Grievance Is Rising. Most Organisations Have No Way to Assess When It Becomes a Threat.

The Australian Federal Police has recorded a substantial increase in reported threats against public figures in recent years.¹ Researchers studying the trend are blunt about what is driving it: the continued rise of individual grievance, and a growing willingness to move from online threat to real-world action. Deakin University political sociologist Josh Roose has described reported incidents as likely just the tip of the iceberg, warning that the real danger is not the online expression of grievance, but the crossing of the threshold into action.²

Politicians are the visible end of this trend. But the conditions producing it (disenfranchisement, grievance narratives proliferating online, the lowering threshold between expressing anger and acting on it) are not confined to public office. They are present in every organisation that terminates employees, manages difficult customers, operates in contested sectors, or employs staff in public-facing roles.

The threat environment facing Australian organisations is not hypothetical. It is active, it is escalating, and it is arriving on desks without warning.

What happens next, how an organisation responds when a specific situation lands, is where most of the risk actually lives.

Most organisations have processes for managing difficult situations. HR grievance procedures, security incident protocols, legal escalation pathways. These are not nothing. But they are designed to manage situations that have already been identified and categorised, not to assess whether something forming in the background warrants attention before it does.

The capability that sits upstream of those processes (structured threat assessment) is largely absent in most organisations.

Threat assessment is a distinct discipline. It is the structured analysis of a specific actor: their capability, intent, and likely trajectory. It produces a clear judgement about what risk is present, how it may develop, and what response options are available before a situation escalates further. It is not security operations, not legal advice, not HR case management. It is a different skill set, drawing on a different methodology.

Without that judgement, organisations face two predictable failure modes.

Underreaction: dismissing or underweighting indicators that warranted closer attention. This allows situations to develop to the point where response options have narrowed and costs have risen significantly. The indicators were often present early. They were not assessed.

Overreaction: deploying visible security measures, initiating legal action, or escalating internally in response to a threat that did not warrant it. This can itself destabilise a situation, signal weakness, or generate the very escalation it was intended to prevent.

Both outcomes are common. Both share the same root cause: a response decision was made without a structured assessment of the actor and the risk they actually represented.

The conditions producing this environment are not temporary. Several factors suggest the gap between threat activity and organisational assessment capability will widen.

Grievance-to-action pathways are shortening. Researchers note that online environments accelerate grievance formation and lower the threshold to action.² An individual's trajectory from disgruntled to credibly threatening, which once took months, can now compress into weeks. Organisations that rely on visible escalation as the signal to act are increasingly responding after the critical window has passed.

Threat actors have more tools. Access to information about organisations, their leadership, their operations, and their staff has never been greater. A motivated individual (former employee, aggrieved customer, activist with a specific target) can research, plan, and coordinate in ways that were not possible a decade ago. The sophistication of the threat does not require sophistication of the actor.

Internal bandwidth is structural, not situational. Security teams are stretched. Legal teams are not trained in behavioural analysis. HR functions carry duty of care obligations they lack the analytical tools to discharge properly. This is not a resourcing gap that additional headcount resolves. It is a capability gap that requires a different discipline.

Post-incident scrutiny is increasing. When a situation escalates (a threat acted upon, a harassment pattern that becomes public, a workplace incident that follows a series of unassessed indicators) the questions that follow are specific: what did the organisation know, when, and what analytical steps were taken before a decision was made. Documented, structured assessment is becoming a governance and legal expectation.³

For organisations in sectors with elevated exposure (energy, retail, universities, transport, financial services, government) three implications are worth considering now, before a situation requires it.

The window for effective assessment is early. The situations most amenable to structured analysis are those in formation, before indicators become incidents. At that stage, response options are broader, costs are lower, and outcomes are more controllable. Organisations that engage assessment capability only after a situation has escalated are working with significantly reduced options.

Internal capability has a boundary most organisations have not identified. The organisations at greatest risk are those that assume existing security or HR functions cover threat assessment. They often do not. The boundary of internal capability is rarely visible until a situation reveals it, and that is a poor time to discover it.

Documented assessment is increasingly a defensible decision-making requirement. When a decision about a threat situation is later scrutinised (by a regulator, a court, a board) the question is whether the organisation took reasonable steps to assess the risk. A structured, documented assessment answers that question. A gut call or general security advice does not.³

The AFP data and the researchers tracking this trend are pointing at something organisations need to take seriously: grievance is rising, the pathway to action is shortening, and the visible indicators are arriving later than they used to.

The organisations best positioned to manage this are not necessarily the ones with the largest security budgets. They are the ones that have the analytical capability to assess a specific situation, a specific actor, a specific risk, before a decision has to be made.

Most organisations do not have that capability. Most will not know that until a situation requires it.

¹ SBS News, 'Tip of the iceberg': Australia faces a rising threat (February 2026): https://www.sbs.com.au/news/article/political-violence-threats-australia/x49u1wbhr

² Josh Roose, Associate Professor of Politics, Deakin University, as cited in SBS News (February 2026)

³ Corrs Chambers Westgarth, TMT Trends 2026: Cyber Security and Online Safety. ASIC's 2026 focus on operational resilience and crisis management; directors' duties in the context of risk management: https://www.corrs.com.au/insights/tmt-trends-2026-cyber-security-and-online-safety