When people are in the firing line

Jonathan Gregory, global head of kidnap and ransom at AIG, explains why a changing terrorism threat landscape requires businesses to rethink their approach to risk and insurance.

The Westminster attack in London on 22 March 2017 is indicative of the current terrorism threat in Organisation for Economic Co-operation and Development (OECD) countries. In an era where complex plots involving several individuals are likely to be intercepted, organisations such as ISIS and AQAP (Al-Qaeda in the Arabian Peninsula) have shifted their focus to encouraging lone attacks using improvised weaponry, such as vehicles and knives.

In the 16 years since 9/11, efforts by counter-terrorism and security forces have improved significantly. As a result, plots most likely to slip through the net in Western countries are those perpetrated by small groups or lone, radicalised individuals, targeting civilians using relatively simple methods. Examples include last year’s truck attacks in Nice and Berlin and nightclub shootings in Istanbul and Orlando.

However, devastating marauding firearms and suicide bomb attacks in Paris and Brussels are also reminders of the potential for more sophisticated plots. As AIG’s whitepaper ‘Global Terrorism: On High Alert!’ explains, while the threat of a spectacular attack has not completely dissipated, organisations need to consider the implications of a new threat era where attacks on so-called ‘soft’ targets are more likely.

In 2015, there was a 650% rise in the number of fatalities resulting from terrorism in OECD countries, according to the Global Terrorism Index 2016, published by the Institute for Economics and Peace. More than half were connected to ISIS, with jihadists targeting crowded public venues including sports stadiums, transportation hubs and music venues. Such attacks represent an increased threat to organisations’ employees.

While the risk of businesses getting directly caught up in a terrorist attack remains very remote, they need to consider the safety of their employees as they go about their day-to-day business. This includes a duty to train personnel to be aware of their surroundings and potential risks, and how to respond to an incident, including updating HR of their whereabouts. Active shooter training is also advisable for security personnel and employees working abroad.

It is clear that recent events have made business leaders more alert to the threat. According to research carried out by AIG and Ipsos MORI in the UK in 2016, 40% of respondents are fairly or very concerned about the vulnerability of their people in the UK to terrorism. Thirty-seven percent were concerned about terrorism impacting their business premises, while 55% were concerned about the impact of terrorist activities impacting computer networks.

The virtual world is increasingly a battleground for terrorist organisations. Groups such as ISIS have invested heavily in their online propaganda and social media is an important tool through which they seek to influence vulnerable individuals. Meanwhile, a more connected world also offers the opportunity for malicious actors to wreak havoc on company networks and infrastructure from remote locations anywhere in the world.

Tackling the enemy within
In the context of cyber risk, employees with access to secure systems that can cause significant loss or damage in the wrong hands are potentially an organisation’s weakest link. Staff members can be targeted and exploited, both knowingly and unknowingly, through grooming or spear-phishing exercises in order to gain access to a company’s systems and even physical infrastructure, a particularly worrisome exposure for power and utility firms.

One way of monitoring staff is via a buddy system, whereby one colleague checks and approves decisions and actions of another. We also see anecdotal evidence that organisations are paying more attention to which staff members are given approved access to systems and networks, and taking steps to limit this.

The Westminster attack once again highlighted the importance of security barriers, with many of those protecting inner cities now highly engineered and designed to blend into the landscape. Yet in addition to blast- and attack-proof design, protective security measures and surveillance should include several lines of defence. Organisations should consider how quickly their buildings could be locked down in the event of a marauding attack and whether their staff are prepared to respond, with a ‘run, hide, fight’ mentality typically encouraged.

Whereas property damage was a key concern in the immediate aftermath of 9/11, with a focus on the risk surrounding ‘trophy’ buildings, risk and insurance managers are increasingly concerned about business interruption. Organisations are considering their response if directly or indirectly affected by a terrorist incident, for instance if transportation systems or city centres are shut down in the aftermath of an event.

The challenge for insurers, brokers and insurance buyers is to consider insurance programmes in the context of the changing risk landscape and to innovate where necessary to ensure products remain fit for purpose. In the current market, plentiful and affordable capacity is available for terrorism, political violence, political risk, kidnap and ransom, cyber and non-physical damage business interruption, in addition to exposures that are encompassed within all-risks policies.

Among other things, insureds should consider whether they have any gaps in their programmes and how these might be addressed. An important question is whether to purchase terrorism as a standalone product or embed it within the broader property portfolio. In situations where there is uncertainty over the definition of an event for instance, such as was the case with the Bangkok riots and events arising from the Arab Spring, placing terrorism within the scope of an all-risks policy can offer greater certainty of cover.

To find out more about AIG’s Global Terrorism whitepaper, published in partnership with the Royal United Services Institute and NYA International, visit www.aig.co.uk/insights.

Contributed by Jonathan Gregory at AIG

Back to top button