Security agent watching public event

The Dangers of Not Protecting the “3Ps” During Events

On 5 November 2021, an apparent crowd crush at the Astroworld music festival in Houston, Texas resulted in ten deaths and untold injuries. While the criminal investigation is in its early stages at the time of this article, the music festival undoubtably represents some failures of safety and security planning and execution. The death count and reported injuries are too high to be the normal cost of holding events. Disturbing videos from the event, in addition to statements from concert goers and first responders, belie assertions that initial observations by subject matter experts are impossible until the completion of the investigation. The events at Astroworld are a reminder of the need to “protect the 3Ps” at concerts and special events, and the fact that these activities must be balanced.

Safety and security at concerts and special events are complex affairs, and stakeholders include promoters, tour managers, technician crews, venue operators, performers, the performers’ security team if applicable, security management and guards, law enforcement personnel, the fire department, regulatory officials, and medical personnel. These entities must plan, prepare, execute, coordinate, and effectively communicate among themselves to best protect the 3Ps:

  • Protect the Pocketbook
  • Protect the Patrons
  • Protect the Performers

These 3Ps provide a framework through which to categorize best practices and view lessons learned from disasters and near-disasters at events. Although protecting the 3Ps might seem like common sense, history – and the recent events at Astroworld – provides many fatal examples of failures to protect one or more of these 3Ps.

Protect the Pocketbook

Most concerts and special events are held to make money. Even charity event organizers need to use proceeds from ticket sales to support their causes. Hence, organizers of all types of events try to deny access to the people who are neither ticket holders nor invited guests. At Astroworld, fans breached or attempted to breach perimeter gates and fences of the concert venue (NRG Park) at least 17 times before and after 10 a.m. when the gates were opened, according to a Houston Fire Department (HFD) log and videos posted to social media.

These breaches included a 2 p.m. crowd rush at the VIP entrance. One video shows at least 300 people breaching this entrance. According to press reporting, the price of a general admission ticket, including fees, was $365 (VIP tickets sold for $725 and $1,000 excluding fees). Thus, in two minutes, that breach of the VIP gate cost event organizers a minimum of $109,500. The HFD log also notes that, by 5 p.m., NRG command reported that 3,000 to 5,000 people were “not scanned.” Based on the $365 ticket price, this equates to between $1.1 million and $1.8 million in lost revenue. These losses do not include possible merchandise theft; security at the merchandise area was compromised for roughly a half-hour according to the HFD log.

Inadequate attempts to protect the pocketbook can lead to injuries or death, which can in turn hurt the pocketbook – or at least that of the event organizer’s insurer. In 2014, a security guard for the Ultra music festival in Miami sued the organizers for $10 million after she was trampled and seriously injured by fence crashers. The police department claims it had recommended better fencing to the festival’s organizers prior to the festival.

Protect the Patrons

Failure to protect the pocketbook can result in failure to protect the patrons. The failure to protect patrons has historically been the most consequential of the 3Ps. In 2014, the insurance company for the Ultra music festival in Miami paid $400,000 to a man who was beaten by off-duty Miami police officers in their roles as security guards for the festival in 2011. Inadequate perimeter security can also lead to trespasser injury. At the 2021 Astroworld in Houston, an HFD log entry records four individuals needing medical attention two minutes after a 9:23 a.m. breach of the secondary checkpoint (gates did not open until 10 a.m.). Likewise, at 3:21 p.m., police also request medical assistance at the same lot where they requested assistance because of a large group attempting to go over a fence. Fortunately, more people were not seriously injured in the numerous security breaches and bum-rushing.

Additionally, security guards can be seen shoving some gatecrashers. These were instinctive but ill-advised attempts to mitigate the mayhem, but they risked injuring these trespassers. If they were injured by security guards, they could attempt to sue event organizers and or the security company. Thus, the failure to protect the pocketbook because of inadequate or inappropriate security at the VIP gate could have resulted in additional hits on the pocketbook through lawsuits by patrons or trespassers.

Overzealous protection of the pocketbook can also negatively affect the protection of patrons and can precipitate a disaster. In January 2017 in Playa del Carmen, Mexico, drug cartel gunmen entered the Blue Parrot nightclub on the last night of a music festival and opened fire. One of the only exits was at the rear of the club, which sat on the beach. The gate was not only locked, but its height prevented many patrons from scaling it to escape to the beach. Five people died – including an 18-year-old American woman who was trampled to death – and 17 were injured. Even worse tragedy met patrons in a 2004 nightclub fire in Buenos Aires, Argentina. In addition to lacking basic safety measures such as fire extinguishers, working emergency exits, and non-flammable walls, the club’s doors were locked to deny access to people without tickets. Almost 200 patrons died and at least 1,400 were injured.

Protecting the patrons also requires that security personnel protect patrons from themselves. An example is a venue or event that prohibits crowd surfing. Security personnel might mark the hand of violators with a permanent marker as a warning. A second violation could result in expulsion from the venue. Some barricades also protect patrons from themselves, potentially mitigating against disaster. A best practice is to use a T-shaped barricade in front of the stage, which divides the patrons, reducing lateral forces that can cause people to fall. Someone trained in crowd dynamics should also be located at the front of the crowd to identify precursors to or actual disasters.

Mother Nature poses an additional hazard to patrons.  In August 2011, 12 patrons at performances in two countries – the Indianapolis State Fair and the Pukkelpop music festival in Hasselt, Belgium – were killed by sudden storms that caused equipment to collapse. In Belarus in 1999, over 50 people leaving a concert were killed by trampling when the crowd rushed into a metro station to escape a thunderstorm. Protecting the patrons includes an awareness of an event’s natural hazards, sound planning for those hazards, as well as complying with code and permitting requirements.

As mentioned, all major events need an adequate number of readily available medical personnel. By 4 p.m. at the Astroworld concert, ParaDocs (the medical provider) had treated 54 patients, according to the HFD log. Other mass-casualty incidents, such as the attack on the Boston Marathon in 2013, have shown that bystanders with medical training can provide critical assistance. There is a good reason to have at least some security personnel trained in cardio-pulmonary resuscitation (CPR), and at least a few of them trained as emergency medical responders (EMR, formerly known as medical response technician). Each state has its own certification requirements for EMR or its equivalent. In Texas, the rough equivalent of the EMR is the Emergency Care Attendant certification.

The Manchester Arena Inquiry, which is investigating the May 2017 terrorist attack at the Ariana Grande concert in England that killed 22, concluded in its Volume 1 report that it would be beneficial if employees with a “Protect Duty” were “trained in first aid relevant to injuries of the type caused during the Attack on 22nd May 2017.” In October 2021 the Security Industry Authority’s (SIA), which regulates the U.K.’s private security industry, added first aid training to its licensing requirements for some security guards.

Protect the Performer

Protecting the performer is arguably the security role most noticeable to the public. The primary purpose of security guards around the stage is to protect the performers (in addition to protecting patrons at the front of the crowd who need assistance). Depending on the professionalism of the performer’s security team, a significant portion of protecting the performer workload occurs prior to the start of the concert. For example, a meeting between the performer’s security team and venue management (including the venue’s security leadership) and conducting a security advance of the venue are best practices. The latter includes ensuring the security team is familiar with and comfortable with the areas to be inhabited and paths to be travelled by the artists or speakers.

A good advance avoids a myopic focus on only threats from fans or other people. For example, the stage might have hazards that are not clearly visible in the darkness of a performance, such as gaps or holes. In addition, elements on or off the stage might not structurally support all elements of a performer’s whims or performance, whether rehearsed or not. These hazards can be mitigated by changes to the stage or briefing the performer(s) on the hazard. As with patrons’ deaths and injuries from storms, performers can also succumb to accidents from these natural hazards. In December 2017 in Brazil, a DJ performing at a music festival was killed when strong winds toppled a steel structure on the stage.

Risk Intelligence

Risk intelligence is vital in protecting the 3Ps. Although intelligence cannot predict the future, it can provide assessments of likely scenarios or developments. These assessments should include a risk assessment, including weather and patron behavior.

For example, it is reasonable to expect that 80% of the time meteorologists can accurately forecast the weather for an event seven days away. For an event that starts in five days, the meteorologists can forecast the weather approximately 90% of the time. Since event operations/security plans are often completed well before these timeframes, the risk intelligence function should update the weather forecast in the days leading up to, and also during, the event. This risk intelligence function, like all intelligence functions, should be performed by the appropriate professionals.

At the fatal August 2011 Indianapolis State Fair mentioned above, officials reportedly received weather updates directly from the National Weather service. Patrons were never evacuated. However, 15 miles north of the State Fair, 6,700 patrons at a performance by the Indianapolis Symphony Orchestra were evacuated and the concert was cancelled, based on organizers’ consultations with the National Weather Service and a private weather company. Event organizers should be aware of the difference “between consumer-grade and business-grade weather.” As such, the event operations plan for the 2021 Astroworld notes that a “WeatherOps meteorologist” will conduct weather monitoring for the event.

Risk intelligence for events also includes analysis of the performer’s, festival’s, and venue’s previous events. At Astroworld in 2019, hundreds of fans stampeded into the venue after barricades collapsed and the gates fell to the ground. Almost two weeks before the Astroworld tragedy on 5 November 2021, rapper Playboi Carti’s concert at NRG Stadium was canceled after fans bypassed security and knocked down metal detectors.

Patrons, performers, venue employees, and security guards alike have become victims when event planners have failed to adequately protect the 3Ps at concerts and special events. These three goals require the right balance, detailed planning and preparation, and professional execution. The tools available to event planners are many – including risk assessments, risk intelligence, crowd models, professional services, and experts – as are the fatalities, injuries, and financial costs when protecting the 3Ps is haphazard and marred by negligence and mismanagement.

Additional Significant Disasters at Concerts and Performances

  • November 1942, Boston, Massachusetts: Over 490 people died in a fire at the Cocoanut Grove nightclub – the deadliest nightclub fire in U.S. history.
  • July 1944, Hartford, Connecticut: 170 patrons died in a Ringling Brothers and Barnum and Bailey circus fire.
  • May 1977, Southgate, Kentucky: A fire at the Beverly Hills Supper Club erupted as patrons waited for a performance by singer John Davidson, killing 164.
  • December 1979, Cincinnati, Ohio: 11 people were killed during a crush before a concert by British rock band The Who.
  • June 2000, Roskilde, Denmark: Nine patrons died from a crowd crush during the Pearl Jam’s performance at the Roskilde Festival.
  • January 2001, Sydney, Australia: A 16-year-old patron was crushed in a mosh pit during a performance by the band Limp Bizkit at the Big Day Out music festival. She died of a heart attack five days later.
  • February 2003, West Warwick, Rhode Island: During a performance by 1980s rock band Great White, 100 people died and more than 200 were injured in the Station nightclub fire caused by stage pyrotechnics.
  • December 2004, Columbus, Ohio: At the Alrosa Villa nightclub, a fan shot and killed four people, including former Pantera guitarist “Dimebag” Darrell Abbott and three other people during a show by Damageplan, Abbott’s latest band.
  • January 2009, Bangkok, Thailand: 67 people died and more than 100 were injured in the Santika Club nightclub fire during New Year celebrations and a performance by the band called Burn. Pyrotechnics started the blaze.
  • July 2010, Duisburg, Germany: 21 people died and more than 500 were injured in a crowd crush at the Love Parade electronic dance music festival.
  • January 2013, Santa Maria, Brazil: Pyrotechnics caused a fire during a band performance at the Kiss nightclub, leading to 242 deaths and 168 injuries.
  • July 2014, Conakry, Guinea: At a rap concert on a beach to celebrate the end of the holy Muslim month of Ramadan, 33 people died as they tried to leave through a small gate, creating a stampede.
  • November 2015, Paris, France: 90 patrons were killed when ISIS members attacked the Bataclan concert hall, where American rock group Eagles of Death Metal was playing. The attack was part of a complex, coordinated terrorist attack that included a soccer stadium, bars and restaurants.
  • 2016, Oakland, California: 36 people died when they attended a concert in a former warehouse that had been converted into an artist collective with living space named the Ghost Ship.
  • October 2017, Las Vegas, Nevada: A gunman opened fire into the crowd from the 32nd floor of the Mandalay Bay Resort and Casino, killing 58 and injuring more than 850. It ranks as one of the deadliest mass shootings in U.S. history.
Kole (KC) Campbell

K. Campbell, CBCP, CPP®, is a security and intelligence professional with experience and training in intelligence; risk, threat, and vulnerability assessments; security management; and business continuity. He is a Certified Protection Professional (CPP), board certified in security management by ASIS International. He has also earned his Certified Business Continuity Professional (CBCP) certificate from DRI International. During his prior career as a U.S. military intelligence officer, his responsibilities included classified and protective intelligence operations, counter-WMD and counterterrorism recommendations, war and contingency planning, and leading highly sensitive intelligence planning efforts against Iran and North Korea. He has led security risk assessments for the U.S. government, private industry, and nonprofits. Mr. Campbell has training in behavioral threat assessment with various structured professional judgment tools. He has presented three times at the Global Security Exchange, the 20,000-attendee flagship conference for the international security industry. He obtained a Master of Arts degree in global risk from Johns Hopkins University’s School of Advanced International Studies, a Master of Arts degree in military operational art and science from the Air Command & Staff College at the U.S. Air Force’s Air University, and a Bachelor of Arts degree in political science from Virginia Tech.



No tags to display


Translate »