Governments, social media companies and the general public are becoming increasingly concerned about the threat of those who are radicalised online and turn to violent extremism. However, the evidence base for this concern is not fully formed. For instance, it is not yet clear if those who are being radicalised offline are still the greater threat. It is particularly important to explore this issue empirically, as large amounts of material resources from both the public and the private sectors may be redirected from offline to online initiatives. This report seeks to explore the differences in outcomes for those who have been primarily radicalised offline versus those radicalised online.
It does so by creating a new database with a novel coding system. The database contains information regarding every completed and most of the thwarted jihadist‐linked attacks in eight Western countries (Australia, Austria, Belgium, France, Germany, Spain, the United Kingdom and the United States) over a seven year period from 1 January 2014 to 1 January 2021. The database contains 245 completed or thwarted attacks by some 439 individuals. For every perpetrator, the database contains information on how they were radicalised (mostly online; mostly offline; both; “asocially” online; and unknown – see chart in methodology section for definitional breakdown). It also contains information on target type and location, outcome of attack (completed; thwarted), lethality of attack (deaths; injuries), lone/group factors, mode of attack (bomb; shooting; knife; and so on), terrorist organisational connections (inspired or orchestrated by IS or al‐Qaeda or another group), demographics of attackers (gender; age; education; ethnic origin; socio‐economic status; and so on).
The sample of perpetrators and attacks was drawn from existing databases for terrorist attacks, including the START Global Terrorism Database, the George Washington’s Program on Extremism database of attacks in the West, the French National Assembly’s database of terrorist attacks in France, the UK’s Independent Reviewer’s database of Terrorism, the database of plots in Spain from Observatorio Terrorismo and Seguridad Internacional, and more. In addition to the information contained in these databases, we identified further attacks and plots through open‐source research. This included access to court documents from each of the countries in the database. Moreover, we conducted dozens of interviews with police investigators, family members and friends of attackers, lawyers and others close to the cases.
Our findings suggest that the primary threat comes from those who have mostly been radicalised offline. More than half of the individuals in our database were radicalised mostly offline versus a significantly smaller number who were radicalised mostly online (54% vs 18%). Individuals radicalised mostly offline were significantly more likely to complete their attacks than those who were radicalised online (29% vs 12%). However, we found that the number of people being radicalised online has increased over the last seven years, primarily in the youth demographic. Nonetheless, even in this demographic online radicalisation has not surpassed offline radicalisation.
Cases of online asocial radicalisation (by which we mean exposure to online propaganda with no known social interaction) accounted for only 2% of cases. Foreign terrorist fighters (FTFs) were equally as likely to carry out their attacks as non‐foreign terrorist fighters (29% and 28%, respectively). More than 60% of completed attacks were committed by lone actors (67%). The best completion rate was for individuals who were radicalised offline and acted alone (60% completed an attack). Most individuals fitting this profile were either known to the police and/or under surveillance (68%) and had a criminal record or had been imprisoned (74%). A significant proportion of them were foreign fighters (26%). Nonetheless, 35% had radicalised friends or family even though they attacked alone.
Groups, regardless of radicalisation setting, achieved a significantly lower completion rate (15%). Even those who radicalised offline but attacked in groups had a low completion rate (19%), which is three times lower than lone actors who were radicalised offline but completed their attacks.
Yet people who had been radicalised offline acting in groups were 15% more lethal than when they attacked alone. Under half of these group actors were under surveillance or known to counter‐terror (CT) police (44%, 1.5 times less likely to have been under surveillance or known to CT police than offline‐radicalised lone actors who completed their attacks) or had been in prison previously (47%). People who had been radicalised online, both singly and in groups, accounted for only 12% of successful attacks.
Unlike other studies, our database consists of only those who have completed an attack or were thwarted before being able to do so. Therefore, it gives a more accurate picture of the actual threat landscape over seven years in eight Western countries than studies based on surveys or less representative sampling techniques. Our findings show that the primary threat still comes from those who have been radicalised offline. Offline‐radicalised individuals are greater in number, better at evading detection by security officials, more likely to complete a terrorist attack successfully and more deadly when they do so.