As the line between the definition of terrorism and malicious attack continues to blur, the insurance industry must react to the evolving threat.
Recent atrocities across Europe have revealed a fundamental shift in the chosen method of attack for terrorists looking to maximise publicity for their cause. Increasingly there is less emphasis on large, vehicle borne explosive devices – such as those used on attacks perpetrated by the IRA – and a greater focus on the use of small arms, bladed weapons and vehicles in order to inflict casualties and create the maximum publicity. Control Risks’ statistics suggest that over 80% of attacks carried out by Islamic extremists in Europe from 2014 to 2016 were carried out using these weapons.
These more nimble methods are not only having huge implications for businesses and their employees, but also for insurers. “As these types of attack become more prevalent and clients start to understand that this is an ongoing risk what does it mean for their terrorism insurance?” says Richard Halstead, War, Terrorism and Political Violence Line Underwriter for Hiscox London Market.
Increasingly there is less emphasis on large, vehicle borne explosive devices – such as those used on attacks perpetrated by the IRA – and a greater focus on the use of small arms, bladed weapons and vehicles in order to inflict casualties and create the maximum publicity.
Mumbai started the trend
While attacks over the past two years in Nice, Paris, London and Brussels suggest a relatively recent change in terrorist tactics, it’s nearly ten years since the Mumbai attacks in 2008 which saw ten members of an Islamic militant group involved in shootings and bombing across the city. Halstead believes it was these attacks that set the trend: “Since Mumbai we’ve seen such attacks escalate as the primary method used by terrorists targeting Europe and the US. They require less planning and resources, are more difficult for the intelligence services and authorities to intercept and prevent, while they also generated significant publicity for the terrorists’ cause.”
The rise in these small, independent terrorist cells is also a direct consequence of the ease with which individuals can become radicalised. “The proliferation of low-tech terrorist methods comes hand-in-hand with the rise in self-radicalisation made possible by a sophisticated network of easily available online propaganda,” says Victoria Cardwell, Associate Director for Control Risks. “While most attackers pledge allegiance to groups like IS, this often indicates that they have been inspired by them rather than they have had direct contact with these organisations. There is less design from the top.”
The proliferation of low-tech terrorist methods comes hand-in-hand with the rise in self-radicalisation made possible by a sophisticated network of easily available online propaganda.
It seems likely that the frequency of such events will increase, given the relative ease with which many of these attacks can be carried out – the London Bridge attack simply involved knives and the hiring of a small van – particularly as the disintegration of IS territory continues. “As Mosul and Raqqa fall, there will be a huge influx of foreign fighters returning to their home countries and posing a real threat,” says Cardwell.
The consequence, adds Halstead, is a need to look at clients’ terrorism exposure beyond that from a large explosive device: “Exposures from an active shooter type attack relate more to business interruption, not just at the time of the incident but also to ongoing losses to the business.” London’s Borough Market for example was closed for nearly two weeks after the London Bridge attack, meaning the 100 or so businesses that operate from the market were unable to trade. Clients may require the use of consultancy services and support long after the incident itself, Halstead also points out.
Clients can’t be left exposed
How the insurance industry responds to this changing risk is critical. From the inception of the original terrorism insurance product, which focused on the physical damage from an explosive device, cover has evolved to potentially include areas such a business interruption and the liabilities incurred, as well as broadening into areas such as political violence and war.
Insurers need to develop the protection they offer, providing a far broader definition in the policy wording of what is an act of terrorism, or risk leaving clients exposed.
According to Halstead, insurers need to develop the protection they offer, providing a far broader definition in the policy wording of what is an act of terrorism, or risk leaving clients exposed. “We have to respond to a wider range of threats, which is why we have moved away from a strict definition of a terrorist event through our use of a malicious attack wording. We’re not saying that an incident has to be a proven terrorist attack because it might be from a disgruntled colleague with a workplace dispute – but the impact is still the same on a business in terms of the downturn in trade and the need to provide employee counselling.”
Focus on the incident not the motive
The Westminster Bridge attack is a good example of where the individual involved was radicalised, but was also a petty criminal. Another example, says Cardwell was the San Bernardino shootings in California, which points to a “growing intersection between terrorism and workplace violence.” Typically, this is the sort of event where Hiscox’s malicious attack coverage wouldn’t seek to draw a distinction between whether it was a terrorist attack or not. “The cover focuses on the outcome of the event, which was the closure of an area leading to a subsequent interruption for businesses located nearby. It’s about the incident itself – not what motivated it,” says Halstead.
Following the London attacks, it also looks likely that the government will intervene in the terrorism insurance market by responding to recent calls to widen the scope of Pool Re – the UK’s government backed terrorism reinsurer – to go beyond physical damage and include additional losses for businesses such as a fall in bookings, staff leaving and the loss or damage of stock.
Dealing with corporate crises - the growing ‘duty of care’ risk for executives
The growth of transnational terrorism in the western world, together with issues such as an increase in workplace violence, extortion and employees being targeted by criminals, is piling pressure on company directors and officers, says Ed Whitworth, D&O Underwriter for Hiscox London Market. “Anything that harms a business, harms a director or an officer. It is why security risk has become a strategic issue and one of the top items on the boardroom agenda. And one of the big problems they face is the inability to quantify the regulatory and reputational downside from an attack.”
A particular area of exposure for directors and officers is a failure to exercise their duty of care responsibilities to their employees – the legal requirement to provide a healthy and safe working environment. “We’re still seeing a lack of awareness when it comes to duty of care, although it is better now than it was five years ago,” says Charlie Hanbury, Director of Hiscox Special Risks. “But, following an incident, directors and officers are likely to come under intense scrutiny from the courts, which are very clear on what are those duty of obligations in areas such as carrying out appropriate workplace and travel risk assessments. It is critical that every organisation puts in place a standardised approach to duty of care.”
Effectively dealing with security risk means ensuring there is one single plan that covers all perils, adds Hanbury. “Travel safety or business continuity incidents should be covered under one crisis plan. It’s very important, however, that directors and officers realise they cannot do it alone and have the ability to turn to third parties who can swiftly provide the appropriate resources and expertise such as the immediate response of a response consultant in a kidnap situation. In a crisis, a quick response is everything.”
Again, insurance must adapt to meet the changing risk, says Whitworth. “The growing demand from directors and officers is for help and expertise up front to manage a situation as opposed to purely balance sheet protection.”
Read more about the responsibilities for senior executives when it comes to dealing with corporate crises in a Risk & Compliance special roundtable discussion including Hiscox Special Risks' Charlie Hanbury.
For more information about Hiscox’s Security Incident Response.
