On November 13, 2015, the multiple terrorist attacks on Paris began with a suicide bomb blast at the 81,000 capacity Stade de France soccer stadium, where France were playing Germany in an international friendly. Soccer is the world’s most popular game, and terrorism is the language of being noticed. When France hosted the FIFA World Cup in 1998, Algerian terrorists planned to attack the opening match in Marseille between England and Tunisia, and follow-up by attacking the U.S. soccer team in their Paris hotel. Fortunately, a mole inside the Algerian terrorist organization passed on intelligence to the French security service, and the plot was disrupted.
We were delighted to welcome so many representatives of the insurance industry to the RMS Terrorism Risk seminar in New York last month. Our seminar gave us a chance to update (re)insurance risk management professionals on the latest trends in global terrorism threat, its relevance to the insurance industry, and to share some of the latest developments and approaches for managing terrorism risk. Our keynote speakers included Bruce Hoffman from Georgetown University; Jack Riley, Vice President of the National Security Research Division at RAND Corporation, and Steven Simon from Amherst College.
After Faizal Shahzad was arrested on May 1, 2010, for attempting to detonate a vehicle bomb in Times Square, Mayor Bloomberg commented, “It’s been said that when you find a terrorist, he’ll have a map of New York City in his back pocket.” A few blocks from Times Square is the Port Authority Bus Terminal, where a pipe bomb explosion occurred at 7.20 a.m. local time on Monday, December 11, 2017, in an underground passage, about 200 feet (60 meters) from the bus terminal.
On Thursday April 6, 2017, President Trump ordered a Tomahawk missile attack on a Syrian military airfield. This was a direct response to President Assad’s use of sarin gas to attack Syrian dissidents. Just two days later, the password to an encrypted archive of cyber weapons (stolen from the U.S. National Security Agency) was posted by the so-called Shadow Brokers cyber group. This hacking group is thought to have connections with Russia, which is the leading supporter of the Assad regime. They were angered by President Trump’s action.
An immediate beneficiary of this password release was the Lazarus Group, linked with North Korea, which had been launching ransomware attacks at targets over the previous several months. What they lacked was an effective tool to propagate their ransomware from computer to computer. This missing tool, a Microsoft Windows bug called “EternalBlue”, they now were gifted thanks to Shadow Brokers.
At the start of the RMS Exceedance conference in New Orleans in March this year, I was interviewed for A.M. Best TV on terrorism risk, and specifically asked what I was envisaging for future terrorist attacks.
I replied that terrorists have been thwarted in their ability to produce large explosives for vehicle bombs, and are likely to use vehicles for ramming groups of people. Less than a day later, on March 22, 2017, such an attack took place on Westminster Bridge, London. Over the summer, several other terrorist vehicle ramming attacks have occurred in London, and one in Barcelona.
What a difference a week makes. A week before the tragic events in Manchester, RMS was in New York, and the previous week in London as we hosted over 400 risk professionals from across the (re)insurance industry at two half day terrorism seminars. The seminars featured several of the world’s leading experts on counterterrorism, modeling, and terrorism risk management and highlighted the fluid threat environment, its insurance implications, and the impact of technology on terrorism risk. Continue reading
Some fifteen years after terrorism risk modeling began after 9/11, it is still suggested that the vagaries of human behavior render terrorism risk modeling an impossible challenge, but still the core principles underlying terrorism risk modeling are not widely appreciated. Terrorism risk modeling, as it has developed and evolved from an RMS perspective is unique in being based on solid principles, which are as crucial as the laws of physics are to natural hazard modeling. The recent high-profile terrorist attacks in London, Stockholm, and Paris adhere to many of these principles.
It is likely that very few of the 60 million U.S. citizens who voted for Donald Trump would have done so because of his stance on terrorism insurance. Only because terrorism insurance is too arcane an issue to have come up in the presidential debates. However, many of the nation’s wavering voters may have been swayed by his pledge to make America safer from the scourge of terrorism. Under his presidency, border security will surely be tightened – even if no frontier wall is ever built and changes made to entry decisions for Syrian Muslim refugees into the United States.
Reauthorization of TRIA – Talks Start in 2018
On January 12, 2015, the Terrorism Risk Insurance Program Reauthorization Act of 2015 was signed into law by President Obama. This third extension of the original 2002 Terrorism Risk Insurance Act (TRIA) will sunset at the end of 2020, coinciding with the end of the first term of the Trump presidency. In the drafting of the 2015 reauthorization bill, detailed consideration was given by the House Financial Services Committee to alternative wordings that would have reduced the coverage provided by the U.S. government insurance backstop. One such alternative would have focused U.S. government involvement in the terrorism insurance market on covering terrorism losses from extreme attacks using weapons of mass destruction. When the future of terrorism risk insurance is raised once more on Capitol Hill in 2018, the Republican White House and Congress are likely to seek to further extend the private terrorism insurance market. Though I consider this to be contingent on President Trump keeping his pledge to keep America safe until then.
Balancing Civil Liberties in the Face of Reducing Terrorism Risk
In the democracies of the western alliance, the balance of keeping people safe from terrorism and preserving civil liberty is much debated issue. After the July 2005 London Transport bombings, the head of the British security service, MI5, warned that ‘there needs to be a debate on whether some erosion of civil liberties may be necessary to improve the chances of our citizens not being blown apart as they go about their daily lives’. On a national scale across America, a similar debate was prevalent during the 2016 U.S. presidential election. It may seem that in this instance, the champion of civil liberties, minority rights, and political correctness lost to the conservative advocate of oppressive counter-terrorism action and profiling of terrorist suspects.
Regardless of who occupies the White House, however, terrorist plots against the U.S. will persist and terrorists must be stopped before they move to their attack targets. Success in interdicting these plots depends crucially on intelligence gathered from electronic surveillance. It is well-documented that more intrusive surveillance can successfully increase the chances of lone wolf plots being stopped. And President-elect Trump has already affirmed his readiness to authorize more surveillance. He can claim a public mandate for this: for America to be great again, it has to be safe again – even from lone wolf terrorist plots. After the Orlando nightclub attack on June 12, 2016, perpetrated by the radicalized son of an Afghan immigrant, Donald Trump said that ‘we cannot afford to be politically correct anymore’. And in fighting global Islamist extremism vigorously, he may be able to count on President Putin’s support. While the two world leaders differ on geopolitics, their mutual respect as a President may be maintained through abrasive counter-terrorism action.
When Michael Chertoff was appointed Secretary of Homeland Security, President George W. Bush told him not to let 9/11 happen again – and he didn’t. President-elect Trump will expect a similarly impressive clean sheet. On a more personal level he also has a special interest in increased security against terrorist attacks. His own real estate empire includes some notable potential terrorist targets, including high-profile landmark buildings bearing his name. While the New York Stock Exchange has too tight security to be attacked, in contrast, the Trump Building on Wall Street has easy public access. There are numerous opportunities for terrorist target substitution.
In the 15 years since the terrorist attacks of September 11, 2001, partnerships between the public sector and private industries have yielded more effective security and better public awareness about the threat of terrorism. We may never come to terms with the sheer volume of human loss from that day and among the hundreds of attacks that continue every year. But we have achieved greater resilience in the face of the ongoing realities of terrorism – except for when it comes to looking ahead at recovering from the catastrophic costs for rebuilding in its aftermath.
Terrorism insurance is facing a structural crisis: hundreds of terrorist attacks occur annually, but actual insurance payouts have been negligible. The economic costs of terrorism have skyrocketed, but demand for terrorism coverage has remained relatively flat. And despite a proliferation of catastrophe bonds and other forms of alternative capital flooding into the property insurance market, relatively little terrorism risk has been transferred to the capital markets. If terrorism insurance – and the insurers who provide it – are to remain relevant, they must embrace the new tools and data available to them to create more relevant products, more innovative coverages, and new risk transfer mechanisms that address today’s threat landscape.
The September 11th, 2001 attacks rank among the largest insurance losses in history at $44 billion, putting it among catastrophes with severe losses such as Hurricane Katrina ($70 billion), the Tohoku earthquake and tsunami ($38 billion), and Hurricane Andrew ($25 billion).
But unlike natural catastrophes, whose damages span hundreds of kilometers, most of the 9/11 damages in New York were concentrated in an area of just 16 acres. Such extreme concentration of loss caused a crisis in the insurance marketplace and highlighted the difficulty of insuring against such a peril.
Following the events of the September 11 attacks, most insurers subsequently excluded terrorism from their policies, forcing the U.S. government to step in and provide a backstop through the Terrorism Risk and Insurance Act (2002). Terrorism insurance has become cost effective as insurer capacity for terrorism risk increased. Today there are an estimated 40 insurers providing it on a stand-alone basis, and it is bundled with standard property insurance contracts by many others.
But despite better data on threat groups, more sophisticated terrorism modeling tools, and increased transparency into the counter-terrorism environment, terrorism insurance hasn’t changed all that much in the past 15 years. The contractual coverage is the same – usually distinguishing between conventional and CBRN (chemical, biological, radiological, and nuclear) attacks. And terrorism insurance take-up remains minimal where attacks occur most frequently, in the middle east and Africa, highlighting what policymakers refer to as an increasing “protection gap.”
Closing this gap – through new products, coverages, and risk transfer schemes – will enable greater resilience following an attack and promote a more comprehensive understanding of the global terrorism risk landscape.
Natural hazard science is commonly studied at college, and to some level in the insurance industry’s further education and training courses. But this is not the case with terrorism risk. Even if insurance professionals learn about terrorism in the course of their daily business, as they move into other positions, their successors may begin with hardly any technical familiarity with terrorism risk. It is not surprising therefore that, even fifteen years after 9/11, knowledge and understanding of terrorism insurance risk modeling across the industry is still relatively low.
There is no shortage of literature on terrorism, but much has a qualitative geopolitical and international relations focus, and little is directly relevant to terrorism insurance underwriting or risk management.
As a step towards redressing the imbalance in available terrorism literature, a new online journal, The Journal of Terrorism and Cyber Insurance, has been established; its launch is to coincide with the fifteenth anniversary of 9/11. The journal has been welcomed and supported by global terrorism insurance pools, and its launch will be publicized at the annual terrorism pools congress in Canberra, Australia, on October 7, 2016.
Originally conceived as a journal of terrorism insurance, coverage has been extended to include cyber risk, recognizing the increasing insurance industry concerns over cyber terrorism and the burgeoning insurance market in cyber risk. The aim of the open access journal is to raise the industry’s level of knowledge and understanding of terrorism risk. By increasing information transparency for this subject the editorial board hopes to facilitate the growth of the terrorism insurance market, which serves the risk management requirements of the wider international community. The first issue is a solid step in this direction, and will include articles on the ISIS attacks in Paris in November 2015; terrorism insurance in France and Australia; parametric terrorism insurance triggers; non-conventional threats; the clean-up costs of anthrax, and the terrorist use of drones.
The four founding editors of the journal have extensive knowledge of the field. The managing editor is Rachel Anne Carter, who has terrorism insurance administrative experience with both OECD and U.K. Pool Re. Dr. Raveem Ismail, specialty terrorism underwriter at Ariel Re, brings to the editorial board detailed direct terrorism and political risk underwriting knowledge. Padraig Belton is a writer with extensive political risk expertise, having served as a correspondent in the Middle East and Pakistan. As chief architect of the RMS terrorism model, I will bring terrorism risk modeling expertise to the team and have the responsibility and pleasure to review all article submissions. I look forward to sharing insights from the journal with subscribers to this blog.