SNAPSHOT: Sri Lanka Easter day attacks raises risk of copycat terror events

The Sri Lanka terror attacks highlight the global reach of the Islamic State (IS) and portends to the rising risk of copycat events, including in countries that have to date not experienced such attacks but fall within the IS rubric of an ‘enemy,’ such as Sri Lanka, are equally threatened.
  • On 22 April (Easter Sunday), nine suicide bomberskilled an estimated 250 people in multiple attacks in the capital Colombo, and the cities of Negombo and Batticaloa. Three churches (St. Sebastian’s Church in Negombo, Zion Church in Batticaloa, and St Anthony’s Shrine in Colombo), three hotels (the Shangri-La, the Cinnamon Grand, and The Kingsbury in Colombo), and a guest house (Tropical Inn) were the targets. Most victims were Sri Lankan, but among the foreigners killed and injured in the hotel attacks were Australian, British, Chinese, Dutch, Indian, Portuguese, Japanese, Turkish, and US nationals. Hours after the initial attacks, an explosion at an upmarket housing complex in Dematagoda on the eastern outskirts of Colombo – seemingly caused by a female suicide bomber related to one of the attackers – killed three police officers.
  • Immediate government suspicion fell on little-known domestic Islamist group the National Thowheeth Jam-ath (NTJ), which the authorities believed had assistance from an established international Islamist militant network. On 23 April, Islamic State (IS) said it was responsible for the attacks via its Amaq media outlet, offering credible information to support its claim.


  • The IS media statement, accompanied by a video and pictures describing the attackers and operations in great detail, said the attacks were in retaliation for attacks against mosques and Muslims in general. This supports the consensus that IS continues to reposition itself internationally, particularly in operationally permissible environments, in response to its territorial losses in Iraq and Syria.
  • The focus on Christians, churches and foreigners fits within established IS target sets, and the operational features and technical capabilities displayed substantiate the group’s involvement.
  • While there is no record of the attackers possessing firearms, they were clearly able to obtain large quantities of reliable explosives. The effectiveness of these suggests they were either military or commercial grade explosives. If it transpires they were from local commercial sources, it indicates that there is an immediate insider and theft threat to companies that use explosives, particularly in the extractives, construction, and demolition industries.
  • Sri Lanka’s long civil war, despite being fought mainly between the ethnic Tamils and Sinhalese communities, will have left a large quantity of legacy ordnance and military weapons in private hands, including criminal groups willing to sell them to whomever is prepared to pay. The alternative is to smuggle explosives into the country, which is unlikely to pose much of a challenge, given a long coastline and financial inducements. The most likely source of such imported explosives are West Asia or the Middle East, transported on the numerous shipping services that connect Sri Lanka with ports in those regions.


  • These complex attacks point to tactical issues that may be replicated, albeit most readily in locations where there are available sources of explosives or military weapons.
  • More pertinently, the Sri Lanka attacks offer nothing like the insight and concerns raised by the November 2008 Mumbai siege. That closely resembled a conventional special forces operation – reflecting the support given to the attackers by elements within Pakistan’s security establishment.
  • These attacks also challenges the US narrative that IS’s territorial loss of its self-proclaimed ‘geographical Caliphate’ makes it a defeated force. Instead, the group’s strategic focus will be to extend its influence globally by attempting to undermine security and stability through performative violence in ‘enemy’ states. This will include a call by IS for its ‘soldiers’ to conduct attacks within their own countries. The NTJ is likely an exemplar of this scenario.
  • The threat in Sri Lanka remains high. On 25 April, the UK’s Foreign Office joined Israel and Canada in warning its citizens against any non-essential travel to the country, due to concerns that further attacks were probable. Other countries can be expected to issue similar advice imminently.
  • The threat of repeat or copycat terrorist violence is highest in the weeks following spectacular attacks. The relative success of the Sri Lanka operations will likely embolden IS and its supporters to conduct attacks in other countries in the short (<3 months) and medium (<6 months) term. Logically, countries whose citizens had travelled to Syria and Iraq to fight with or support Islamist groups are at most risk from returning fighters. The list is long and includes countries that have already experienced terrorist attacks by Islamist groups, notably Russia, Saudi Arabia, Jordan, Tunisia, France, India, Morocco, Turkey, Germany, UK, Belgium, the US, Egypt, Libya, Bangladesh, Uganda, Indonesia, and the Philippines. However, countries that have to date not experienced such attacks but fall within the IS rubric of an ‘enemy,’ such as Sri Lanka, are equally threatened based on the criteria regarding access to explosives and weapons noted above.
  • Additionally, trigger events such as further right-wing extremist attacks on mosques and the imminent Holy Islamic period of Ramadan (5 May-4 June) will greatly increase the terrorist threat.


  • A2 Global advises foreign companies and their staff operating in Sri Lanka and countries perceived to be at risk to closely monitor related developments through local and international media. Crisis management, emergency response, and business continuity plans regarding the escalation of terrorism activity threat to personnel, assets, and operations should be reviewed and reassessed.
  • Companies should design a risk management programme aimed at the physical protection of office/accommodation spaces and their occupants, while also reviewing or creating crisis and disaster recovery plans.
  • This should include formulating threat identification and site assessments, including blast and explosion analysis, structural stability analysis, and a CBR threat assessment.
  • Security staff should draw up scenario plans and carry out routine training exercises.
  • Management should provide security awareness training to staff that includes advice on identifying unusual activities, items, and individuals, and the means and methods to communicate concerns over potential threats so that they may be actioned with minimum delay.
  • Companies should routinely conduct due diligence checks on third-party vendors while implementing employment screening, as well as behaviour monitoring to mitigate against insider threats.
  • Reducing the risk to business travellers is based on detailed and comprehensive journey management. This should cover all aspects of a business visit in a complex security environment – from arrival to departure – and range from the provision of advice through bespoke monitoring by security professionals to close protection.