How Should Business Handle the Changing Nature of Terrorism?
Terrorism remains a persistent and significant threat to businesses, governments, and individuals. Fewer people were killed by acts of terrorism, insurgency, and politically or ideologically motivated violence in 2017 than in 2016, but the number of incidents is still very large – and the means of attack have shifted. As such, it’s critical that businesses take stock of the strategies available to them to manage and finance that risk.
Shifting Threats and Costs
Marsh’s 2018 Terrorism Risk Insurance Report, prepared with support from Guy Carpenter, explores terrorism trends, the state of the terrorism insurance marketplace, and mitigation strategies for global businesses. Among the report’s key findings:
- Acts of terrorism have increasingly come against soft targets and been perpetrated by “lone wolves” and small groups with no direct connection to known terrorist organizations, while past attacks were carried out primarily by specific groups against high-value and high-profile targets.
- Weapons of choice now include vehicles, knives, and other handheld devices, and they could include ransomware and other destructive cyber tools in the future.
- Actors backed by nation-states launched destructive ransomware attacks in 2017, raising the prospect that similarly destructive cyberattacks could soon be carried out by terrorists.
Impact on Business
In addition to direct property damage and injury to employees, these attacks can have significant indirect effects on businesses. These include:
- Supply chain disruption and security costs: Terrorist groups carried out nearly 350 attacks on global supply chains in 2016, an increase of 16 percent from 2015, according to BSI Supply Chain Services and Solutions. For example, stricter controls along France’s borders following the November 2015 Paris attacks cost companies an additional $59 per delayed vehicle.
- Lost revenue: Terrorist attacks in Western Europe in late 2015 and early 2016 cost European airlines $2.5 billion in lost revenue in 2016, according to the International Air Transport Association.
- Consumer confidence: Although U.S. consumer confidence increased in the third quarter of 2017, terrorism was cited as the top concern for 21 percent of consumers, according to The Nielsen Company.
Risk Financing Options
The most common way for businesses to manage terrorism risk is to purchase property insurance, which can reimburse companies for costs stemming from physical damage and business interruption resulting from acts that are motivated by politics, religion, or ideology.
In 2017, 62 percent of U.S. businesses purchased property terrorism insurance, according to Marsh data.
Purchasing, or take-up, rates across all industries have generally stayed close to 60 percent in recent years, but in 2017, rates varied by industry, geography, and company size. Take-up rates for terrorism insurance were higher for larger companies; 67 percent of companies with $500 million or more in total insured values purchased terrorism insurance, and those companies also allocated more of their property insurance premiums to terrorism coverage than smaller companies.
Geography and Sector Matter
By industry, education entities, health care organizations, financial institutions, and real estate companies had the highest take-up rates, each exceeding 70 percent. This is due in large part to the sizable presence that organizations in these industries have in central business districts and major metropolitan areas that insurers perceive to be at a higher risk of terrorist attacks. For similar reasons, companies headquartered in the northeastern U.S. also purchased terrorism insurance at a higher rate than companies in other regions.
As an alternative to commercial insurance, some businesses choose to self-insure their terrorism risks through captives, which are insurance companies they own or can rent. For captive owners, the cost of implementing terrorism insurance programs often compares favorably to the cost of buying from commercial insurers. Captive insurers can also generally offer broader coverage than commercial insurers.
The Importance of a Government Role
In the U.S., insurers benefit from reinsurance protection in the event of a sizable loss through the federal Terrorism Risk Insurance Program. First established in 2002 following the September 11, 2001, attacks and most recently reauthorized via the Terrorism Risk Insurance Protection Reauthorization Act of 2015 (TRIPRA), this backstop has helped to keep property terrorism insurance costs low and widely available for buyers. The U.S. is one of more than 20 countries in which local terrorism insurance pools or government reinsurance mechanisms are available.
Local pools continue to evolve to meet the changing needs of businesses. For example, both the U.S. backstop and the UK’s Pool Re now provide reinsurance protection for cyber-insurance policies. Pool Re also plans to provide coverage for nonphysical damage business interruption losses in the future.
The U.S. federal backstop remains especially important to continued market stability and health. Absent TRIPRA, which expires December 31, 2020, there is not sufficient insurance and reinsurance capital available to provide comprehensive terrorism coverage to U.S. insurance buyers.
As congressional representatives evaluate potential options ahead of TRIPRA’s expiration, they will likely focus on trying to expand the private insurance market role in managing conventional acts of terrorism while still providing a critical backstop for large-scale and unconventional attacks.
Modeling Terrorism Risk
To make appropriate decisions on how to finance their terrorism risk, businesses must first understand that risk.
Since terrorism risk models were first developed in 2002, insurers, reinsurers, and modeling companies have continually refined their models and underlying assumptions. This has improved their ability to quantify terrorism risk, but modeling that risk is often more challenging than it is for other hazards.
Less Predictable and Less Data
Compared to hurricanes and earthquakes, for example, acts of terrorism occur less frequently, meaning there’s less data to work with. Terrorist attacks are also less predictable because human attackers are unpredictable. Ultimately, this means that businesses can generally calculate the costs they’re likely to incur in the event of a potential attack, but it’s not as easy to calculate the probability of an attack affecting them.
Still, modeling terrorism risk can inform decisions about how much insurance to purchase, how to structure property terrorism and other insurance policies, and whether to consider a captive or other alternative to commercial insurance. And beyond insurance, modeling can help businesses make smarter choices to mitigate potential attacks and more effectively manage an attack’s after-effects.
The cost of potential attacks to global businesses remains high. The ability of organizations to adapt to the changing pattern of terrorism is essential if they are able to limit the effects of terrorism on their operations and employees. This extends to carefully modeling the impacts of different attacks, and evaluating the financing options that are right for them.