The nature of terror threats is evolving and so should the considerations for corporate risk and insurance managers. Tom Johansmeyer, assistant vice president, reinsurance services at Verisk Insurance Solutions – ISO Claims Analytics, asks whether parametric triggers are the answer.

For the hospitality sector, it’s pretty easy to imagine the nightmare terror scenario.  Three men enter a hotel beach resort at 7am armed with Kalashnikov rifl es and grenades.  Seven hours later, 21 people are dead, including security guards, guests, and the gunmen themselves.

This isn’t hypothetical. The attack occurred at a Grand-Bassam resort in Ivory Coast earlier this year. It may be tempting to dismiss the Grand-Bassam attack as the stuff of highrisk countries, but we’ve seen time and again over the past six months that porous borders, ease of access to weapons, and ideologically driven purpose can have chilling results.  San Bernardino, Paris, and Brussels brought aggregate fatalities of 175 and casualties of 674, according to data from Verisk Maplecroft.

Only three terrorist ‘resources’ were necessary to cause fear, panic and death in the Grand-Bassam incident. Each was equipped only with small arms. The cost to the terror organisation was not significant, and the risk of external factors disrupting the plan was quite low – unlike the risks associated with sending resources for commercial airline flight training. It’s no surprise that low-intensity – but high-impact – terror incidents are on the rise around the world.

The shift toward attacks that are easy to execute and designed to maximize fear relative to expense has broadened the set of potential targets worldwide and leaves many companies with unexpected exposure. Open spaces, such as hotels, that have easy public access andattract large crowds represent natural opportunities for those inclined to do harm.

In addition to considering the terror threat from the perspective of prevention, hotels also need to think about the insurance implications. High-frequency, low-intensity events could result in greater need for risk transfer, with new implications for hospitality corporation captives.

To Terrify

Terror isn’t necessarily an act focused on the destruction of property or creation of economic loss. Rather, it can affect a local population in a way that makes them feel profoundly unsafe where they would otherwise be secure. The nature of global terror attacks is shifting as it becomes clear that striking fear into the hearts of people can be accomplished quickly and easily.

Major events, such as the attacks of September 11, 2001, certainly qualify as terrifying, but such an endeavor – from the perspective of the terrorist – is high-risk in a number of ways. It can take years to recruit, train and deploy the resources necessary to complete the act of terror.

Along the way, recruited participants may prove unable to complete the task or be apprehended by authorities. Operational challenges may arise at the last minute, such as changes to security activity around a target.  Over a lengthy ramp-up time, too much can go wrong, resulting potentially in unnecessary expense and the risk that the act won’t be completed.  Low-intensity terror, on the other hand, is much easier to accomplish.  Small bombs or improvised explosive devices (IEDs) are easy to build, transport, deploy, and activate. Results cost less and come faster.

Under Siege

In 2015 and the fi rst quarter of 2016, Verisk Maplecroft reported on 37 terror events that affected hotels around the world, representing 268 fatalities, 336 casualties, and 171 hostages.  Further, even disciplined monitoring and security still leave plenty of opportunity for a terrorist to gain access to a lobby or restaurant.

As the terror threat evolves, how the hospitality industry understands and manages its risk will need to mature as well. Simply focusing on historically high-profi le properties or locations and considering them within the context of a major attack will have to give way to a broader view that small incidents can happen anywhere and at any time.

In the past 12 months in the United States, Verisk Maplecroft recorded incidents in Chattanooga, Tennessee; Dallas, Texas; and San Bernardino, California.

This means that a major hotel corporation with a variety of brands and locations will need a comprehensive view of its terror exposure, especially when incidents of homegrown terror occur. Suburban or exurban locations of economical and extended-stay brands could become terror targets, with significant risk to the property’s income and reputation.

While an effective risk transfer programme won’t prevent terror attacks (although attendant risk control measures would be beneficial), it can help return an operation to normal as quickly as possible, replace lost revenue, and minimise the effect of an incident on shareholder value.

And in today’s global terror climate – particularly with hotels at risk in parts of the world once considered safe – a hospitality corporate risk manager needs to have sound and effective answers to the inevitable questions about terror that the board of directors may ask.

Terror has become a hot topic in the global insurance and reinsurance industry, with new products coming to market to help corporate risk managers protect their companies. The ongoing talk of ‘excess capacity’ in the risk-transfer market would suggest that approaches should be readily available, especially as insurers and reinsurers look for new
opportunities to deploy capital.

Structurally, though, insurance does not appear to be able to satisfy the full need of the original insured market, given the increase in exposure implied by the shift in terror activity.

The true terror exposure that hospitality companies face is massive, and even the threat of an incident has the potential to have impact across multiple locations. Global revenue for the industry reached $550bn last year, according to data from Statista. Business interruption exposure, especially from low-intensity events, is perhaps the greatest risk that hospitality corporations face – and it’s significant.

Additionally, hospitality corporations face physical damage losses from larger events, which could bring the cost even higher. And there’s workers’ compensation exposure too.

Terror risk could become very expensive very quickly. In London, Bermuda, and Zurich, discussions about terror risk tend to be constrained by convention. There’s plenty of capacity available – as long as it’s deployed with certain limits, terms, and conditions.  The result is a massive gap in protection that leaves original corporate insureds exposed to events that could profoundly affect share price – and even the ability to operate certain locations at all.

Captive Parametrics

Captives, of course, could help fill this gap, especially when supported by the use of reinsurance and insurance-linked securities (ILS) to manage capital effectively. However, the lack of historical events of sufficient size to warrant hedging can make it difficult to operate a captive in a traditional manner.

Parametric-triggered protection through a captive could provide a fast, efficient, and reliable approach to securing terror protection.

Rather than structure protection in the traditional manner, a captive could be used to provide parametric cover – and then lay off risk in the same fashion to the reinsurance or ILS markets.  Using data from Verisk Maplecroft, a risk manager could develop a trigger that pays out on several parameters, such as:

• event type (i.e. bombing, arson/firebombing, damage to property, chemical/biological/radiological/nuclear attack)
• weapon type (i.e. vehicle bomb, mortar/artillery, rocket/ grenade, firearms)
• perpetrator group
• fatalities, casualties, or hostages (including victim type, nationality, age, gender)

Fatalities and property damage can both be complicated in terror ILWs.  Events with low fatality rates could still lead to significant business interruption losses. Historically, hotels have done an excellent job of understanding their revenue per day for different periods of the year (such as peak, off-season, and shoulder).

Consequently, calculating business interruption exposure for a certain length of time is a relatively straightforward exercise: just multiply average daily revenue per period for a projected time span.  As a result, this sort of parametric structure would be quite effective for the hospitality industry.

Terror is an emerging threat, and historical approaches to risk transfer may ebb and flow in effectiveness.  Parametric cover can provide a fast and clean way for hospitality corporations to accelerate a return to normal post-event – and provide answers to the tough questions the board of directors may ask.