Companies struggle to find balance for terrorism insurance

Hundreds of actors found themselves hired for an unusual performance earlier this month - faking illness. The actors, part of the USA's largest ever terrorism drill, played people suffering from the effects of a biological agent.

The drill, during which officials staged a car bomb and a chemical attack in Connecticut, involved hospitals, investigators, politicians and consultants. On a smaller scale similar exercises are carried out by companies concerned to test the resilience of their operations to terrorism attacks.

But while such exercises are becoming more common in the corporate world, consultants and insurance brokers argue that many companies are not sufficiently focused on the threat of terrorism.

In looking at some of the polls over the past few years and asking what factors keep boards awake at night, terrorism doesn't even appear in the top 10, says Rob Preston, consultant crisis management at Aon, the global insurance broker.

People see operational risk and loss of intellectual property as more critical than terrorism - and we think that's probably wrong.

Part of the problem is that no pattern of attacks has yet emerged on which to base risk assessments with regard to terrorism. While events such as the World Trade Center attacks of 2001 and the Madrid bombings of 2004 have demonstrated the power of terrorists to wreak destruction, the global nature of terrorist networks makes it difficult to predict the location of future attacks or whether their frequency will increase.

Nevertheless, argues Mr Preston, this is no reason for companies to bury their heads in the sand. What they should be doing, he says, is assessing risk by looking not only at the potential threats but the vulnerability of their own operations to those threats.

You can't do anything about threat, but you can do something about vulnerability, he says.

There is a physical side, such as blast proofing or CCTV, but also at board level, companies should look at business vulnerabilities like a choke point in the supply chain.

In addition, the threats vary considerably from country to country with different organisations choosing different targets and a variety of methods through which to attack those targets.

"People see operational risk and loss of intellectual property as more critical"

While catastrophic attacks tend to dominate the headlines, it is often forgotten that, for example, India regularly suffers attacks from separatist groups.

Companies have to be aware of how vulnerable they are, says Alastair Morrison, chairman of Kroll Security International.

If you have to go into a country such as Indonesia, where there have been incidents against western interests, you have to think about how much at risk you are

This will determine what a company should spend on measures to reduce the impact of terrorist attacks and on insurance coverage, says Stephen Ashwell, terrorism underwriter at Hiscox.  If you are a cheese farm in Finland, it is pointless spending millions of dollars on security.

By contrast, a business located in the centre of a big metropolitan area would need to take a different approach.

It's clear that the platform of al Qaeda wants mass casualties on the front page. So anyone with public access or in large shopping areas is particularly at risk and they should look to security systems and at what their contingency plans should be, he explains. But any spending has to be commensurate with the risk.

Of this spending, a large proportion remains tied up with insurance. In this area, companies are finding that the access to and affordability of terrorism coverage have eased considerably in recent years, with far greater capacity in the market than there was immediately after the attacks of September 11.

However, Mr Ashwell believes that many companies have not yet found the right balance between insurance coverage and risk management measures such as disaster recovery and business continuity plans. Some of them may be tending to buy too much insurance, or too little, because they haven't looked at that side of things, he says.

Nevertheless, there is evidence that more companies are taking terrorism threats into account when making investment decisions.

In the past, the question was is the project viable and can we make money from it? But now you're having major input from the security side, says Mr Morrison.

So while a project makes sense financially, people are asking about the risk to installations of terrorists taking over, or people being killed because there's a war going on.

Mr Morrison believes that terrorism is moving up the board agenda, with sophisticated companies appointing senior level executives to tackle managing risk in this area. Much of this pressure is coming from a recognition that security is part of corporate governance. It's forcing people to think these things through and the board has to go through the scenarios of what might bring down the business, says Mr Morrison. So the chairman and board are listening to their security people far more than they ever did before.