The Federal Bureau of Investigation (FBI) designated 61 shootings in 2021 as active shooter incidents. The FBI defines an active shooter as one or more individuals actively engaged in killing or attempting to kill people in a populated area. Implicit in this definition is the shooter’s use of a firearm. The active aspect of the definition implies the ongoing nature of an incident and thus the potential for the response to affect the outcome.

When evaluating shooting incidents to determine if they meet the FBI’s active shooter definitions, researchers considered for inclusion:

• Shootings in public places
• Shootings occurring at more than one location
• Shootings where the shooter’s actions were not the result of another criminal act
• Shootings resulting in a mass killing (defined as three or more killings in a single incident)
• Shootings indicating apparent spontaneity by the shooter
• Shootings where the shooter appeared to methodically search for potential victims
• Shootings that appeared focused on injury to people, not buildings or objects

The report does not encompass all gun-related shootings, and gun-related incidents were excluded if research established it was the result of self-defense, gang violence, drug violence, contained residential or domestic disputes, controlled barricade/hostage situations, crossfire, or an action that appeared not to have put other people in danger.

While the report does not explore all facets of active shooter incidents, law enforcement officers, first responders, corporation, educators and the public can use the report as a baseline for understanding active shooter incidents.

Incident Statistics

For the period 2017-2021, active shooter incident data reveals an upward and concerning trend: the number of active shooter incidents identified in 2021 represents a 52.2% increase from 2020 and a 96.8% increase from 2017. 2021 witnessed the highest number of active shooter incidents for the years 2000-2021.

A breakdown of the number of incidents within the five-year period of 2017-2021 is as follows:

US Active Shooter Incidents Rose 52% in 2021

December had the fewest number of incidents (one); similar to 2020, June had the highest number of incidents (12). Compared to 2020, April saw the biggest increase in incidents (from zero to 10).

Unlike 2020, active shooter incidents occurred every day of the week. Like 2020, Saturdays saw the most incidents (14).

34 incidents (55.7%) occurred between 12:00 p.m. and 11:59 p.m., and 44.3% (27 incidents) occurred between 12:00 a.m. and 11:59 a.m. Data shows that an active shooter incident is more likely to occur (63.9%) between 6:00 a.m. and 5:59 p.m. (39 incidents occurred during this timeframe).

A breakdown of number of incidents by time is as follows:

The 61 active shooter incidents in 2021 occurred in 30 states.

• Six incidents occurred in California.
• Five incidents each occurred in Georgia and Texas.
• Four incidents each occurred in Colorado and Florida.
• Three incidents occurred in Indiana, Michigan, North Carolina, and Tennessee.
• Two incidents occurred in Alabama, Arizona, Illinois, Maryland, Nevada, and South Carolina.
• One incident occurred in Arkansas, Connecticut, Idaho, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Missouri, Nebraska, New York, Ohio, Pennsylvania, and Wisconsin.

Twelve of the 61 incidents met the criteria cited in the federal definition of mass killings — three or more killings in a single incident.

Casualties

The 61 active shooter incidents reviewed in this report resulted in 243 total casualties — the number of people killed or wounded — to be exact, 103 were killed and 140 were wounded, excluding the shooters. In this report, persons described as “wounded” were not injured by gunfire but rather suffered injuries incidental to the shooting, such as being hit by flying objects or shattered glass, or falling while running. These were included in the casualty count when research may not have allowed for the type of injury to be discerned.

A breakdown of the incidents/locations with the five highest total casualty counts is as follows:

• FedEx Ground Plainfield Operations Center, Indianapolis, Indiana: eight killed, seven wounded (15)
• Kroger Grocery Store, Collierville, Tennessee: one killed, 14 wounded (15)
• Various locations in Phoenix, Arizona: one killed, 12 wounded (13)
• Oxford High School, Oxford, Michigan: four killed, seven wounded (11)
• King Soopers Grocery Store, Boulder, Colorado: 10 killed (10)

The total casualty count for 2021 (243) is below the average for the period 2017–2020 (345.25), but exceeded casualties in 2020 (164) by 48%. The 2021 numbers represent the third-highest total casualty count over the last five years (2017–2021).

When strictly talking about deaths, the highest number of deaths from an active shooter incident in 2021 occurred at the King Soopers Grocery Store, Boulder, Colorado, where 10 people were killed. The second highest num­ber of deaths occurred at Santa Clara Valley Transportation Authority Rail Yard, San Jose, California, where nine people were killed.

2021 saw the highest number of deaths since 2017, and a 171.1% increase from 2020. 2021 deaths were above the average (92.3) for the period 2017–2020.

Law Enforcement/Security Personnel/Citizen Engagement and Casualties

In 17 incidents, law enforcement engaged the shooter. In four of those incidents, law enforcement sustained injuries. In one incident, security personnel engaged the shooter and sustained injuries. 2021 witnessed an increase in incidents where citizen involvement impacted the engagement. In four incidents, citizens confronted the shooter, thereby resulting in the incident ending.

Locations

Commerce: 32

Thirty-two of the 61 active shooter incidents occurred in areas of commerce, resulting in 68 killed and 72 wounded. Twenty-eight incidents occurred in business environments open to pedestrian traffic, resulting in 57 killed, including three managers, 17 employees, two law enforcement officers, and one security officer. Fifty-four were wounded, including 17 employees, and one law enforcement officer.

Education: 2

Two of the 61 incidents occurred at education locations, resulting in four killed (students) and ten wounded (eight students, two employees).

Government: 3

Three of the 61 incidents occurred on government property locations, resulting in nine killed (employees) and two wounded.

Open Space: 19

Nineteen of the 61 incidents occurred in open space locations, resulting in 15 killed, including one emergency medical technician. Fifty-one people were wounded. The wounded included three law enforcement officers, one security officer, and two emergency personnel.

Residence: 3

Three of the 61 incidents occurred at residential locations, resulting in six victims killed and one wounded.

Houses of Worship: 1

One of the 61 incidents occurred at a house of worship location, with no casualties reported.

Healthcare: 1

One of the 61 incidents occurred at a healthcare location, resulting in one killed and four wounded.

The Shooters

Sixty-one shooters carried out 61 active shooter incidents. Sixty shooters were male, and one was
female. Sixty shooters acted alone. The youngest shooter was 12 years old; the oldest was 67 years old.
Other details about the shooters include:

• Two shooters wore body armor.
• One shooter had four improvised explosive devices (IEDs).
• Thirty of the shooters were apprehended by law enforcement.
• Fourteen shooters were killed by law enforcement.
• Four shooters were killed by armed citizens.
• One shooter was killed at another location in a vehicle crash.
• Eleven shooters committed suicide.
• One shooter remains at large.
• Six shooters were employees, four shooters were former employees, two shooters were current students, two shooters had past personal or professional relationships with the victims, and one shooter was a business owner.

A breakdown of the number of shooters by age group follows:

18 and younger: 2

19–24: 14

25–34: 18

35-33: 10

45-54: 9

55-64: 6

65-74: 1

Unknown: 1

For 2021, the FBI observed an emerging trend involving roving active shooters — shooters who shoot in multiple locations, either in one day or in various locations over several days.

John Cohen, the former Acting Undersecretary for Intelligence and Analysis at the Department of Homeland Security, told ABC News that the United States is seeing another trend with active shooters. “The U.S. is in the midst of a multiyear trend where we are experiencing an increase in mass shooters who are seeking to advance their ideological beliefs or based on a perceived personal grievance,” Cohen said. “A growing subset of our population believes that violence is an acceptable way to express one’s ideological beliefs or seek redress for a perceived personal grievance.”

The Gun Violence Archive (GVA), which tracks gun violence incidents collected from more than 7,500 law enforcement, media, government and commercial sources, tracked 692 mass shootings, the worst year on record for the number of mass shootings since GVA began tracking mass shootings in 2014. The not-for-profit uses a statistical threshold for definite mass shootings based only on the numeric value of 4 or more shot or killed, not including the shooter.

As of July 6, 2022, there have been 320 mass shootings since the year began, around the same number the country saw in the same January-June period last year. This number is on pace to match or surpass 2021.  

It is imperative that security leaders understand the risks faced by active shooter situations and train on active shooter prevention, response and recov­ery efforts, as well as train their law enforcement partners.

Based on a survey of more than 4,700 executives globally, Accenture’s State of Cybersecurity Resilience 2021 study explores different types of leaders in cyber resilience. Due to the rapid increase in high-profile attacks and the sheer complexity of handling cybersecurity demands, Accenture also tested what difference it made to cyber resilience if there was a stronger alignment between cybersecurity practices and business strategy.

A cyber resilient business brings together the capabilities of cybersecurity, business continuity and enterprise resilience while embedding security across the business ecosystem and applying fluid security strategies to respond quickly to threats, so it can minimize the damage and continue to operate under attack. As a result, the cyber resilient business can securely introduce innovative offerings and business models across the entire value chain, strengthen customer trust, and grow with confidence, Accenture says.

Accenture’s research identified four levels of cyber resilience: The Vulnerable, Business Blockers, Cyber Risk Takers and Cyber Champions.

Key Traits of Security Leaders in Cyber Resilience

Accenture also explored how winning organizations tackle cyber resilience, evaluating their responses based on the following performance criteria: they stop more attacks, find and fix breaches faster and reduce breach impact.

The Vulnerable

The Vulnerable stand to reduce their cost of breaches by 71% if they increase their performance to Cyber Champion levels.

Cyber Champions, Business Blockers, and Cyber Risk Takers outperform The Vulnerable across most key cyber resilience measures. They experience more breaches, take longer to find and fix breaches, and lag in reducing breach impact.

Business Blockers

Business Blockers outperform Cyber Risk Takers and The Vulnerable, but fall behind Cyber Champions across all key cyber resilience measures. They experience fewer breaches than Cyber Risk Takers and The Vulnerable, but 8% more than Cyber Champions (17%).

When it comes to the average share of significant attacks — with high-profile, severe and long-term impact on the organization’s business or mission — they experience fewer attacks than Cyber Risk Takers or The Vulnerable, but nearly twice more than Cyber Champions.

And when attacks get through, Business Blockers detect and remediate them more quickly than Cyber Risk Takers and The Vulnerable, but fall behind Cyber Champions by a day on both measures.

Business Blockers also have the highest percentage of chief information security officers (CISOs) with full authority to approve budgets (32%) versus Cyber Champions (21%), Cyber Risk Takers (21%) and The Vulnerable (16%). This CISO-driven spending autonomy may explain the increased focus on cybersecurity over business strategy.

Business Blockers could reduce costs by 48% per successful attack if they increased their performance to Cyber Champion levels, with savings of about $294,000 per attack.

If Business Blockers add alignment to their already-robust cybersecurity foundation, they will have even stronger cyber resilience without sacrificing business outcomes.

Cyber Risk Takers

Cyber Risk Takers lead in cost reduction, business growth, faster time to market, gaining market share, developing new products/services, entering markets, improved customer satisfaction and frictionless user experiences.

Despite being focused on business objectives, Cyber Risk Takers’ performance is among the poorest when it comes to the average share of successful breaches (53%) and the average share of attacks that result in significant damage (23%), according to the research.

According to the survey, Cyber Risk Takers lack visibility and have unclear metrics which delay investment decisions, and they demonstrate a poor allocation of funds.

Cyber Risk Takers could reduce costs by 65% per successful attack if they increased their performance to Cyber Champion levels, with savings of about $226,000 per attack.

While focusing on alignment alone may enable potential for meaningful business benefits, without a foundation for cyber resilience, companies will be at greater risk and have higher cybersecurity costs.

Cyber Champions

Cyber Champions are the cream of the crop. Like Business Blockers, Cyber Champions are among the top 30% in at least three of the four cyber resilience criteria. What sets them apart is their close alignment to the business strategy.

The number of successful breaches experienced by Cyber Champions is 8% lower than Business Blockers and 36% lower than Cyber Risk Takers. They also experience the fewest significant attacks, according to Accenture.

Cyber Champions have a speedier response to detection and remediation — an extra day of being fully operational can make all the difference to the bottom line. Cyber Champions are better able to protect themselves from loss of data — about 4% of Cyber Champions lose more than 500,000 records — almost seven times less than Cyber Risk Takers (27%).

Compared with other organizations, Cyber Champions are far more likely to:

• strike a balance between cybersecurity and business objectives;
• report to the CEO and board of directors and demonstrate a far closer relationship with the business and CFO;
• consult often with CEOs and CFOs when developing their organization’s cybersecurity strategy;
• protect their organization from loss of data;
• embed security into their cloud initiatives; and
• measure the maturity of their cybersecurity program at least annually.

Cyber Champions are able to strike a balance, excelling at cyber resilience and aligning with the business strategy to achieve better business outcomes. They are successful in at least three of four cyber resilience performance criteria — better at stopping attacks, finding and fixing breaches faster, and reducing their impact.

“Spending more on cybersecurity without being closely aligned to the business doesn’t make your organization safer,” said Jacky Fox, Group Technology Officer at Accenture Security. “When it comes to managing cyber risks, organizations can’t afford to lean one way or the other.”

To achieve sustained and measurable cyber resilience, CISOs need to move away from security-focused silos so they can collaborate with the right executives in their organization to gain a 360-degree view of the business risks and priorities.

To learn more about the research, download the State of Cybersecurity Resilience 2021 report here.