Insurance industry must respond to increasing threat of small-scale terror plots

December’s tragic hostage incident in Sydney underlines that the terrorist threat is evolving. Chris Holt of JLT questions whether terrorism insurance is keeping up with the changes. Greater clarity and more innovation is needed, he argues.

The Sydney hostage attack in which 18 people were held captive, two of which tragically lost their lives, appears to be consistent with a trend for extremist Islamist individuals or small groups to mount small-scale attacks in the cities where they live.  Other recent examples include the 2013 murder of Drummer Lee Rigby in London by Michael Adebolajo and Michael Adebowale, and the 2013 Boston marathon attacks perpetrated by Dzhokhar and Tamerlan Tsarnaev.

Attacks by spontaneous violent extremists with little prior planning are very hard to interdict. Such attacks are typically simplistic attacks by self-motivated individuals and armed assaults by returning foreign fighters. It has been widely reported that the kinds of attacks being discussed include ‘Mumbai Style’ active shooter events, hand held explosive devices, and the use of knives or vehicles as weapons.

The development of terrorism insurance prior to the September 11 twin tower attacks occurred primarily as a response to exclusions in property cover driven by country-specific terrorism issues, with examples including Pool Re in the UK and Consorcio de Compensacion de Seguros (CCS) in Spain. The cover being provided was designed to meet the threat of vehicle bombs being initiated in urban environments with cover primarily related to property damage. The extraordinary impacts associated with September 11 reinforced the requirement for effective property damage and business interruption cover to meet clients’ exposures. All terrorist attacks are tragic for those personally involved, but it is worth considering for one moment whether terrorism insurance meets the challenges presented by attacks that are intended to harm people rather than damage property.

After the attacks in Boston on April 15, the initial cordon covered a 15 block area that was reduced to a 12 block crime scene the following day. On 18 and 19 of April the manhunt for the Tsarnaev brothers and associated lockdown effectively closed large parts of Boston, causing widespread financial damage. During December’s incident in Sydney, the police quite rightly evacuated and cordoned a large section of Sydney’s financial district.

Whilst it is possible to purchase denial of access endorsements that provide business interruption coverage for third party physical damage, this cover is usually sub-limited and subject to a geographical limit that is often in the order of 250 meters.  Many of the terrorism scenarios discussed as credible by governments could conceivably generate no physical damage, or lockdown implications well beyond the 250 meter zone.  Many businesses will have robust continuity management procedures in place, but these may not be able to manage all of the impacts associated with the kind of lockdown that could follow an active shooter attack in a large metropolis.

It may be time for the market to consider whether it is possible to provide more clarity or wider terms to insurance buyers to meet the changing nature of the terrorist threat. Specifically, there could be an opportunity to innovate in relation to non-physical damage business interruption.  Indeed, it could also be worth revisiting whether other components of the evolving risk need to be covered in some way. If suitably well-defined underwriting terms can be designed, the risks associated with a malicious cyber-attack appear to be an area that may naturally complement existing coverage, providing clarity to our clients.

What is absolutely clear is that companies need a risk transfer solution that is aligned with, and supported by, their risk management arrangements.  All businesses need plans to be able to respond to terrorist events; both operationally and strategically.  Any crisis is a critical time when brand and reputation can be exposed. An organisation that performs well can quite rightly garner the respect and trust of the public and wider stakeholders.

An organisation that is perceived to have performed badly can suffer major financial losses after the event.  Beyond the immediate actions required by employees in the business to manage an incident, it is critical that business leaders are able to respond quickly and demonstrate that they are doing the right thing. The pre-incident crisis management support provided to purchasers of terrorism policies is yet to match that offered by lines such as kidnap for ransom.  With the threat developing as it is, it may be time for the insurance industry to offer expertise as well as indemnification in relation to terrorism.

Chris Holt is consulting director for credit, political & security risk at JLT Specialty

World Trade Centre terrorist attack, 11 September 2001

Chris Holt - JLT