The terrorism talk

After Paris, Berlin, Manchester and London, what should clients know about the “new” terrorism risks?



The restaurants in London’s Borough Market are tourist favourites. On Yelp, reviewers remark on the pun-filled menu at the Wheatsheaf Pub and authentic Spanish fare at Tapas Brindisa. This spring, both places earned a different kind of attention—as sites involved in the London Bridge terror attacks.

For businesses that rely on people—music lovers, foodies, tourists—the sharp turn in attack methods seen in London and Manchester, and earlier in Paris and Berlin, raises new questions about how they should protect both premises and patrons. “The targets these days aren’t physical [buildings],” notes James Gregory, Aon Risk Solutions’ regional director of crisis management. “They are attacks against large concentrations of people.”

Small wonder that Google searches for “terrorism insurance” spiked directly after the Manchester bombing. And it’s likely that the average business now has more pointed queries for brokers, about whether their downtown restaurant or their fleet needs extra coverage. There’s a bigger question, as well: With a new terrorism playbook at work, should broker-client risk discussions have a new playbook too?

What they should know: Who’s at risk?

Recent events put the findings of a new World Economic Forum survey into sharp relief. The 2017 Global Risks Report ranked large-scale terror attacks among the year’s top five global risks in terms of likelihood. This, along with the latest string of incidents, suggests that all clients should explore terrorism exposures. But this is not necessarily so, according to Ben Tucker, head of U.S. terrorism and political violence at XL Group. Location is still a critical factor, he says, making certain businesses in large cities or near attractions obvious participants in risk discussions.

Marsh’s 2016 Terrorism Risk Insurance report bears this perspective out, showing the highest uptake of terrorism coverage to be among media, education, hospitality and healthcare-related clients in major financial or tourist centres. While other sectors—retail, and food and beverage in particular—show lower uptake (at take-up rates of 55% and 53% respectively), there is new awareness among smaller businesses, says Tucker. “They see the risk as less remote than [it was] two or three years ago,” he says.

“Some products will only cover an active shooter, so a gun must be involved in the incident for a policy to respond.”

In Canada, brokers—rather than clients—are still more likely to raise the issue, but “there has been a renewed interest in having a discussion,” says Jeffrey Charles, managing director at Jones Brown Inc. He notes that, when it comes to the array of products and issues at hand, terrorism is working its way up the list.

The conversation is more necessary for some than others, according to Gregory.

“If I’m the broker for a medium-sized chain of Greek restaurants, would terrorism be one of my chief concerns for them? Not really,” he says, noting that organizations here tend to be more interested in preparing and responding to an attack abroad that might affect their employees. But, “if and when something happens in Toronto, that would obviously change the picture.”

What they should know: checking coverage

What does preparation mean within the current risk landscape? On home turf, it requires more scrutiny on the breadth of both standard and specialized liability coverages.

Tucker points to online terror propaganda that urges attacks with vehicles, knives and other weapons of opportunity. “It doesn’t have to be a gun,” he says. “This creates an issue because you might not get physical loss or damage to a building from these attacks.”

ENERGY
Sector most targeted by terrorists in 2016

Source: Aon, 2017

Coverage clarity is essential, especially when it comes to exposures beyond property or business interruption, says Charles. Although commercial general liability policies should respond to both third-party property or bodily injury losses, he says organizations should look for policy “silence” on terrorism. Some policies have a definite exclusion relating to terrorism and others specifically include them, but some don’t commit either way, he points out. “Are underwriters intending to pick up exposures that may arise from terrorist-type events? It comes down to a discussion of intent.”

If such an exclusion exists, “I’d be having a conversation with my broker about having it removed,” advises Gregory.

Charles also urges close attention to coverage gaps. A general liability policy may address defense costs or damages stemming from an attack-related lawsuit, but not incident response—anything ranging from access to capital to public relations support for reputational fallout, or psychological help for employees or bystanders, he points out, noting room for insurance programs to roll such services into products. (See sidebar, “Beyond Basic Coverage, below.”)

Beyond Basic Coverage

Modes of attack aren’t all that’s changing. In the wake of lone wolf attacks and low-tech weapons, appetites for specialized coverage have also changed. From Fortune 500 companies to small private businesses, “we have seen a clear increase in awareness and demand for [these] products,” says Richard Halstead, war, terrorism and political lines underwriter at Hiscox. “It’s crucial the insurance market responds to the changing threat with products that are relevant.”

Whether as a standalone or alongside standard terrorism coverage, the products—including “active assailant,” loss of attraction and malicious intent—fill key gaps. XL Catlin’s “active assailant” product provides business interruption coverage resulting from non-physical loss or damage, notes Ben Tucker, head of U.S. terrorism and political violence at XL Group, “which is unusual,” and covers counselling, job retraining or relocation medical expenses, and additional security following an attack. The company has seen premiums for first-party coverage double in the past year, he says, noting that they’re adding the coverage as an enhancement to roughly 15 to 20% of its standard terrorism policies.

The takers? Anyone from restaurants in high-tourist areas to schools and municipalities. “The range is tremendous.”

Even the newer slate of specialized terrorism-related products in the market—including active assailant coverage (which responds to attacks with a weapon), malicious attack (for cyber threats) and loss of attraction (for specific businesses that lose revenue because of a direct or local terrorist attack)—still need careful examination. Tucker points out that some products will only cover an active shooter, so a gun must be involved in the incident for a policy to respond. Others only respond to liability triggers, or a certain number of victims.

What they should know: liability exposures

It will likely be difficult to prove negligence if a business is hit by an attack, notes Charles. But the lack of “proven” liability makes it even more necessary for companies to be ready to address it, “whether that’s through defense costs or addressing damages should they be found liable,” he says.

In specific sectors, exposures are rooted in simpler, everyday practices, notes Steve Bojan, vice-president of fleet risk services at HUB International Ltd. “You run the risk of liability for not protecting your assets,” Bojan says, “and not taking precautions that a reasonable person would.” That includes keeping vehicles locked, and keys with drivers, rather than in the ignition, when not in use. (See sidebar, “Focus on Fleets,” below)

Focus on Fleets

On June 3, assailants in the London Bridge incident used fake bomb vests to incite fear and ceramic knives to inflict injury. Their biggest weapon: a rental van, which they drove directly into a busy tourist spot. What risk lessons does this event carry for companies whose vehicles could become part of an act of terror?

For fleet managers, it means doubling down on both high and low tech risk mitigation, says Steve Bojan, vice-president, fleet risk services, at HUB International Inc. On the “low” side, the biggest exposures can come from a simple lack of precaution—leaving the keys in vehicles unattended or hiring a driver without vetting them properly, he says. “They need to make sure their operations are following their written policies.”

Bojan recalls a past client that left its fleet in a yard with an open gate. “The keys were in the ignition of every vehicle.” Those trucks? They were 54,000-pound ready-mix (concrete) trucks. “If you wanted to cause some havoc, [those vehicles] could do it,” he says.

While employee education can underscore basic security practices, existing technology, like telematics, can further enhance them. “There’s a newfound urgency to know where vehicles are at all times. If I were a fuel delivery company in northern Connecticut, I would be concerned if I saw one of my vehicles headed to Manhattan,” he says.

Vehicles aren’t the only risk for fleets. Other company property that could offer perpetrators access to airports or other high-value targets should be considered. Courier companies often track uniforms and require any employee leaving the company to turn in all branded uniforms, he points out. Sometimes just a familiar logo can open doors. “I may not let Steve Bojan into a safety-sensitive area, but we wouldn’t think twice about letting the UPS truck in there.”

Even the simplest actions can prevent a disaster, he points out. When a car-rental clerk asks a simple question about where a customer is headed, it’s about more than just small talk, he says. “It’s knowing your customer and identifying outliers.”

Reputational risk should also be part of the exposure conversation, he adds, pointing to a non-terrorism example—major brands like Target, Samsung and Costco were recently linked to exploitative practices involving truck drivers in the U.S. “[Nobody] wants their product to be associated with negative issues,” he says. “The reputational risk in a lot of these cases far exceeds the financial risk.”

Larger organizations, such as tourist attractions or sports complexes, are asking not only how to defend their perimeters but how to define them. Gregory points out that a large venue that regularly has 40,000 people either coming or going raises huge issues in the context of terrorism. “How do you manage that process in a way that minimizes the risk?”

A defined distance between a venue’s property and the sidewalk may not matter in the emotional fallout of an attack, even if an insurance policy makes that determination. “It’s interesting to explore,” says Charles. “How do we measure the compassionate standpoint for preparedness or resilience?”

Then, there are other forms of attack. Both cyber and terrorism policies often have gaps when it comes to terrorism and acts of war, limiting the types of damage covered, according to a 2015 WillisTowersWatson thought leadership paper, Can Cyber Insurance Coverage Keep Apace with Cyber Exposure? “Inconsistencies in the definitions of cyberterrorism and cyberwar events will undoubtedly be a source of coverage disputes for claims related to cyberterrorism,” the authors state.

Despite the renewed emphasis on liability, Charles reminds clients that the terrorism landscape hasn’t changed completely. “I don’t necessarily want to shift away from property damage or the truck bomb or the building bomb. Those are still very real risks.”

What they should know: risk management

Real—and difficult to ward off. “There wasn’t anything the restaurant at the end of Stoney Street [in London] could have done about the active assailants driving over and attacking people,” Tucker says. Even at a nightclub like Pulse, site of a 2016 shooting in Orlando, Florida, and another example of an attack by an active assailant, negligence issues are murky, he notes. This is the case since club security is “more designed for the average person who’s being difficult, not someone who’s shooting their way in.”

Still, today’s realities demand a holistic picture of risk management: “It’s not just about insurance— it’s about what you are currently doing to manage your risk,” says Gregory. “What protections do you have in place? Are those protections adequate? Have you reviewed them in the past three years given that the terrorism model has changed?”

The biggest challenge: “How do you balance the appropriate level of security with protecting your patrons?” he asks. While “it would be difficult to get a semi-automatic weapon into a large sports complex, it wouldn’t be difficult to use it against people queuing outside.”

A 2015 Aon Special Risks report, The Changing Face of Terrorism, sets out a basic, Anticipate-Prepare-Response framework for organizations that stresses monitoring threats, ensuring that security is in place, crafting an evacuation plan and working with police.

While third-party consultants can help organizations with their risk management plans, Tucker notes that smaller businesses may not have the same access to that expertise. They can still boost risk efforts with materials like widely available FBI training videos, and by ensuring that continuity planning includes newer risk scenarios and an action plan for incident response. “How are you going to communicate with employees or customers? How are you going to help them?” Tucker asks.

Brokers can ask the same questions about their clients. Given the “momentum” in terrorism events of late, opening the lines of communication is the critical step in ensuring protection, Charles says. “It’s about the willingness to have the conversation and dig a little deeper to get it right.”

__________________________________________________________________________
Copyright © 2017 Transcontinental Media G.P. This article first appeared in the August 2017 edition of Canadian Insurance Top Broker magazine

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.