August 28, 2017 by Terri Goveia
The restaurants in London’s Borough Market are tourist favourites. On Yelp, reviewers remark on the pun-filled menu at the Wheatsheaf Pub and authentic Spanish fare at Tapas Brindisa. This spring, both places earned a different kind of attention—as sites involved in the London Bridge terror attacks.
For businesses that rely on people—music lovers, foodies, tourists—the sharp turn in attack methods seen in London and Manchester, and earlier in Paris and Berlin, raises new questions about how they should protect both premises and patrons. “The targets these days aren’t physical [buildings],” notes James Gregory, Aon Risk Solutions’ regional director of crisis management. “They are attacks against large concentrations of people.”
Small wonder that Google searches for “terrorism insurance” spiked directly after the Manchester bombing. And it’s likely that the average business now has more pointed queries for brokers, about whether their downtown restaurant or their fleet needs extra coverage. There’s a bigger question, as well: With a new terrorism playbook at work, should broker-client risk discussions have a new playbook too?
Recent events put the findings of a new World Economic Forum survey into sharp relief. The 2017 Global Risks Report ranked large-scale terror attacks among the year’s top five global risks in terms of likelihood. This, along with the latest string of incidents, suggests that all clients should explore terrorism exposures. But this is not necessarily so, according to Ben Tucker, head of U.S. terrorism and political violence at XL Group. Location is still a critical factor, he says, making certain businesses in large cities or near attractions obvious participants in risk discussions.
Marsh’s 2016 Terrorism Risk Insurance report bears this perspective out, showing the highest uptake of terrorism coverage to be among media, education, hospitality and healthcare-related clients in major financial or tourist centres. While other sectors—retail, and food and beverage in particular—show lower uptake (at take-up rates of 55% and 53% respectively), there is new awareness among smaller businesses, says Tucker. “They see the risk as less remote than [it was] two or three years ago,” he says.
“Some products will only cover an active shooter, so a gun must be involved in the incident for a policy to respond.”
In Canada, brokers—rather than clients—are still more likely to raise the issue, but “there has been a renewed interest in having a discussion,” says Jeffrey Charles, managing director at Jones Brown Inc. He notes that, when it comes to the array of products and issues at hand, terrorism is working its way up the list.
The conversation is more necessary for some than others, according to Gregory.
“If I’m the broker for a medium-sized chain of Greek restaurants, would terrorism be one of my chief concerns for them? Not really,” he says, noting that organizations here tend to be more interested in preparing and responding to an attack abroad that might affect their employees. But, “if and when something happens in Toronto, that would obviously change the picture.”
What does preparation mean within the current risk landscape? On home turf, it requires more scrutiny on the breadth of both standard and specialized liability coverages.
Tucker points to online terror propaganda that urges attacks with vehicles, knives and other weapons of opportunity. “It doesn’t have to be a gun,” he says. “This creates an issue because you might not get physical loss or damage to a building from these attacks.”
Coverage clarity is essential, especially when it comes to exposures beyond property or business interruption, says Charles. Although commercial general liability policies should respond to both third-party property or bodily injury losses, he says organizations should look for policy “silence” on terrorism. Some policies have a definite exclusion relating to terrorism and others specifically include them, but some don’t commit either way, he points out. “Are underwriters intending to pick up exposures that may arise from terrorist-type events? It comes down to a discussion of intent.”
If such an exclusion exists, “I’d be having a conversation with my broker about having it removed,” advises Gregory.
Charles also urges close attention to coverage gaps. A general liability policy may address defense costs or damages stemming from an attack-related lawsuit, but not incident response—anything ranging from access to capital to public relations support for reputational fallout, or psychological help for employees or bystanders, he points out, noting room for insurance programs to roll such services into products. (See sidebar, “Beyond Basic Coverage, below.”)
Even the newer slate of specialized terrorism-related products in the market—including active assailant coverage (which responds to attacks with a weapon), malicious attack (for cyber threats) and loss of attraction (for specific businesses that lose revenue because of a direct or local terrorist attack)—still need careful examination. Tucker points out that some products will only cover an active shooter, so a gun must be involved in the incident for a policy to respond. Others only respond to liability triggers, or a certain number of victims.
It will likely be difficult to prove negligence if a business is hit by an attack, notes Charles. But the lack of “proven” liability makes it even more necessary for companies to be ready to address it, “whether that’s through defense costs or addressing damages should they be found liable,” he says.
In specific sectors, exposures are rooted in simpler, everyday practices, notes Steve Bojan, vice-president of fleet risk services at HUB International Ltd. “You run the risk of liability for not protecting your assets,” Bojan says, “and not taking precautions that a reasonable person would.” That includes keeping vehicles locked, and keys with drivers, rather than in the ignition, when not in use. (See sidebar, “Focus on Fleets,” below)
Reputational risk should also be part of the exposure conversation, he adds, pointing to a non-terrorism example—major brands like Target, Samsung and Costco were recently linked to exploitative practices involving truck drivers in the U.S. “[Nobody] wants their product to be associated with negative issues,” he says. “The reputational risk in a lot of these cases far exceeds the financial risk.”
Larger organizations, such as tourist attractions or sports complexes, are asking not only how to defend their perimeters but how to define them. Gregory points out that a large venue that regularly has 40,000 people either coming or going raises huge issues in the context of terrorism. “How do you manage that process in a way that minimizes the risk?”
A defined distance between a venue’s property and the sidewalk may not matter in the emotional fallout of an attack, even if an insurance policy makes that determination. “It’s interesting to explore,” says Charles. “How do we measure the compassionate standpoint for preparedness or resilience?”
Then, there are other forms of attack. Both cyber and terrorism policies often have gaps when it comes to terrorism and acts of war, limiting the types of damage covered, according to a 2015 WillisTowersWatson thought leadership paper, Can Cyber Insurance Coverage Keep Apace with Cyber Exposure? “Inconsistencies in the definitions of cyberterrorism and cyberwar events will undoubtedly be a source of coverage disputes for claims related to cyberterrorism,” the authors state.
Despite the renewed emphasis on liability, Charles reminds clients that the terrorism landscape hasn’t changed completely. “I don’t necessarily want to shift away from property damage or the truck bomb or the building bomb. Those are still very real risks.”
Real—and difficult to ward off. “There wasn’t anything the restaurant at the end of Stoney Street [in London] could have done about the active assailants driving over and attacking people,” Tucker says. Even at a nightclub like Pulse, site of a 2016 shooting in Orlando, Florida, and another example of an attack by an active assailant, negligence issues are murky, he notes. This is the case since club security is “more designed for the average person who’s being difficult, not someone who’s shooting their way in.”
Still, today’s realities demand a holistic picture of risk management: “It’s not just about insurance— it’s about what you are currently doing to manage your risk,” says Gregory. “What protections do you have in place? Are those protections adequate? Have you reviewed them in the past three years given that the terrorism model has changed?”
The biggest challenge: “How do you balance the appropriate level of security with protecting your patrons?” he asks. While “it would be difficult to get a semi-automatic weapon into a large sports complex, it wouldn’t be difficult to use it against people queuing outside.”
A 2015 Aon Special Risks report, The Changing Face of Terrorism, sets out a basic, Anticipate-Prepare-Response framework for organizations that stresses monitoring threats, ensuring that security is in place, crafting an evacuation plan and working with police.
While third-party consultants can help organizations with their risk management plans, Tucker notes that smaller businesses may not have the same access to that expertise. They can still boost risk efforts with materials like widely available FBI training videos, and by ensuring that continuity planning includes newer risk scenarios and an action plan for incident response. “How are you going to communicate with employees or customers? How are you going to help them?” Tucker asks.
Brokers can ask the same questions about their clients. Given the “momentum” in terrorism events of late, opening the lines of communication is the critical step in ensuring protection, Charles says. “It’s about the willingness to have the conversation and dig a little deeper to get it right.”
Copyright © 2017 Transcontinental Media G.P. This article first appeared in the August 2017 edition of Canadian Insurance Top Broker magazine
This story was originally published by Canadian Insurance Top Broker.