Paris. San Bernardino. Istanbul. Brussels. Dhaka. Orlando. Baghdad. Medina. Nice.

The list of cities targeted by terrorist attacks continues to grow. Whether carried out by “sleeper cells” or so-called “lone wolves,” some experts see a marked shift to attacks aimed at soft targets in the past few years. Despite the high cost in lives and suffering, these attacks typically cause minimal direct damage to property, but can bring indirect costs through business interruption.

Organizations manage terrorism risk through a combination of measures to protect people, property and finances. On the financial side, they either retain or transfer the risk; however, the changing pattern of terrorism risk has some companies questioning whether they are adequately prepared for and insured against financial losses and for the situation on the ground.

Changing Nature of Terrorism and Political Violence

The interconnectedness of economic, social and political risks has created a new type of vulnerability in the world, with interstate conflict and terrorist attacks at the forefront, a point highlighted in the 2016 Global Risks Report from the World Economic Forum. At the same time, recent attacks in the U.S., France and elsewhere have increased concerns about potential soft targets, the availability of weapons, border safety and the threat of homegrown extremists, which escalated dramatically in 2015, according to the U.S. House of Representatives Committee on Homeland Security.

Many would be surprised to hear that terrorist attacks and deaths worldwide actually decreased in 2015—the first decline since 2012—according to the U.S. State Department. Yet fears of terrorist attacks in the U.S. are at their highest level since after the Sept. 11 attacks in 2001, according to a New York Times/CBS News poll taken soon after the San Bernardino tragedy.

The interconnectedness of economic, social and political risks has created a new type of vulnerability in the world.

While terrorism risks in the 1990s and 2000s were typically perpetrated by groups targeting high-value targets, recent attacks often have been carried out by small cells or lone attackers seeking maximum casualties in crowded spaces. Related to this is an increase in “terrorist-inspired” acts, compared to “terrorist-directed” acts. These are committed by individual or small group actors who may have no direct contact with a known terrorist organization, but could be drawn to them through writings and video, particularly on the internet.

These events can significantly disrupt operations for some companies. For example, in the travel industry:

• About 10 percent of American travelers canceled booked trips due to the attacks in Egypt, France, Lebanon, and Mali, according to survey by YouGov. This affected $8.2 billion in travel spending.
• Booking losses for Air France in November 2015 were estimated to be $56 million, the company said in a statement.
• Airlines, hotel chains and travel websites experienced drops in their stock prices after this year’s airport bombing in Brussels.

Managing the Risks

As the modes of terrorist attacks change, organizations must reevaluate their response plans, from financial management to crisis planning to disaster recovery. For example, when talking about political violence, a company has to make sure its financial planning takes into account how political violence can vary geographically. This is a particularly important aspect for companies with significant emerging-market exposure.

More companies are using terrorism risk models and other analytical tools to better understand their financial exposure, determine appropriate insurance deductibles and limits, and optimize risk finance strategies. Modeling has long been used around natural hazard risks, but is at an earlier stage of development for terrorism risks.

As models develop, they also are being used beyond pricing premiums and understanding terrorism’s potential impact on capital. The information from data-based models can help organizations build efficient business continuity plans, address concerns about employee aggregation issues and prioritize risk mitigation strategies. Models are being used in decisions about implementing loss control measures, such as building retaining walls, increasing security and establishing gated entryways.

Terrorist attacks are a harsh reminder of the threat of mass violence and of the need to develop, maintain and exercise corporate-level plans for crisis management, emergency response and business continuity. Companies with such plans in place can better help employees through a crisis. Some considerations include:

Crisis management: Develop and test an overall framework for management, response and recovery. After an attack, organizations need to move quickly and efficiently to understand the potential impacts to people, property and operations, and make policy/strategy decisions to address and manage those impacts.

Crisis communications: Companies may have to contact employees, customers, investors and others (such as the media or government officials). During a crisis, messages and communications should be linked to reinforce the overall strategies and decisions made by the crisis management team.

Emergency response: Responding to physical incidents may involve life safety, event mitigation, evacuations and the protection of physical assets.

Humanitarian assistance: Providing support during and after an incident may include physical, social, emotional and financial help, as needed. Making professional counseling and support services available is an example of how companies can support employees.

Business continuity: Keeping the business running is a key concern once safety issues have been addressed. Plans should account for the management and logistical process for continuing or resuming operations and recovering partially or completely interrupted critical business functions.

Information technology/disaster recovery: In a tech-driven age, recovery includes plans to ensure the availability of networks, applications and data. Ensuring that technology is up and running efficiently may help support business continuity, including work-from-home and other strategies.

Integrated and well-practiced crisis and continuity plans can help you to be risk ready should a crisis occur.

More than ever, terrorism and political violence issues need to figure into an organization’s risk and business strategy decisions. In designing risk transfer options, the interplay/availability of terrorism insurance in various countries will be an important consideration.

The changing nature of terrorist attacks globally has caused the risk management and insurance industry to explore coverage enhancements that further address risks related to business disruption and extra expenses. With a thorough understanding of terrorism exposures and cost-effective risk transfer options—as well as with developed business continuity and corporate preparedness plans—organizations can better assess, manage and respond to their terrorism risks.