From 2014 onwards, it became apparent that a terrorism insurance gap had emerged. Attacks increasingly caused little or no property damage but still resulted in significant losses. However, for policies to respond, a direct physical damage trigger was required, leaving insurers without cover. The recently passed Counter-Terrorism and Border Security Bill 2018 allows Pool Re to cover losses incurred if a business cannot trade or is prevented from accessing its premises in the wake of a terrorist attack.
Following the 1992 bombing of the Baltic Exchange by the Provisional Irish Republican Army (PIRA), terrorism exclusions were applied to property policies, precipitating the creation of Pool Re to ensure the availability of terrorism cover for commercial property. However, the threat landscape has evolved significantly since then, and cover created to mitigate the risk of legacy threats may not respond to the full range of Methodology employed by todays terrorists.
Conceived against the backdrop of the militant Republican bombing campaign against financial and commercial infrastructure, Pool Re’s cover was designed to respond to losses triggered by material damage to commercial property (PD) and attendant business interruption (BI) costs. With the 2001 attacks on the World Trade Center, Islamist extremism supplanted Northern Ireland-related terrorism as the primary terror threat to Great Britain. The intent of Islamist terrorists was (and remains) to maximise loss of life and societal disruption. Consequently, property is no longer the primary exposure at risk, with attacks today typically generating much less PD than those mounted by PIRA two decades ago. Nonetheless, the economic cost of terrorism remains high. The 2016 Brussels Airport bombing resulted in total losses of approximately 200m. PD losses accounted only for an estimated 3m of this, while BI losses were estimated at 42m.
The divergence from historic patterns of targeting became particularly pronounced after 2014, when Daesh exhorted its followers in the West to mount attacks using a variety of tactics, including unsophisticated Methodology like the use of vehicles and knives as weapons. Following Daesh’s call to arms in mid-2014, Western Europe witnessed 65 Islamist attacks, half of which employed low complexity Methodology. While capable of causing large numbers of casualties and significant economic costs, these attacks did not generally cause significant property damage. For example, the 2016 Nice attack killed 84 people and cost the French economy an estimated 300m, but available evidence suggests there were no property claims.[1]
Subsequent attacks would further illustrate the gap between insured loss and actual cost of terrorist attacks, and the limitations of existing terrorism cover. The investigation into the 2017 London Bridge attack was accompanied by a 10-day police cordon around the area. Borough Market was closed, and the owners of its 153 stalls were prevented from accessing their premises. Estimated losses were £1.4m at minimum.[2] Few, if any, of the affected businesses are believed to have had terrorism cover. However, there was very little damage to property as a result of the attack, so, in the absence of direct PD trigger, it is unlikely that any would have been able to claim for BI losses. The London Bridge attack, and the protection gap it highlighted, was the primary driver for the amendment to Reinsurance (Acts of Terrorism) Act 1993 provided by the Counter-terrorism and Border Security Bill which will enable Pool Re to offer non-damage BI cover.
This protection gap was not exclusive to low-complexity Methodology; half of Islamist attacks involving firearms in Europe since mid-2014 did not cause any PD. In total, two-thirds of attacks in Western Europe during the period would not have triggered property policies. The wave of Islamist violence also demonstrated that terrorism risk was no longer concentrated in areas near high-profile targets. Crowded locations of any sort became potential targets, with civilians attacked at prosaic locations like supermarkets, bus stops and churches. While targets of totemic value accounted for the majority of attacks, these now included police officers on patrol and ordinary Jewish institutions like schools and delicatessens. The trend towards greater diversity in targeting means the threat is more geographically dispersed than before; almost 40% of Islamist attacks in Europe since mid-2014 occurred in conurbations with fewer than a million inhabitants.
The change in threat means many more organisations may be exposed to terrorism than previously, and that relative anonymity or remoteness from symbolic targets are now less likely to shelter them from either the direct or indirect effects of a terrorist attack. Businesses close to the site of an attack are likely to face denial-of-access (DoA) and attendant business interruption due to police cordons. While the size and length of cordons will likely vary considerably depending on the nature of attack, the 10-day cordon around London Bridge and Borough Market gives some indication. Most cordons are likely to last days rather than hours and could extend for hundreds of metres around crime scenes.
Furthermore, businesses losses are unlikely to be confined to revenues and stock lost due to DoA. Attacks can depress trade in areas affected by terrorism for months after an incident; the Parisian regional tourism committee assessed that the tourism sector suffered a 6.1% drop in revenues over the year following the November 2015 attacks.[3] Tourism and hospitality sectors are particularly susceptible to loss-of-attraction (LoA), although all consumer businesses are likely to suffer from diminished footfall as a result of attacks. Experience from the 2017 attacks in England suggest that small and medium-sized businesses (SMEs) are especially vulnerable to BI losses, particularly cash flow interruption and loss of perishable stock. They are also likely to be more sensitive to supply chain disruptions and diminished footfall. To understand fully the impact of attacks on SMEs, Pool Re commissioned a study into the Manchester Arena attack and its effects on local businesses. The study’s key findings are detailed later in this report.
To close the protection gap which has emerged in recent years, Pool Re will extend its cover to include non-damage BI (NDBI) losses. This will allow Pool Re Members to opt into providing Pool Re-backed NDBI coverage, or to write such cover independently. Once they elect to join the Pool Re NDBI solution, Members will be able to offer NDBI cover to the extent such cover is provided on their underlying BI policy. The reinsurance cover available from Pool Re consists of two key elements:
- Non-Damage Denial of Access – this covers policyholders if access to their premises is denied or impaired, and they suffer loss of income or increased costs.
- Non-Damage Loss of Attraction – this will cover loss of footfall caused by a terrorist incident in the immediate vicinity of the premises.
Importantly the scope of cover offered is very wide and would extend to incidents involving chemical, biological, radiological and nuclear causes, so if the events in Salisbury had been certified as an act of terrorism, Pool Re NDBI cover would trigger. However, the NDBI cover will not extend to incidents triggered by remote digital means (cyber terrorism).
While the legislative amendment authorising Pool Re to reinsure NDBI cover is an important step to closing the protection gap and making cover affordable, more work is necessary to promote awareness of the threat and availability of cover. Not only do we need to help businesses make informed decisions on whether to buy any type of terrorism coverage, but we can also provide insight and research to inform better these crucial decisions.
While the frequency of successful attacks in Europe declined significantly in 2018, the threat has not abated, and security services continue to work at capacity. Low complexity attacks remain likely, and there is ample evidence that Islamist terrorists continue to devote resources to executing spectacular attacks involving explosive devices against a range of targets. Furthermore, the increasing threat of extreme right-wing (XRW) terrorism may exacerbate an already complex threat landscape. XRW terrorists will likely employ similar Methodology to their Islamist counterparts, but are likely to target ethnic and sexual minorities as well as politicians, increasing the geographic spread of potential targets. Meanwhile, the increasing availability of unconventional attack Methodology, like the use of drones, has the potential to cause both destruction and significant disruption.
This dynamic threat environment means that a proactive approach to risk management, underpinned by appropriate insurance, is vital if businesses are to increase their resilience to terrorism. Organisations should develop and rehearse crisis management and business continuity plans to ensure they and their employees know how to respond in the event that they are impacted by an attack. Pool Re continues to explore ways of increasing the UK’s resilience to terrorism through identifying and closing insurance gaps, encouraging provision of cover by its Members, take-up of cover by businesses, and promoting risk mitigation initiatives in partnership with its stakeholders in industry and government.
[1] https://www.ft.com/content/436faa32-8e7f-11e8-bb8f-a6a2f7bca546
[2] https://www.ft.com/content/70f1f014-2dc7-11e8-a34a-7e7563b0b0f4
[3] http://www.independent.co.uk/travel/paris-tourist-numbers-drop-franch-terror-attacks-further-charlie-hebdo-bataclan-shooting-isis-a7592836.html