Recent incidents of individuals or small groups carrying out seemingly random attacks have increased significantly. In 2025, malicious attack incidents included a shooting at the National Football League’s headquarters in New York in July, an attack at Brown University in Rhode Island in December closely followed by Australia’s shootings at Bondi beach. Europe was also hit by multiple malicious attack events over the year including at an adult education centre in Orebo, Sweden in February, a school shooting in Graz, Austria in June and an attack by an armed individual against a Manchester synagogue in the UK in October. 2026 has also begun with a number of tragic incidents such as the attack at a Canadian school in Tumbler Ridge.
“Previously, many malicious attack events appeared to lack clear motivations, with incidents often seeming isolated or opportunistic,” says Hiscox’s Charlotte Kadir – Terrorism Underwriter. “However, over the past five years there has been a noticeable shift, with a growing number of attacks linked to more clearly identifiable drivers, including grievance-based motives. While not all incidents fit this pattern, the trend highlights an evolving threat landscape that organisations must continue to monitor closely”.
Commercial premises at risk
The US government's Homeland Security 2025 Homeland Threat Assessment reports that, “Lone offenders and small groups continue to pose the greatest threat of carrying out attacks with little to no warning.” These malicious attacks, which can see an individual use anything from handheld weapons like guns or knives, to an explosive device, corrosive substance or a vehicle to harm another person or a group of people, present a growing challenge to organisations and businesses. A recent FBI report reveals that well over a third (40.7%) of all the active shooter incidents they recorded from 2015-2024 were targeted at commercial premises. And of those, nearly three quarters (70%) were premises that were open to pedestrian traffic, while businesses closed to pedestrian traffic also accounted for a significant number of attacks.
Carrying out a grievance
Why do individuals or small groups carry out such attacks and is there a typical profile of those offenders? “More and more attackers are pulling in ideas from different ideologies or conspiracy theories and are overlaying those with their personal grievances,” says John Wyman – a Principal in Control Risks' Crisis and Security Consulting team. “People are dealing with their grievances differently than we might have seen a decade ago, accepting that violence is a viable option, and for some coming to the decision that violence is both necessary and justified.”
One of the reasons for that change, adds Wyman, is the influence of social media. “We've seen a shift in the way people get entrenched in their views. They can easily use social media to find other people that have the same types of grievances and see examples of people that have used violence to ‘resolve’ those feelings, so you get both a ‘copycat’ response and also contagion as ideas spread.”
Reducing the risk
Given the ongoing threat, how can organisations reduce the risk of malicious attack? One critical area is in the use of tools like behavioural threat assessments to evaluate risk in a structured and consistent way and to drive tailored mitigation measures to reduce the possibility of an attack. Identifying those individuals who pose a threat from those who simply make threats can be a challenge. “As people move along a pathway to violence, there are observable signposts in their behaviour, which in turn, present opportunities for prevention,” says Wyman. “The goal is to identify those behaviours beforehand, allowing enough time before the intended attack to step in and mitigate or intervene.”
A lot of organisations, particularly smaller ones, could identify these potential malicious attack threats sooner, but this involves creating greater awareness internally. “There might be someone in the legal department who receives a threat from an aggrieved ex-employee, for example, but does not adequately assess that threat or share the information with others. Similarly, HR teams might find themselves in a situation where they have had to terminate an employee’s employment, but have they done it in a way that will mitigate any potential risk of future violence from that employee?” says Wyman. “There is a clear need for strong and proactive threat identification or threat intelligence mechanisms within organisations, in addition to training for people on how to recognise and report those threats.”
Responding to the risk
As well as working on the prevention side, preparation also needs to take place from a response standpoint. “That work includes understanding how an organisation integrates with law enforcement after an attack; how it gets the business back up and running; crisis communications; and knowing what security changes need to be made to prevent a similar incident,” explains Wyman.
The role of insurance
The requirement for help in both preparing for and responding to a malicious attack is why the insurance industry has responded by developing its more traditional terrorism coverage to offer cover that can directly respond to a malicious attack. “Malicious attack insurance has evolved from terrorism cover to recognise the threat from lone offenders or small groups,” says Hiscox’s Kadir. “The policy doesn’t need to meet the same activation definition that a terrorism cover might need in terms of identifying an attack as clearly politically or religiously motivated, and will provide broad coverage across property damage, business interruption, loss of attraction, liability and threat response. Critically, it will enable access to crisis management expertise that is vital in terms of pre- and post-incident management. That can include the support of Crisis Management experts, provision of additional security measures to keep employees and customers safe, services of crisis communications experts, any immediate medical costs, and counselling to help employees after an attack.”
The cover can be a vital support at the most difficult of times for any organisation or business to manage, Kadir concludes: “These types of attacks are unfortunately expected to grow in frequency, which is why products like Hiscox Malicious Attack can help clients prepare for, mitigate and manage the risk more effectively.”
