises) Act 2025 and the Public Order Act 2023. Martyn’s Law requires larger public venues to assess vulnerabilities and formalise emergency plans, while the Public Order Act introduces tougher penalties, including up to ten years for serious disruption. Although these measures strengthen prosecution powers, they have driven some activists towards more covert tactics. In 2026, resilience depends on embedding these legal duties within a broader, integrated security strategy.
Read the full article on the Security Journal United Kingdom (SJUK) online reader here.