[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Terrorism risk: Extreme measures

In August 2006, the UK authorities 
made arrests to prevent an alleged plot to bomb at least 10 transatlantic airliners. The attack never came to fruition, but terrorist organisations continue to seek ways to achieve mass casualty attacks. At the time, the Metropolitan Police Deputy Commissioner Paul Stephenson said: 
“We are confident that we have disrupted a plan by terrorists to cause untold death and destruction and commit mass murder. This was intended to be mass murder on an unimaginable scale.” In this article, we explore how such events can be measured and quantified in terms of the capital firms are required to hold under Solvency II.

Insurance firms that write life business are vulnerable to extreme terrorist events from concentrated exposure in high-risk locations. Examples of locations include major cities, large public events such as the Olympics and even public transport as people commute to and from work. Group business writers are especially likely to have acute concentrations of exposure in locations such as The Square Mile and Canary Wharf in London, or Manhattan in New York.

Particularly after the attacks on the 
World Trade Centre in New York in 2001, 
group business firms became more aware of the potentially ruinous cost from concentrations of risk for firms and have grappled with the how to measure, understand and manage this risk appropriately. Indeed, for some firms, retained risk may unintentionally be well in excess of risk appetite. The expertise required for assessing such risk is niche and not typically available within insurance firms. Management of this risk is best achieved through a rigorous understanding of the limitations of terrorism modelling and through analyses of a wide range of high-resolution data from multiple sources collected over a long period of time.

Global organisations with appropriate expertise and business interests in a 
wide range of international markets are able to model such risks for insurance firms. Firms are then more able to decide on the appropriate risk management strategy at a cost much more consistent with risk appetite. In this article we outline key considerations for the assessment and modelling of terrorism risk and, in particular, the importance of this in a Solvency II world.

The geopolitical situation and the terrorism threat
Terrorism is a constant threat and is considered credible by the UK and other governments worldwide. As recently shown in Norway, perception of low risk is no barrier to terrorism.

Figure 1Motivations vary widely between terrorists and terrorist groups depending on their ideological affiliation, which is often political or religious — for example, the al-Qaeda core and franchise groups, white supremacists and separatist movements using violence such the Real IRA and ETA. The structure of these organisations also varies widely, from a globally connected network of terrorist cells down to a 
self-motivated and trained individual.

There are dozens of successful terrorist events across the globe every day — the Aon Terrorism Tracker records an average global frequency of 12 (non-failed) terrorist incidents per day over the last 12 months worldwide — excluding a large number of failed attempts and those mitigated by security services. The type of attack varies widely, but is overwhelmingly from conventional sources. Notable past events include New York (9/11), London (7/7), Madrid (2004), Mumbai (2008) and the recent Oslo massacre (2011).

The data required to build knowledge about the threat includes attack frequency, attack methods, targets and perpetrators. 
The expertise needed to understand the threat must encompass the geopolitical situation, motivations, capabilities, causes and mitigation. A credible model should take into account all these factors and make contextual assumptions in order to formulate a robust forecast of the risk.

Modelling extreme risk and using expert opinion
Probabilistic loss simulation on a nationwide scale involves the incorporation of expert opinion into a catastrophe model. The four key components of a catastrophe model are described in Table 1.

Table 1

The assumptions that are required for these components have to be robust, requiring expert judgment, which takes into account the historical record alongside forward looking views. While terrorism modellers can be relatively confident about the vulnerability component, since it contains empirical data, it is more difficult to forecast the hazard/frequency. The model must take into account the possibility of those scenarios that have never occurred 
to date, such as the more spectacular 
non-conventional attack types. The results are sensitive to the frequency of attack but, more specifically, to the frequency of very high-impact attacks.

Probabilistic loss simulation, with scenarios of extremely low probability, is known to be problematic, particularly if the frequency may be chaotic rather than linear, which it seems to be for high-impact terrorism. With this in mind, it is critical to ensure appropriate expert opinion to credibly model the frequency of high-impact terrorism based on factors such as existing capabilities of known groups, technical complexity, availability of resources and levels of state mitigation allocated to ameliorating a specific kind of threat such as an improvised nuclear device.

Making fit for Solvency II
“There is no way you’re going to have an event like 9/11 and expect things to remain the same. They killed 3,000 people in New York on that day, and if they could have they would’ve killed 300,000.” — Tony Blair

Within Europe, the upcoming Solvency II regulations are driving life insurers to consider their portfolio exposures to catastrophe risk. They are revisiting their risk management to understand how the terrorism threat translates to capital requirements, risk appetite and risk management strategies. 
For Solvency II, firms are required to hold capital on the basis of a one-in-200-year event. This immediately begs the question: what does a one-in-200-year terrorism event mean? In the context of the quotation above, this question is more about the likelihood and severity of attacks that terrorists may 
now be capable of: what is the probability 
of a terrorist event causing 3,000 deaths in 
New York today and could they kill 300,000?

Companies wanting to model the mortality and morbidity risks associated with terrorism for Solvency II purposes are probably faced with two choices: develop a model themselves or commission an outsourced model. Even if firms develop the technology themselves, they may have limited knowledge of the likelihood and impacts of potential terrorist events. Therefore, using an established organisation, with the attendant expertise, has clear advantages.

Both Solvency II and sound risk management suggest that directors should not treat any model as a ‘black box’ and blindly use the results. The user needs to understand and review the model, its assumptions and results. In the case of terrorism, this is particularly challenging since, as previously discussed, there is meagre past experience and much expert judgment involved in assessing the future likelihood and impact of unlikely events. Table 2 lists some ways of validating a model — its mechanics, assumptions and results.

Table 2

Peer reviewing the underlying assumptions is probably one of the biggest challenges given the level of expertise required to understand the assumptions. Is the firm, or indeed external actuarial advisor, competent to confirm that, for example, a two-kiloton bomb would kill 1%, 20% or 50% of the population between a two- to three-mile radius from the blast centre?

It may be difficult to find a terrorism expert reviewer to whom the external model provider is comfortable disclosing full details of the model, since this is valuable intellectual property. Without this, it is then questionable whether a reviewer could arrive at a position where they could agree a set of assumptions as reasonable.

The actuary could also consider comparisons of the average losses generated by the model over ranges, for example £300m in excess of £100m, which can be compared to the cost of buying this cover in the market. As uncapped cover is probably not available in the market, only a limited part of the distribution is validated. Also, the comparison here is difficult to make as the market price has many other factors within it than the pure risk assessment.

It could be argued that a more powerful validation is to assess whether an alternative independent model would give similar results. Comparing the underlying method and assumptions can also be more useful than peer reviewing one model in isolation. However, care has to be taken to ensure this validation is based on a true like-for-like comparison.

Documentation, as well as validation, is likely to be under the spotlight with Solvency II. A good external model comes with full documentation; however, this will need supplementing with additional material including:

• Reasons for selecting the external model including details of the model provider’s knowledge, qualifications and expertise

• Validation done by the user — see Table 2

• Results — including sensitivities of 
main assumptions.

Terrorism risk is receiving greater focus under Solvency II regulations for life insurers. Firms are trying to grapple with understanding the threat, finding the most appropriate risk management arrangements and deciding what capital should be held. It is clearly an important risk, given its impact on insurers if an extreme terrorist event occurs where significant concentrations of risk are exposed. Sourcing the appropriate expertise is critical for understanding and embedding terrorism modelling within a risk management framework.


Thanks to Chris Holt, MBE (Aon Crisis Management), Raveem Ismail (The University of Oxford) and 
Stephen Johnson (Cranfield University)


Andy CoxAndy Cox (left) is responsible for pricing and Solvency II development for the group risk business at Legal & General


Scott ReidScott Reid is a life reinsurance broker at Aon Benfield