James Moorhouse looks at how the market for terrorism cover has evolved and how to appropriately tailor cover
The terrorism threat landscape in the UK is constantly changing, with increasing unpredictability. While standalone terrorism cover was offered in the 1990s, demand for the product increased significantly after property insurers began to exclude physical damage due to terrorism from their policies after the terrorist attacks in New York on 11 September 2001.
Since then, there has been a considerable shift in terrorists' methods. Islamic extremism has seen a trajectory from planned group attacks to isolated low-complexity acts by individuals. The recent classification of Extinction Rebellion as a 'key threat' by UK counter-terror police also demonstrates the range of ideologies that are now identified as extreme. With many different reasons behind terrorism, not only are counter-terrorist operations covering a wide range of causes, insurers are also constantly trying to catch up with how to protect those affected.
However, it seems many businesses still do not have enough cover. According to Pool Re, 43% of businesses interviewed after the Manchester Arena bombing in 2017 did not have any continuity, disaster recovery or crisis plan in place. There were also estimated losses of £1.4m after the London Bridge and Borough Market attacks in 2017, due to restricted access to business premises during the investigation.
Reading the policy wordings and extensions in detail with clients is important to ensure they are buying the correct level of cover
Any business that does not have any form of cover against this type of catastrophe peril leaves itself vulnerable to the wide-ranging types of damage caused. An act of terrorism, as defined in The Terrorism Act 2000, does not just affect the intended target but can cause collateral damage to the surrounding area. As well as large businesses in urban areas, smaller businesses and operations in outer areas are all recommended to have some type of protection against terrorism.
It is important for businesses to understand the risks involved and that there are many different ways an act of terrorism could affect them. For example, employers could be liable for the safety of employees and third parties.
While some commercial insurance policies still have a terrorism exclusion, liability policies usually include it, with a sub-limit applied to a certain level. For example, motor personal injury sections include the cover to an unlimited extent but the damage element is sub-limited; and personal accident travel policies may include or exclude depending on the market segment.
But what risks are eligible for terrorism cover? The aftermath of a terrorist act can have numerous consequences, affecting both individuals and businesses. Which is why cover against terrorism should be appropriately tailored:
- Home insurance -- damage to property and contents from acts of terrorism.
- Car insurance -- damage to or destruction of vehicle caused by an act of terrorism.
- Travel insurance -- trip cancellation or medical expenses related to an act of terrorism.
- Business interruption -- restoration costs caused by an act of terrorism.
- Workers compensation -- compensation for employees injured or killed due to an act of terrorism.
- Property damage -- damage to property and contents from acts of terrorism.
- Cyber -- costs related to a cyber-related act of terrorism.
It is difficult to predict an act of terrorism, both from the perspective of a law enforcer as well as an insurer. This is why 'acts of terrorism' should be covered as part of a more comprehensive product, rather than an exclusion. There are also standalone products emerging on the market that can include the following:
- Political, religious and ideologically motivated acts of terrorism and sabotage.
- Persons acting alone -- 'lone wolf' attacks.
- Acts of war and hostilities, such as the Salisbury poisonings in 2018.
Reading the policy wordings and extensions in detail with clients is important to ensure they are buying the correct level of cover. This should also extend to checking that the wording covers the risks and exposures they are concerned about. Many small businesses do not realise their current property and business interruption insurance cover excludes acts of terrorism. Gaps in policy wordings could mean that acts of terrorism might be excluded or restricted to physical damage only.
Not all commercial policies include non-conventional cover, such as chemical, biological, radiological, nuclear-related damage. While such an attack is still unprecedented in the UK, this might be relevant if the policy is purchased by a UK insurer for overseas operations or as part of Pool Re.
For individuals, travel insurance may need to include medical costs, repatriation or trip cancellation caused by a terrorist-related event.
However, it is non-damage business interruption (NDBI) that could provide the biggest challenge to insurers. As well as direct losses, businesses can be affected by a nearby event or attack causing significant disruption and the potential denial of access.
The 2017 attacks in Borough and London Bridge saw a significant commercial area shut down during the investigation, causing a massive loss of earnings for those with restricted access to their businesses. If these attacks had taken place nearer The Shard, this amount would have been much higher due to the disruption to business continuity.
The inclusion of NDBI should be clearly defined in the wording of any extension to business interruption policy wordings, to include terrorist-related triggers. Damage to property might be included, but non-damage that can impact the operability of a business should also consider the following:
- Denial of access.
- Specified or notable diseases.
- Loss of attraction.
- Remote digital interference.
Being able to respond effectively during a terror threat is also important. Whether a client is approached with a suspicious item or needs to restore their business operations after they have been halted suddenly, it is important that they know how to handle these situations. Crisis management, relevant staff training and business continuity plans should be regularly monitored and reviewed. This could include security recommendations shared with staff about how to handle suspicious items or a bomb threat, communicating with employees if an event has taken place so to avoid the area, or reporting suspicious members of staff to the relevant people.
As acts and causes of terrorism develop, it is important for insurers to keep up to date with new methods as well as the effects of the aftermath. During the past few years, terrorist attacks have shifted from the bombing of public places to low-complexity attacks by a 'lone wolf' using easily available tools, such as vehicles and knives. Cyberterrorism is also on the rise, which presents a new and complex invisible threat.
Therefore, it is important to recommend some sort of terrorism-related cover to clients, as acts such as these are not restricted to city centres, meaning that anyone can be at risk. Well-maintained business continuity plans should only be the very minimum of what businesses must do to know how to respond in such an event.
James Moorhouse is content manager of the CII