Verisk Review Expert Panel: Terrorism

By Daniel Gray, Shane Latchman and Jonathon Green

Following a battery of lethal attacks in New York, Paris, Brussels, and other major urban centers, global terrorism is taking a toll on people and places once considered beyond the reach of such extreme violence.

As the threat of global terrorism continues to rise, managing risk from terrorism has become an essential part of business. Verisk Maplecroft’s Terrorism Intensity Index (TII) enables organizations to identify and monitor terrorism risks to human security and international assets.

Verisk Review Expert Panel: TerrorismIn March of 2016, Verisk Analytics announced that it would collect, aggregate, and help analyze terrorism data this year for the U.S. Department of the Treasury, the federal agency charged with gauging the effectiveness of the federal Terrorism Risk Insurance Program. The program includes certain requirements with respect to insurers that offer insurance related to terrorism.

And on September 12, 2016, AIR Worldwide announced that it has expanded the capabilities of its terrorism risk model to support scenario testing for the United States and 27 other select countries to help companies assess the impact of various attack scenarios on their portfolios and better manage their global terrorism risk.

To explain how data and analytics can be used to help predict terrorist attacks and the leading risks that companies and communities may face from terrorism, Verisk Review recently spoke with Daniel Gray, terrorism and security analyst at Verisk Maplecroft; Shane Latchman, assistant vice president at AIR Worldwide; and Jonathon Green, risk consultant at AIR Worldwide.

The terrorism experts also discussed the kinds of insights about terrorism being derived from data and analytics, what data or databases tend to be most useful, how insurers and risk managers can use data analytics to prepare for and respond to attacks, and how companies can use data and analytics to lessen chances of business interruption or supply chain disruption due to terrorism.

Verisk Review: What are the leading risks that companies and communities face from terrorism?

Daniel GrayDaniel Gray, terrorism and security analyst at Verisk Maplecroft: From a company perspective, terrorism threatens business operations at every level.

At the level of personnel safety, the primary concern for businesses after a terrorist attack is that they help keep their personnel safe and have contingency plans in place. This requires that businesses not only be aware of the risks where they operate but also closely monitor the development of terrorist threats.

As far as damage to physical assets, explosives in the form of vehicle bombs, suicide vests, and other devices often result in substantial physical damage to their targets and cause collateral damage to commercial assets within the blast radius. Such explosions incur heavy costs to businesses and can ultimately lead to increased insurance policy premiums.

Companies are also increasingly at risk of politically motivated cyber attacks, otherwise known as hacktivism. While most attacks cause malicious damage to digital infrastructure, a small number of attacks have demonstrated the capacity for cyber attacks to have real-world, physical impacts. Cases include a dam system in New York, a steel works in Germany, and most recently, an electrical grid in Ukraine. While the provenance of these attacks is suspected to be hackers working with the support of foreign governments, hacking into critical national infrastructure, industrial control systems, or company networks is increasingly within the capability of nonstate actors.

Regarding business interruption following an armed attack, hostage situation, or bombing, security forces seal off the buildings and transportation infrastructure affected for as long as necessary to conduct their investigation and repair any damage. For instance, though the physical damage caused by the November 13 Paris attacks was limited, large parts of the city were effectively shut down for several days, including the 10th and 11th arrondissements and Saint-Denis, shuttering all businesses in the affected areas.

And related to indirect loss of revenue, Tunisia, Turkey, and Egypt—once popular tourist destinations—are all suffering from reduced tourism revenues following attacks by Islamist extremist militants, including the June 2015 attacks on two hotels in Sousse, which left at least 38 tourists dead and 39 others injured.

While the steady recovery of tourist numbers following the 2005 attacks in the Red Sea resort of Sharm el-Sheikh demonstrates that revenue levels can eventually recuperate to preattack levels, the current terrorist threat is likely to remain for the foreseeable future, proving costly to businesses invested in the affected regions.

Jonathon GreenJonathon Green, risk consultant at AIR Worldwide: In our view, the leading terrorism risks in the United States and Europe are increasingly from swarm attacks by multiple perpetrators with guns and/or explosives. Such attacks can cause multiple impacts, including death, injury, physical damage, and business interruption, notably in the 2015 Paris Bataclan concert hall attacks. Furthermore, companies and communities are increasingly at risk from cyber-related attacks. For example, the electrical blackout last year in Ukraine was allegedly part of the wider issues in that region that manifested as a cyber attack against the local power grid, which had a resulting impact on businesses and individuals. Hence, the effects of terrorism should not be thought of as solely physical in nature. AIR Worldwide is currently creating solutions to manage cyber risk, including the impact of cyber attacks such as power blackouts and data breaches.

Verisk Review: What kinds of insights about terrorism are being derived from data and analytics?

Shane LatchmanShane Latchman, assistant vice president at AIR Worldwide: At AIR Worldwide, we’re seeking to accurately model the effects of blast events on insured property. Currently, the most common approach to manage terrorism risk is to look at accumulations of building value within ring(s) of a defined radius with appropriate percentage(s) relating to sustained damage applying to the building value. Modeling blast impacts can produce a more realistic loss estimate because building type, density, and environment are accounted for. AIR offers companies more realistic estimates of potential losses from terrorist events ranging from conventional attacks to CBRN (chemical, biological, radiological, and nuclear) events.

Daniel Gray: The Verisk Maplecroft terrorism database contains more than 130,000 incidents, dating from 2004 to the present day. Each incident contains up to 20 individual data points, including weapon types, perpetrator groups, casualty profiles, and details of damage to physical assets. Each incident also includes very precise geo-tag possible.

The database can help companies and analysts identify terrorism risks relevant to their operations, no matter where they’re located. Verisk Maplecroft’s subnational Terrorism Intensity Index (TII) provides a quarterly updated risk score on a 0–10 scale for any location worldwide. This provides clients with an up-to-date picture of how a terrorist threat is evolving in their areas of operation.

The terrorism database also provides insights into evolving trends and how they relate to broader developments. For instance, while attacks across Colombia lessened as the government neared a peace deal with the FARC in mid-2016, the data demonstrates that the country’s second insurgent group, the ELN, has been spreading into areas from which the FARC had been withdrawing. Far from reducing the risk, the peace agreement portended the resurgence in terrorist attacks where the risk had previously been receding.

Meanwhile, in Egypt, the pledge of allegiance of Ansar Bait al-Maqdis to Islamic State in November 2014 presaged a major increase in casualty counts and facility damage resulting from attacks. While the monthly tally of attacks remained constant, Ansar Bait al-Maqdis attacks reached farther from their North Sinai heartland into the major cities of Cairo and Alexandria.

Verisk Review: Can data drawn from social media be helpful in understanding ISIS/ISIL and other terror organizations?

Shane Latchman: Yes, social media can be useful for understanding Daesh (another name for ISIS), its attacks, and members. However, sole reliance cannot be placed on social media, since terrorist groups use it for their own ends and could manipulate the message for that reason. It’s well known that Daesh uses social media as a tool for both recruitment and propaganda.

Verisk Review: Can data analytics be used to help predict terrorist attacks? And if so, how?

Daniel Gray: Exploring the available data can help us understand developing terrorist threats at both the micro and macro level. However, terrorists are—by their nature—engaged in clandestine operations and will limit their footprint and change their attack methodologies to avoid detection, so it’s important to frame expectations about the efficacy of predictions accordingly.

At the micro level, security forces are engaged in a constant battle with civil liberties campaigners to increase access to communications. The more that security forces can see about what people are looking at on the Internet and who they’re communicating with, the better placed they are to make a prediction about how likely it is that an individual has become radicalized and what form this radicalization is likely to take. However, one of the reasons this is so controversial is that the profiles produced can identify entirely innocent people—and miss the radicals, who intentionally limit or eliminate their web activities to remain undetected.

At the macro level, we can explore data on historic attacks and the capacity of active terrorist organizations, enabling us to draw inferences about developing attack methodologies—which give clues to what form attacks are likely to take and what types of locations will make attractive targets.

Shane Latchman: We agree that predicting terrorist attacks is notoriously difficult. Using data and analytics to predict terrorism attacks in the commercial sphere is a fairly nascent field. Some companies are doing this, using methods to mine social media, news agencies, and other websites as predictors of political unrest. But predicting terrorist attacks (as opposed to civil unrest only) is more difficult because such attacks are inherently secretive in nature. However, data from previous attacks is useful in refining analytical tools by identifying common features that can help estimate future likely scenarios.

Verisk Review: Is it possible to estimate potential outcomes or damages from a terror attack at a specific site?

Shane Latchman: The AIR Terrorism Model is aimed at answering that exact question: If a bomb were to explode at a specified location, how much would the losses cost? By considering the complexity of the urban landscape, the construction type of the buildings, and the science behind the blast propagation, the AIR Terrorism Model is able to assess the potential financial loss from an event. When that is combined with AIR’s financial module, companies are able to assess the impact on insurers and reinsurers across the globe.

Below is a figure showing the ability for users to specify conventional weapon bomb types in AIR’s software modeling platform Touchstone®. Blasts are simulated according to the urban density of the region surrounding the bomb blast and damage ratios applied to exposure to estimate a loss that’s dependent on the distance of exposure locations from the blast, the blast tonnage, and other factors, such as the exposure construction type.

Click to enlarge

Verisk Review: What data and/or databases tend to be most useful?

Databases from historical terrorist events on key landmarks can be useful in terrorism risk quantification. The START (Study of Terrorism and Responses to Terrorism) database from the University of Maryland is a global terrorism database of historical events from 1970 to the present with more than a hundred thousand records. Although a good source for the location of historical events, the location and nature of future events may deviate from this database. Hence, any quantification of terrorism risk requires information not solely dependent on historical data but also based on expert judgment. To illustrate this, AIR’s probabilistic terrorism model for the United States uses a team of counterterrorism experts with decades of experience working for the FBI, CIA, Department of Defense, and other government bodies to estimate the likelihood of attack by terrorist group type, weapon, and target type.

Daniel Gray: At Maplecroft, we also believe databases containing details of historical terrorist incidents and risk indices derived from those incidents are vital to understanding the evolving nature of terrorism risk. In addition to data on historical incidents and outcomes, it’s vital to have an assessment of the level of terrorist threat and the ability of security forces to conduct counterterrorism.

Verisk Maplecroft provides such information through the Capacity of Active Terrorist Groups Index and the Security Forces Effectiveness Index, which assign a qualitatively derived 0–10 score on the terrorist threat and the ability of national governments to counter the threats across 198 countries. The methodology behind the indices adds a layer of expert judgment and forward-looking analysis to assessments of terrorism risk.

Verisk Review: Have there been specific incidents or antiterror campaigns in which data analytics have played a beneficial role?

Jonathon Green: Undoubtedly, security forces have used data analytics in previous counterterrorism incidents. In the commercial space, examples of data analytics include obtaining the total exposed amount within the footprint of an event, for example, the 2016 Ataturk airport bombing in Istanbul. This can be done in AIR’s software platform Touchstone. In addition, initial loss estimates can be calculated for terrorist events such as the 2016 Brussels airport bombing.

Verisk Review: How can insurers and risk managers use data analytics to better prepare for and respond to attacks?

Daniel Gray: While terrorist perpetrators intend their attacks to be difficult to predict and prevent, tactics are often recycled, including the weapons used and the types of targets. For instance, a local terrorist organization whose strategic rationale involves the targeting of Western economic interests can be broadly expected to conduct attacks on those targets.

By referencing terrorism data to identify terrorist actors that predominantly target Western targets, risk managers are better equipped to prepare for an attack and have a protocol in place in the event of a successful attack.

Shane Latchman: For an insurance entity, a robust view of potential losses through modeling can help inform the amount of capital reserves to hold in the event of a terrorist attack. The current approach of approximating a bomb blast as concentric rings with a percentage applied to the total value is often overly conservative. Using a terrorism model that simulates losses from blasts could allow insurance companies to have a more accurate view of their potential losses. In addition, by identifying areas of higher risk, blast modeling can aid sensitivity testing to allow risk managers to combine those outputs with physical mitigation of the threat (for example, concrete barriers to prevent vehicle-borne blasts).

Verisk Review: Can companies use data and analytics to lessen chances of business interruption or supply chain disruption due to terrorism?

Jonathon Green: Yes, analytics and modeling can be used to spot weak links and bottlenecks in a company’s supply chain. For example, companies can overlay their supply chain (for example, a network of suppliers, distributors, and routes) on maps representing terrorism risk to identify areas of greatest susceptibility. Another example could be a shipping route overlaid on a map of historical piracy incidents to estimate the risk to that route. Having identified key areas, AIR’s Touchstone platform can be used to perform a series of analytics, including the use of the AIR Terrorism Model, to obtain loss estimates from blast events and leverage global geospatial capabilities to identify exposures at risk.

Daniel Gray: Using the precise geo-tagging of incidents, it’s possible to identify the infrastructure most frequently targeted by terrorist groups. For instance, following a surge in attacks on pipelines in 2014 and 2015, oil and gas companies in Colombia decided to begin transporting crude through heavy-goods vehicles instead of pipelines.

A similar scenario took place in the northern department of La Guajira in 2013, following a rash of attacks on the coal-transporting railroad. Monitoring the situation, companies decided to return to traditional methods of transport once the risk had subsided.

Verisk Review: Is there anything you would like to add about the challenges involved in predicting or mitigating the risk of terror events?

Daniel Gray: Natural hazards and other perils follow long-term patterns and trends that allow insurers and risk managers to develop a view of what is likely to happen in the future and prepare for those eventualities. Conversely, terrorist groups intentionally seek to do the unexpected. While patterns and trends can be identified, the desire of terrorists to constantly advance and escalate their campaigns, combined with their need to avoid detection by security forces altogether, means that predicting terror events cannot be an exact science.