Assessing Terrorism Risk 15 Years After 9/11
Sep 08, 2016
Editor's Note: This month marks the 15th anniversary of September 11, one of the most complex and devastating events in U.S. history. Senior Risk Consultant Charlene Chia discusses the current threat posed by terrorist organizations and “lone wolf”attacks, the lasting effects of 9/11 on the insurance industry, and how terrorism risk can be modeled and managed today.
The insurance industry—and the world—were changed dramatically by the events of September 11, 2001. The terrorist attacks at the World Trade Center, the Pentagon, and in Shanksville, Pennsylvania, took the lives of nearly 3,000 people and generated approximately USD 44 billion (in 2016 dollars) of insured losses—the second largest loss in insurance history. Prior to 9/11, it was widely assumed that the risk of losses due to terrorism was so low that the peril was automatically covered under most insurance policies. The events of that day, however, demonstrated to the insurance industry that catastrophic losses across multiple commercial lines of business can happen simultaneously, suddenly, and without warning.
The Nature of the Threat Today
Fifteen years after the events of 9/11, the threat of terrorism continues to be a global concern. In recent years, the Islamic State (also known as IS, ISIS, ISIL or Daesh) has gained in influence, surpassing Al-Qaeda as the organization that poses the greatest perceived threat to the U.S. and overseas. A few events have led or contributed to the current state of affairs, most notably, the outbreak of the Syrian civil war in 2011. Spawned from the Arab Spring protests of the same year, the war has now escalated to encompass large areas of both Syria and Iraq as the Islamic State seeks to expand its caliphate.
The terrorist group encourages attacks against Western nations by using their propaganda via social media and the internet to both recruit and radicalize foreign fighters, who then return to their home countries with the potential to carry out attacks themselves or inspire others to carry out attacks. The terrorist attacks in Paris, Brussels, and Istanbul are all recent examples that have been attributed to the Islamic State. In addition, Islamic State sympathizers have been responsible for smaller “lone wolf” attacks carried out by one or two perpetrators. These types of attacks are aimed at causing large casualty losses to inspire fear and typically do not cause much property damage. For example, the attack in Orlando that killed 49 civilians, the deadliest mass shooting by a single gunman in U.S. history, and the Bastille Day attack in Nice, during which 84 people were killed by a man driving a 19-ton truck. Until the situation in both Syria and Iraq de-escalates and world leaders devise a clear strategy to defeat the Islamic State, the frequency of attacks is expected to increase globally. Other terrorist groups such as Al Qaeda and Boko Haram pose a significant threat as well. Although the number of attacks carried out by Al Qaeda has increased at a slower rate compared to the Islamic State, which is partly due to the elimination of the organization’s top leaders. Similarly, Boko Haram was the most lethal terrorism group as recently as 2014 accounting for 6,644 deaths that year.i
Impact on the Insurance Industry
Despite the escalated terrorism threat, there has been minimal impact on the U.S. terrorism insurance market, thanks, of course, to security measures put in place by the Department of Homeland Security, but also to the reauthorization of TRIA for the third time last year. TRIA provides, for most commercial lines, government-subsidized reinsurance for direct terrorism losses above the insurance company’s deductible, subject to a copayment by the insurer. The government scheme has long been credited for stabilizing the terrorism insurance market following 9/11, and it is expected to continue to do so with take-up rates hovering around 60% consistently for years.
A notable response to the lack, in recent years, of large-scale events like the Oklahoma City bombing or 9/11, and an apparent increase in smaller attacks, has led to the need to assess terrorism risk on an aggregate rather than on an occurrence basis, as individual smaller attacks are unlikely to trigger TRIA’s USD 5 million minimum damage certification level before federal coverage under the program can begin. In addition, recent attacks on so-called “soft targets,” such as in Nice, France; Orlando, Florida; San Bernardino, California; and the Charlie Hebdo attacks in Paris, which caused mass civilian casualties but minimal property damage, have heightened focus on protection against workers’ compensation, life and health, and business interruption–related losses. However, while market conditions are expected to remain stable until at least 2020, a major loss-causing event could rapidly disrupt the status quo.
Updates to the AIR Terrorism Model Reflect Current Terror Landscape
The updated probabilistic AIR Terrorism Model for the U.S. released this year reflects an increase in the likely frequency of terrorist attacks (see Figure 2). It does not include shootings (including lone wolf shootings) because these events do not typically cause significant damage to property.
Panel of Experts
Whereas natural catastrophe models are constructed based on decades of (albeit limited) historical data, AIR’s terrorism model incorporates the judgment of a panel of experts familiar with both the available data and current trends. This panel consists of counterterrorism specialists who have decades of experience in government organizations such as the FBI, CIA, Department of Defense, and the Department of Energy. By employing the Delphi method, which is a structured process to capture and statistically combine the opinions of a group of experts, the panel performs a social network analysis and probabilistic plot analysis of the steps involved in a successful terrorist operation.
These detailed operational threat assessments are used to create an event frequency and severity matrix of possible terrorist attacks, which is then used to generate the model’s stochastic catalog. The model considers damage from conventional weapons as well as chemical, biological, radiological, and nuclear weapons. In addition, with input from the expert panel, AIR has developed a comprehensive database of potential targets, or landmarks, across the United States (which include many of the same buildings found in the Department of Homeland Security database) and a subset of “trophy targets” that carry a higher probability of attack.
The AIR U.S. landmark database has also been updated with additional Forbes 500 U.S. corporate headquarters, professional sports stadiums, prominent buildings, hotels, and trophy targets such as One World Trade Center. Approximately 300,000 potential targets were used to create the AIR landmark database from which more than 41,000 were selected for use in the stochastic catalog, including approximately 100 trophy targets. The recently updated terrorism model also includes an update to the AIR U.S. Terrorism industry exposure database (IED) for property and workers’ compensation, as well as support for workers’ compensation exposures in geospatial ring analysis. Finally, the AIR Terrorism Model’s deterministic terrorism capabilities have been expanded to include 27 countries in addition to the U.S.: Australia, Belgium, Brazil, Canada, China, Colombia, France, Germany, Greece, India, Indonesia, Ireland, Israel, Italy, Japan, Kenya, Lebanon, Mexico, Netherlands, Philippines, Russia, Singapore, South Africa, Spain, Thailand, Turkey, United Kingdom.
Owning Terrorism Risk
A comprehensive terrorism risk analysis should include three components: accumulation analysis, deterministic analysis, and probabilistic loss analysis.
Accumulation Analyses Pinpoint Most Damaging Loss Potential
The most traditional accumulation analysis is a concentric ring analysis (see Figure 3). In Touchstone®, users can define custom ring radii and associate damage ratios at various distances from the centroid—the supposed location of a simulated bomb blast.
In addition to the standard ring analysis, (re)insurers can also perform a dynamic ring analysis with AIR’s Dynamic Ring Analysis Tool in Touchstone, which allows users to find their true ring of maximum exposure concentration for either property or workers’ compensation (U.S.) in their portfolios, pinpointing the areas most vulnerable from a single terrorism event. With a dynamic ring analysis, users are not restricted to placing rings around an insured location or a predefined landmark or even a specified grid. To make this possible, AIR developed an advanced algorithm that will scan the locations in the portfolio and find the area or ring that contains the most exposure. Within Touchstone’s Geospatial Analysis Module, these areas―or rings―of maximum exposure can be used alongside global terrorism risk maps produced by AIR's sister company Verisk Maplecroft to broaden understanding of terrorism risk. The maps take advantage of research by Maplecroft's team of security analysts to estimate terrorism risk scores, based on data on reported incidents and their severity, at a sub-national level. Accumulation analyses are typically used for filling out regulatory and rating agency reporting requirements, such as the Lloyds Realistic Disaster Scenarios and A.M. Best Supplemental Rating Questionnaire.
Perform Deterministic Analysis to Avoid Over- or Underestimating Loss Potential
To avoid over- or underestimating loss potential, performing a deterministic analysis is the next step after determining where the highest concentrations of risk reside in the portfolio. For a deterministic analysis in the U.S., users select a target either from AIR’s landmark database or from their portfolio, select a weapon type, and then estimate its impact on exposure as well as the potential losses to those policies. With Touchstone 4.0, (re)insurers can also deploy conventional weapons of their choosing at various locations within their portfolio to test “what-if” scenarios in 27 countries and estimate potential losses.
By performing a deterministic loss analysis, users can leverage the full extent of the AIR Terrorism Model. Unlike the accumulation analyses, where a static damage ratio is applied, the deterministic model will consider the surrounding urban density of where the attack takes place to calculate how explosions propagate through cities and rural areas, allowing users to get better loss estimates by taking into account what the physical hazard is at a given location. From there, the model considers the vulnerability or engineering of the different construction and occupancy types in the exposure and assesses the different policy conditions to arrive at a final event loss estimate using AIR’s financial module.
Probabilistic Loss Analysis: Assess Frequency, Loss Potential, and Range of Event Types
Finally, using the AIR Terrorism Model, companies can assess how frequently terrorist events might occur in the U.S., how large the losses could become, and the range of types of events that their portfolios might be exposed to. The probabilistic model includes 500,000 years of potential simulated events representing different weapons at various landmarks distributed across the U.S. from the AIR landmark database.
A key benefit of probabilistic modeling is that output is not limited to a few individual loss metrics, but rather encompasses an entire exceedance probability (EP) curve for a portfolio, allowing users to estimate the probability of different levels of loss resulting from a broad range of potential attacks. This provides companies with a far deeper understanding of their overall risk and enables them to prepare for a wide range of possible attacks.
Managing Terrorism Risk in the Years Ahead
The federal backstop for terrorism coverage isn’t set to expire until the end of 2020; but whether it will be reauthorized again smoothly or after another lapse remains to be seen. In the meantime, and regardless of what happens with TRIA, sophisticated modeling tools will continue to play an increasingly important role in helping companies evaluate and manage their terrorism risk.
iGlobal Terrorism Database (GTD)