Besides the tragic loss of human life, the economic costs of terrorism are immense: increased security and anti-terrorist expenditures, consumer and investor uncertainty, supply chain and business continuity disruptions, industry retrenchment – all and more can have negative impacts on economic growth.1
Terrorist attacks are also a major threat to the insurance industry, posing the possibility of significant loss of life, injury, and property destruction. And terror attacks involving chemical, biological, or cyber weapons could reach catastrophic proportions.
Definition of terrorism: There does not currently exist a single, universally-accepted definition of “terrorism”.
Under U.S. law 18 U.S. Code § 2331, “terrorism” (whether foreign or domestic) includes any acts that are dangerous to human life in violation of the law and are intended to intimidate or coerce a population, influence governmental policy, or affect the conduct of a government. Similarly, under 22 U.S. Code § 2656f, “terrorism” is “premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents.”
The original Terrorism Risk Insurance Act of 2002 (TRIA) defines a certified act of terrorism for the purposes of that Act to be
a violent act or an act that is dangerous to (I) human life; (II) property; or (III) infrastructure; (iii) to have resulted in damage within the United States, or outside of the United States in the case of-- (I) an air carrier or vessel described in paragraph (5)(B); or (II) the premises of a United States mission; and (iv) to have been committed by an individual or individuals acting on behalf of any foreign person or foreign interest, as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the United States Government by coercion.
The Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA) adopted the 2007 program reauthorization definition, which struck “acting on behalf of any foreign person or foreign interest” in order to include domestic terrorism under certified actions of terrorism.
Acts of war: The TRIPRA definition of acts of terrorism excludes acts of war. Both personal and commercial insurance policies exclude coverage for losses or damages caused by or arising out of war or “warlike actions,” including insurrections and rebellions. War is usually considered an uninsurable catastrophic risk (though some insurers do offer war insurance) and is not covered by terrorism insurance. The only line of insurance that covers injury or death from an act of war is workers compensation.
Terrorism in the United States: According to National Consortium for the Study of Terrorism and Responses to Terrorism (START), there were 1,922 successful acts of terrorism on U.S. soil between 1970 and 2016.2 Most occurred during the 1970s during a period of widespread politically-motivated violence, particularly bombings.
The September 11, 2001 terror attack, in which terrorists hijacked commercial airliners and flew them into the World Trade Center towers and the Pentagon, remains the deadliest and most expensive terrorist attack in U.S. history. Insurance losses stemming from the 9/11 attacks totaled about $50 billion in 2021 dollars, including commercial liability and group life insurance claims.3 About two thirds of these losses were paid for by reinsurers, companies that provide insurance for insurers. Thirty-three percent of losses were for business interruption; 30 percent were for property losses, including the WTC towers.
9/11 remains one of the largest single insured loss events in history.
Terrorism risk is different from other types of insurable risks, posing unique difficulties for insurers and other insurance service providers.
Historical data is scarce. In other lines of insurance such as personal auto, insurers know from historical experience roughly how many covered losses to expect (frequency) and what the costs of those losses will be (severity). This data is used to calculate a premium equal to the risk the insurers are assuming in issuing an insurance policy. Sometimes there is even enough data on natural catastrophes to allow for measurements of frequency and severity, often supplemented with catastrophe modeling.
For terrorism risk, on the other hand, frequency and severity data is scarce. There have been relatively few terrorist attacks in the United States, so there is little data on which to base estimates for future losses. Furthermore, the range of possible severity of terrorism claims is much larger than in other lines of insurance.
Acts of terrorism are not random. Unlike other risks, terror attacks are typically intentional, targeted attacks in specific locations designed to maximize damage. They are not “accidental” – often considered a crucial component of an insurable risk.
They are often geographically concentrated. For insurance to operate economically, losses are typically not such that many or all insureds in one location suffer the same loss, which could bankrupt an insurer. Acts of terrorism are often geographically concentrated to produce a significant economic or psychological impact, making it difficult to efficiently spread the possibility of losses over a geographic portfolio.
This geographic concentration could therefore lead to an accumulation of risk, in which multiple insureds in the same geographical area exposes a single insurer to a possible large loss following a single act of terrorism. Concentration could also lead to adverse selection, in which the people who are most at risk will purchase coverage and are also the same people who are likely to file claims.
Despite the difficulties of insuring against terrorism risk, acts of terrorism may be covered under various personal insurance policies:
These policies do not require that the act of terror be “certified” as such under TRIPRA.
Prior to the 9/11 terrorist attacks most standard commercial property insurance policies covered terrorism, either as part of the policy or without specifically mentioning terrorism – that is, the policies didn’t directly address terrorism, so they effectively covered it.
After 9/11, insurers began to reassess terrorism risk. For a while terrorism coverage became scarce as primary insurers filed requests with their state insurance departments for permission to explicitly exclude terrorism coverage from their commercial policies. By early 2002, 45 states had approved such exclusions for use in standard commercial policies. Reinsurers were also unwilling to reinsure policies in urban areas perceived to be vulnerable to attack.
Both the difficulties of insuring terrorism risk and concerns about the limited availability of terrorism coverage after the 9/11 attacks led to the enactment in 2002 of the Terrorisms Risk Insurance Act (TRIA). The act created the Terrorism Risk Insurance Program (TRIP), a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.
The program was subsequently renewed for an additional six years as part of the Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA), with some changes to the original program. It was renewed again for seven years in December 2019. The 2019 bill requires a report by the Government Accountability Office on cyberterrorism risks and a biennial report from the Treasury of data on places of worship.
How it works: TRIPRA essentially acts as a type of reinsurance for commercial property and casualty insurance policies (excluding certain lines such as professional errors and omissions liability). The program only comes into effect when an act of terrorism is “certified” by the Secretary of the Treasury (in consultation with the Secretary of Homeland Security and the Attorney General) that the act falls under the definition of terrorism (see above) and triggers an event dollar threshold.
TRIPRA is subject to, among other things, a triggering threshold for total insurance losses, insurer deductibles, and insurer copays.
“Make available” requirement: Under TRIPRA, all property and casualty insurers are required to make available coverage for new and renewal commercial policies “for insured losses that does [sic] not differ materially from the terms, amounts, and other coverage limitations applicable to losses arising from events other than acts of terrorism.” In other words, the insurer must allow an insured to decide whether they want terrorism coverage on the same terms and conditions as the insurer offers in their non-TRIPRA coverage.
Policyholders are free to waive such coverage in total or in part. If coverage is not waived, the insurer must clearly and conspicuously state the premium charges resulting from coverage for certified terrorist acts. If terrorism coverage is waived, the insurer may then add terrorism exclusions to the policy.
Nuclear, biological, chemical and radiological terrorism: TRIPRA does not explicitly include or exclude coverage for losses arising out of terrorist attacks using nuclear, biological, chemical, and radiological (NBCR) weapons. NBCR insurance coverage is not readily available in the private insurance market and is often quite expensive.
NBCR exposures have been considered uninsurable because of the difficulties of reliably measuring frequency and severity, and because of the potential for catastrophic losses far above those from a non-NBCR act of terrorism. Property and casualty insurers have typically sought to exclude these exposures through pollution (liability) or nuclear hazard (property) exclusions or through exclusions explicitly addressing NBCR.
Under TRIPRA, if NBCR exclusions are permitted by a state, an insurer in that state does not have to make NBCR coverage available. These exclusions could also limit TRIPRA coverage for NBCR losses.
Fire: Fire following a terrorist attack could cause huge losses. The standard commercial fire policy (SFP) does not exclude fire following terrorism and, prior to 2003, the SFP did not permit this exclusion, with the result that a policyholder who had rejected terrorism coverage under TRIPRA would still have coverage for fire following an act of terrorism. In a handful of states this is still the case: there are no exceptions for terrorism. However, since 2003, some states have revised their SFP statutes to permit exclusions of fire following terrorism under certain circumstances. Thus, for a policyholder who has rejected terrorism coverage under TRIPRA, in these states there might be no coverage or limited coverage for fire resulting from an act of terrorism. Many states do not have a standard fire policy statute or have SFPs that unconditionally exclude fire following terrorism. In these states there is no stipulated coverage for fire following terrorism.
Terrorism insurance without TRIPRA: The Congressional Budget Office (CBO) hypothesized that terrorism coverage may still be available in the private insurance marketplace in the absence of a federal program – but probably at higher premiums and lower coverage limits to compensate for the increased risks to individual insurers.
Workers comp is a compulsory line of insurance for all businesses that covers employees injured or killed on the job, including those injured or killed by acts of terrorism. Coverage for terrorist acts cannot be excluded from workers compensation policies in any state and it is also the only line of insurance that does not exclude coverage for acts of war. TRIPRA’s requirements to clearly and conspicuously disclose premium charges for terrorism coverage also apply to workers compensation.
The United States is not the first country to establish a terrorism insurance program. Some countries created programs to cover terrorism after 9/11 or earlier, following a terrorist attack on their own soil.
Cybersecurity risks and costs continue to rise across the globe. One estimate suggests that the economic costs of cyberattacks in the U.S. were between $57 billion and $109 billion in 2016 alone.
How cyber-related losses and terrorism insurance interact remains an evolving issue – particularly since it often remains unclear when a cyber incident constitutes an act of terrorism.
In 2016 the U.S. Department of the Treasury published guidance stating, in part:
The 2019 reauthorization bill mandates a Government Accountability Office report to analyze the general vulnerabilities and potential costs of cyberattacks on the nation's infrastructure and reach conclusions about whether cyberrisks, particularly cyberliabilities, under property/casualty insurance, can be sufficiently covered and adequately priced.
The UK terrorism insurance pool, Pool Reinsurance Company Limited (Pool Re), has extended its coverage to include physical damage and business interruption losses caused by acts of cyber-related terrorism. The coverage does not extend to “intangible assets” such as data, which are typically addressed in cyber insurance policies.
(2021 $ millions)
1RAND Corporation, “The cost of terrorism in Europe.”
Walter Enders and Eric Olson, The Oxford Handbook of the Economics of Peace and Conflict, “Measuring the Economic Costs of Terrorism,” April 2012.
U.S. Joint Economic Committee, “The Economic Costs of Terrorism,” May 2002.
2START Data Base. The data is restricted to: only those attacks about which there is essentially no doubt that they were terrorist attacks; only successful attacks; and only attacks that satisfied the following START criteria:
3Adjusted to 2021 dollars by the Insurance Information Institute using the U.S. Department of Labor BLS Calculator. Loss total does not include March 2010 New York City settlement of up to $657.5 million to compensate approximately 10,000 Ground Zero workers or any subsequent settlements.
© Insurance Information Institute, Inc. - ALL RIGHTS RESERVED