It was 8:46 a.m. local time on September 11, 2001, when a hijacked American Airlines Boeing 767 was flown directly into the North Tower of the World Trade Center in New York City. By 10:03 a.m., hijacked planes had crashed into the World Trade Center South Tower and the Pentagon, Washington D.C. Hijackers on a fourth plane were overpowered by brave passengers, and it crashed in a field in Pennsylvania. Within days, the identities of the terrorists belonging to the al-Qaeda terrorist organization, were revealed. They had executed a meticulously planned and coordinated terrorist event masterminded by al-Qaeda leader, Osama bin Laden.
The images of the planes crashing into the World Trade Center towers remain etched in people’s minds. The memory of the nearly 3,000 people killed, with around 25,000 with immediate physical injuries or long-term effects, and the stories of bravery, heroism, and compassion, are still fresh 20 years on. Damage to the world’s financial center and the U.S. military headquarters was unprecedented during peacetime.
Unlike a major earthquake, flood, or windstorm, the attack footprint of the World Trade Center was very small – yet the insurance losses were massive. For the industry, the record US$47 billion insured losses from the 9/11 catastrophe created chaos. Twenty years later, it is worth looking back at the insurance industry’s response to 9/11, along with the terrorism risk management and modeling that emerged. It was certainly a pivotal moment for the industry and catalyzed the pioneering development of RMS® Terrorism Risk Models.
Wider questions now need to be asked. What has changed with regard to evolving terrorism risk over this time, and what has remained the same? The COVID-19 pandemic and widespread emergence of cyber risk raise questions about how capabilities and motivations have shifted to leverage such new forms of attack. And the digital world’s interconnectedness highlights the systemic risk of terrorism, given that terrorists can cause even larger impacts than the physical consequences of their actions. For a deeper review, I invite you to download our white paper on the 20-year retrospective of 9/11.
The Chaos of 9/11
Before 9/11, terrorism risk was largely unmodeled and inadequately priced. After 9/11’s catastrophic losses, the reaction from the insurance industry was to actively exclude terrorism coverage, and questions had already been raised about the actual likelihood and severity of terrorism risk. The 9/11 attacks opened the door on a world of possible risks that insurers hadn’t considered before, along with future risk that had to be managed.
To facilitate and stabilize insurance coverage, the Terrorism Risk Insurance Act (TRIA) was introduced by the U.S. government as a backstop for terrorism-related losses. The impact of 9/11 was so huge, several other countries established or significantly revised their terrorism risk sharing mechanisms. While this offered some guarantees and stability, it was not a remedy for quantifying and actively managing terrorism risk.
Terrorism Risk Modeling
Modeling was required to assess the nature of terrorism risk. This began with techniques to manage exposures. RMS built a list of high-profile locations that could be targeted by terrorists to cause catastrophic losses. This database has been frequently updated over the years to reflect the latest risk landscape. Moreover, RMS created tools to capture exposure hot spots, so insurers would not be blindsided by unexpected exposure accumulations, whether within an ever-changing portfolio or a large high-profile building. This approach is now standard industry practice.
RMS created a scenario model to assess what-if scenarios that can model catastrophic terrorist attacks ranging from conventional bombs to chemical, biological, radiological and/or nuclear (CBRN) attacks, across the world. RMS pioneered the use of a state-of-the-art 3D computational fluid dynamics (CFD) model for conventional bomb blasts and dispersion modeling for CBRN events. These modeling techniques are vital to help with regulatory scenarios, such as the U.S. Terrorism Risk Insurance Program (TRIP), and rating agency questionnaires, such as A.M. Best’s Supplemental Rating Questionnaire (SRQ).
One of the main reservations about terrorism risk modeling has been the perception that it is a function of human behavior and defies quantification. All quantitative modeling of rare events should be based on explicitly stated, well-defined principles, which can be translated into mathematical formulas that underlie quantitative terrorism risk modeling and minimize the degree of subjectivity. Twenty years ago, RMS developed principles of terrorism modeling when building our probabilistic terrorism model. And 20 years later, these principles are still relevant.
Within the bounds defined by the Western counterterrorism environment, terrorists have maximized their operational utility by abiding by classic principles of terrorist modus operandi. They substituted hardened targets for softer ones, prioritized reliability in weapon selection, and leveraged their scarce resources to achieve the greatest impact for a given cost outlay.
Understanding terrorist motivation leads to another important risk modeling principle. Terrorism is the language of being noticed. In the context of this new twenty-first century terrorism, attacks would have to be sufficiently large, symbolic, and/or destructive to garner the level of attention demanded.
Changing Risk Landscape
In terms of the global threat landscape, there have also been numerous upheavals. The invasion of Afghanistan after 9/11 was followed by war and insurgency in Iraq from 2003 to 2011. Preemptive attacks have taken their toll on other al-Qaeda leaders, as well as leaders of the Pakistani Taliban. Political instability created space for the formation of the Islamic State (IS), and the subsequent pressure of counterterrorism, leading to declining capability for IS.
Notwithstanding the recent rise of neofascism, the foreign threat remains substantial and subject to sporadic adverse geopolitical change. Resurgence of the Taliban following the withdrawal of military troops from Afghanistan has raised the threat level of foreign terrorism once again. Terrorism tends to come in waves, and these changes have illustrated how dynamic the terrorism threat landscape can be.
The 20th anniversary of 9/11 will see the insurance communities further their efforts to understand how the terror threat is ever-present, shifting and changing. Terrorism has systemic risk potential, as seen during 9/11 which was ultimately a clash event with many coverages triggered. Among direct physical damages, terrorism can affect critical infrastructure and disrupt supply chains that, in turn, disrupt businesses which can result in business interruption (BI) claims. The desire and ability of terrorists to inflict maximum impact from a disproportionally small investment means terrorism will continue to be a potential risk the insurance industry must understand.
The terrorist threat landscape has evolved considerably since 9/11 but remains a formidable risk in 2021 – and for the foreseeable future. Insurance best practices that emerged post-9/11 are still relevant today, and the fundamentals of terrorism risk modeling have remained intact. There is also a substantial amount of observational data validating the principles of terrorism modeling that have guided RMS in our threat model development.
For further reflection on the 20th anniversary of the 9/11 terrorist attacks, which profoundly impacted the insurance industry, please download our white paper: The Lasting Impacts of 9/11 on the Insurance Industry. You will learn how terrorism modeling and the risk landscape have evolved since the events of September 11, 2001, and much more.