EVOLVING RISK OF TERRORISM SERIES
Two decades after the attacks of September 11, 2001, countries all over the world have been confronted with a continued evolution of terrorism threats, broader political violence and other malicious acts, as the likely targets, attack modes and perpetrators continue to shift. This broadening peril compels a need to refocus on coverage review and make advances in modeling analysis and risk mitigation.
In this series, Guy Carpenter experts share their views of this changing peril and how to best protect the (re)insurance industry and its clients. Additionally, we explore the capabilities and strategies the industry has innovated to identify, manage and mitigate these risks. In this article, the first in a 3-part series, our experts analyze the evolution of key perils amid the shifting landscape. In the upcoming installments of this series, we will assess the impact of the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) and corresponding changes to carrier reinsurance gaps in the United States and the ways carriers and terrorism pools can benefit from the latest next-generation modeling, data best practices and (re)insurance solutions.
The Shifting Threat Landscape in 2024 (Part 1)
Terrorism has shifted from events more concentrated toward physical damage inflicted on property to events with more focus targeting human lives and economic impact. Strikes, riots and civil commotion (SRCC) events, specifically riots and civil commotion, have become more frequent and widespread. Globally, state-on-state malicious activity has increased, and indirect violence is being leveraged to achieve political aims. The industry’s coverage offerings, (re)insurance protections and ways to assess and manage this changing danger need to keep pace. Without a focus on these perils, the risk for an emerging (or growing) gap of protection exists. Guy Carpenter is committed to address the mitigation of this protection gap.
While the threat of highly impactful events from international terrorism, such as Islamist extremist terrorism, remains in the US and Europe, individual domestic actors and domestically motivated civil unrest have become more frequent causes of damage, death and loss. Motivations for such events are not always clearly defined or easily agreed upon, which can present a distraction for the carrier or the original insured looking for timely and commensurate compensation. The severity and sources of recent violent acts emanating from various modes of attack have been significant and continue to evolve (and often increase).
These include:
Explosive devices: Insurers continue to monitor loss potential for large explosive attacks, which aligns with regulatory and rating agency requirements. High-casualty explosive attacks appear more common in Europe (e.g., Madrid 2004, London 2005, Paris 2015, Manchester 2017) than in the US, possibly due to the relative ease of purchasing effective firearms compared to the difficulty of making and delivering bombs.
This does not mean American improvised explosive device attack attempts do not occur. For example, domestic terrorist Cesar Sayoc posted 16 letter bombs to, among other prominent figures, Vice President Kamala Harris and President Joe Biden, although all were intercepted. Where bombs have exploded in the US in recent years, the explosive power has tended to be low. They may be selected not to cause mass damage (thus reducing the threat of property damage) but rather due to their “stand-off” capability (i.e., not requiring the attacker to be in the vicinity of the target, as opposed to an attempted shooting or car-ramming).
Gun violence: Although gun violence is common in the US, the scale of injury and insured loss from the Las Vegas Mandalay Bay shooting was shocking and prompted many to reappraise the potential insurance impact of such events. It was settled in 2019 for USD 800 million, encompassing more than 850 casualties, 58 fatalities and business interruption, but it was not defined as an act of terrorism, and therefore was not a TRIPRA-certified loss.
Had the motivation and perpetrator been defined as terrorism, it would have exceeded the USD 200 million industry trigger and would have resulted in the largest terrorism loss since the September 11, 2001 terror attack. Understanding when mass shootings are politically, religiously or otherwise ideologically motivated is difficult. However, it is far from impossible that a mass shooting event of the severity of the Las Vegas attack but with the terrorist intent of the 2018 Pittsburgh Synagogue or the 2019 El Paso shooting will occur in the near future.
State-on-state malicious acts: The 21st century is one of increasingly multipolar geopolitical competition, with more governments willing and technologically able to use force and sabotage to achieve political ends. Malicious acts that are sufficiently deniable and/or insufficiently violent or high-profile to count as acts of war are carried out or directed by states as tools of policy. The use of proxy groups is not new, but the willingness of state actors to interfere in elections, assassinate, sabotage, hijack and confiscate has increased, with little concern for lives and businesses harmed.
The combination of state power and obfuscation poses a problem for insurance. Businesses in the vicinity of the 2018 Skripal poisonings struggled for coverage, as the attacks could be considered chemical, biological, radiological and nuclear (CBRN), which are seldom covered in commercial property and business interruption insurance policies. Only state actors have access to the poison used. Meanwhile, the 2022 Nord Stream pipeline explosion has left Nord Stream and its insurers in disagreement: the insurers have stated the policy did not cover losses from war or explosions carried out on state orders, and without an unambiguous culprit, this is difficult to settle.
Misinformation: Trust in media is dropping. Echo chambers, conspiracy theories, fake news and algorithmic sentiment-driving all have the potential to aggravate pre-existing social divisions. Changes in technology make spreading mistrust easier than ever, with artificial intelligence (AI) and deepfakes allowing for the creation of convincing lies and half-truths, and social media allowing cheap and anonymous broadcasting. The threat misinformation drives is stochastic: if lies that could incite violence reach a sufficiently large audience, the chances of one or more people in that audience reacting violently increases. For example, in August 2024 widespread online lies about the perpetrator of a high-profile mass murder catalysed rioting across the UK, including several arson attacks. The lack of predictability, as well as the widespread geographic reach of misinformation, has serious ramifications for the insurance industry. Definitions between SRCC and terrorism can also blur across the spectrum of political violence, as exemplified in the UK, following the recent riots of August 2024, when Neil Basu, the former head of counter-terrorism policing said he thinks some of the actions did cross the “line into terrorism.” Definitions of such acts, for law enforcement, government policy and insurance coverage, can also differ and create confusion.
Strikes, riots and civil commotion (SRCC): SRCC is an increasing threat, with the most damaging modern outbreaks almost entirely taking place within the last decade (e.g., Santiago 2019, Minneapolis 2020, Durban and Johannesburg 2021, and Paris 2023). 2024 is a year of multiple important elections, increasing the risk of civil unrest as rival political demonstrations meet, as people express frustration at results, or as election irregularities, real or perceived, are met with force. This is currently happening in Venezuela, and has happened in India, Pakistan, Madagascar, Senegal, Mauritania, Comoros and New Caledonia this year alone. The New Caledonian civil unrest is the most damaging individual SRCC incident this year and was triggered by fears around the expansion of the franchise on the islands. Demonstrations, rioting and looting, occupation and exclusion of authorities, and other viral and persistent civil unrest events can lead to significant aggregate losses. The US election may be marred by unrest, though the firm response to the rioters who stormed the Capitol in January 2021 may encourage better behavior.
Click image below to see full-size chart
As illustrated in Figure 1, the upward trend of violent acts in the US (e.g., shootings, terrorism incidents and civil unrest) comes amid a changing trend in global political violence: generally, terrorism risk ratings are decreasing, but war and civil unrest risk are increasing. The Terrorism Risk Insurance Act (TRIA) initially defined terrorism as committed by a foreign person or foreign interest, but was later reclassified in the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) as encompassing either foreign or domestic terrorism. These changes were made following the attacks of September 11, 2001, due to concerns that such risks were not manageable in the general market leading to potential economic disruption.
Cyber: The fast-paced evolution of today’s cybersecurity threat landscape, combined with increased reliance on internet-connected technologies in critical industrial operations, has the potential to increase the number of cyber incidents.
To date, the overwhelming majority of cyber incidents have related to information technology (IT) rather than physical-based processes of operational technology (OT). We now find ourselves at an inflection point where the potential for cyber threats arising from the prolific use of digital systems to control physical processes will bring IT and OT risks closer together.
As organizations in a variety of industries adopt the use of internet of things (IoT), the increased amount of remotely connected devices offers attackers more opportunities to bridge an air-gapped system to infect OT environments.
As the frequency of systemic attacks increases and such attacks continue to be purported by nation-state-affiliated threat groups, organizations are on heightened alert for the next event. Standalone cyber policies have evolved their war exclusions for kinetic war or similar situations and have been carved back for cyberterrorism.
Guy Carpenter recommends that carriers continue their research and focus on developing and improving exposure management and underwriting standards. This is an emerging area of cyber risk whose boundaries are yet to be defined. We suggest continued diligence around the increasing aggregation potential that could shift the groundwork laid for a threat specific to individual portfolios to one that may aggregate across the market.
Property & Casualty Impacts
Recently, terrorist attacks have been less sophisticated, with assailants deploying bladed weapons, firearms, and/or vehicles with the intention to incite fear, bodily injury and death rather than damage to property. Since the events of September 11, 2001, most terrorist attacks in the US and Western Europe have not generated significant property damage and business interruption.
Civil commotion across France in June and July 2023 caused estimated insured losses of over USD 700 million. Other events in the past 5 years, from Chile to South Africa, have shown that losses can be well over USD 1 billion. Aggregation of SRCC losses geographically and over time present a different form of challenge for the insurance sector to manage.
Beyond direct business interruption losses, many businesses in or near areas struck by terrorism often see a decline in foot traffic well after cordons are cleared. These trends, coupled with the proliferation of incidents that may not be clearly described or defined as acts of terrorism—such as mass shootings in schools, churches, private businesses and public settings—have prompted insurers to innovate amid demand from buyers.
Current conflicts in Ukraine and Israel have seen disruption to global trade and supply chains and shifted global allegiances. Exacerbating the conflict, along with influencing societal attitudes, divisions and democratic processes, have geopolitical and economic impacts from which some benefit. The insurance sector is challenged to define and insure elements of this disruption where possible. Specifically, insurers have begun to focus on the development and further enhancement of:
- Active assailant coverage, also known as active shooter, malicious attack or deadly weapons coverage.
- Non-damage business interruption (NDBI) coverage that can respond to the loss of revenue without a physical damage trigger.
- Standalone political violence covers that provide more breadth so that incidents do not fall between gaps in cover.
How Guy Carpenter Can Help
Guy Carpenter believes the industry and carriers need to rethink how the existing coverages work together. As terrorism and malicious acts have rarely been certified, and with most existing terrorism coverages requiring federal certifications, there is the potential for gaps within (re)insurance covers. Guy Carpenter has worked with many companies to review existing programs to modernize placements and bring them in line within existing guidelines amid the new and changing faces of terrorism.
With our extensive suite of terrorism modeling solutions, risk aggregation capabilities and Guy Carpenter’s dedicated terrorism reinsurance experts, we can guide companies in improving their overall knowledge of evolving terrorism/malicious act threats.
Evaluating treaty and facultative reinsurance protections, both current and new, should be considered as both terrorism and malicious acts are increasingly likely to transcend multiple lines of business at limits and attachments beyond the existing coverages and limits afforded in carriers’ monoline towers.
Guy Carpenter experts support carriers looking to modernize, evaluate and better tackle the emerging terrorism and malicious act risks within their organization’s structure and portfolio.