Religious Extremists, ‘Lone Wolf’ Attacks Changing Political Risk Landscape
In a short period of time, the political risk market has experienced a significant shift in exposures, with new potential threats and different territories now threatened by attacks from religious extremists.
Christof Bentele, head of Global Crisis Management at Allianz Global Corporate and Specialty, says the political risk market is much different today than it was just 18 or 24 months ago and that has had an impact on how insurers look at the risk.
“[Previously], separatists and nationalists of terrorism were prevailing, but now we have a shift into religiously motivated terrorism, and that means the targets of terrorists have changed,” Bentele said. “Religiously-motivated terrorism goes after people, where separatists and nationalist terrorism goes more to disrupt a country and goes after assets rather than people.”
Carriers have also added countries to their watch lists that were not previously considered targets of terrorist attacks. The changing exposures are having a dramatic effect on the overall geopolitical risk insurance market, Bentele said. Clients are now looking to acquire more terrorism coverage and different types of coverage than what they previously associated with political risks.
“What we’ve seen, especially after the attacks in Europe, is that there is a bigger demand for threat coverage. Not necessarily property damage terrorism, but non-damage [business interruption] type of coverage,” he said. “We also see higher demand when it comes to cancellation risks, especially for bigger events.”
In actuality, however, the number of lives lost to terrorist attacks decreased 14 percent in 2015 from 2014 and the number of terrorism incidents decreased 13 percent during the same period, according to Marsh’s “2016 Terrorism Risk Insurance Report.”
But the unknowns from emerging risks in the political risk market, such as cyberterrorism, are impacting the segment and increasing interest in terrorism coverage. Clients are slowly beginning to realize their vulnerabilities when it comes to cybersecurity and how their reliance on technology could lead to significant business interruption losses should a large-scale cyber event occur.
Businesses should be doing more to be proactive in addressing those vulnerabilities, said Matthew McCabe, senior vice president of Marsh’s Cyber Practice. Most companies have no idea how long it will take or how much it will cost to get back up and running should a major “hacktivist” event occur.
“Part of the challenge for organizations today is to build cyber resilience to recover from cyber events,” McCabe said.
In a webinar, Marsh discussed its recently released terrorism report that highlighted the shifts in terrorist tactics, as illustrated by recent attacks in the U.S. in Orlando and San Bernardino, as well as overseas in Brussels and Paris.
“There is a threat posed by international terrorist organizations as well as domestic terrorist groups, single issue groups, and ‘lone wolf’ actors,” said Tarique Nageer, leader of Marsh’s Property Specialized Risk Group. “Incidents that destroy buildings are less common, while acts orchestrated against ‘softer,’ more civilian targets have increased in frequency.”
As such, what clients need in terms of coverage and where they are covered have expanded. In a poll during the webinar of participants, 72.3 percent said their organization is more concerned about terrorism risk today than it was three years ago. According to the World Economic Forum’s “Global Risks 2016” report, companies doing business in the U.S. in 2015 ranked terrorism as one of their top three risk concerns.
The political risk landscape has expanded and threats have become more widespread, Bentele said, and clients are looking to have more localized insurance policies – similar to how businesses insure their property.
“First and foremost, we see a high demand from the United States in terms of foreign terrorism insurance policies, not only the usual three-prong type of coverage that we have here in the U.S. Companies are now looking more into their international risk,” Bentele said. “When you buy a global property program you have local policies in many countries – we see a very high demand to do this on the terrorism side as well.”
But some carriers have started to pick up losses in what was previously seen as a very profitable market, according to Bentele, and that could change the accessibility of coverage from private carriers.
“Now we’re seeing losses in Continental Europe, and I’m sure we will continue to see losses in Continental Europe, and it will have a direct impact on price and market,” he said.
How a terrorist act is defined also impacts a business’s ability to recoup losses. In many cases, Bentele said, it is not immediately clear if an incident is the act of terrorism or malicious damage, or whether it is due to political instability already occurring in the country, such as civil war, and every country defines an act of terrorism differently.
In order to trigger coverage from the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), attacks must meet the $5 million damage certification threshold, which Marsh said recent “lone wolf” and small-group attacks have yet to do.
Nageer said in the wake of an attack, clients can’t afford to wait to know if they meet the TRIPRA requirements.
“Get a certified standalone terrorism policy and then you are not waiting for the government to certify the act as an act of terrorism. It is a contract between the company and the insured,” he said.
Larger companies are starting to utilize captive terrorism insurance, according to the Marsh experts. The company said in its report the number of Marsh-managed captives accessing TRIPRA increased by 17 percent from 2014 to 2015. Companies that use captives to access TRIPRA can reduce their net retained risk related to terrorist attacks, Marsh said.
When it comes to cyber terrorism, the insurance industry agrees that businesses and governments are seriously vulnerable to a major cyber attack, but defining a cyber terrorism event is “very difficult,” says Marsh’s McCabe.
Cyber policies have a broader standard of cyberterrorism and generally do apply to disruptive activities against a business’s computer system, and offer a “much broader standard,” than what the federal government’s definition is, McCabe said.
Ultimately, all companies should be preparing for a potential catastrophic terrorist event that could affect their critical business operations, particularly their technology and network operations, McCabe said.
“Companies should test cyber resilience using catastrophic scenarios,” he said. “Planning should include the effective response for an enterprise event where networks are disabled. This should include a systemic event that more broadly targets critical infrastructure.”