The Department of the Treasury should expand the size and scope of the Terrorism Risk Insurance Program (TRIP) to cover small- and medium sized enterprises (SMEs) that are vulnerable to the same significant losses from terrorism-related risks, according to the Self-Insurance Institute of America (SIIA).
In response to the department’s request for comment on the 2022 Report on the Effectiveness of TRIP, SIIA outlines emerging trends and recommendations relating to the participation of captive insurers in TRIP.
Signed by Ryan Work, senior vice president of government relations at SIIA, the comment letter notes that an effective programme encouraging risk protection for terrorism losses is essential amid the ongoing and evolving threats facing the private sector.
The letter adds that captive structures support an affordable market for terrorism-related risk mitigation, as well as helping to broaden participation in offering required terrorism coverage for many organisations.
SIIA identifies several trends in organisations looking to utilise captive insurance to insure risks in high-risk geographical areas (such as urban centres and areas in close proximity to nuclear and other high-risk facilities), as well as across various industries (residential real estate, transportation, telecommunications, energy, healthcare) and types of properties (sports facilities, concert venues, public venues, religious institutions).
Captives contribute to TRIP’s post-loss sharing mechanism, which in turn contributes to the overall loss payments and broadens terrorism risk pool participation, SIIA notes.
The comment letter highlights the current structure of TRIP presents coverage issues concerning the interplay of terrorism-related risks and the various forms of “war exclusions” commonly found in most insurance and reinsurance contracts. For example, SIIA poses the question: when does terrorism, particularly cyber-related, become an “undeclared war”?
SIIA notes that the evolving cyber risk landscape, rapid digital transformation and the rise of ecommerce has increased systemic vulnerabilities to cyberattacks.
The comment letter says: “The treatment of cyber coverage under TRIP has enabled more robust participation among insurers and reinsurers due to the mitigation of losses under some extreme scenarios. The cyber threat landscape is continually changing and evolving as attackers develop new tools and discover new attack vectors.
“Machine learning and artificial intelligence are being increasingly used by both attackers and defenders, and the importance of these tools is likely to increase in the future. Modern computer networks are complex systems and a weakness in any component of the system could render the entire system vulnerable.”
SIIA adds that this is a complex area because cyberattacks do not adhere to geographical boundaries — for example, a cyberattack outside the US could still cause substantial damage and losses within the country.
“In general, providing coverage under TRIP for damage inside the US from a foreign event would be best considered as a type of loss that was envisioned to fall under the umbrella of coverages under TRIP. Foreign events such as those contemplated in the Treasury's inquiry would meet the intent of covered damage under TRIP and as such should be covered,” the comment letter recommends.
Currently, coverage for cyber or terrorism may be offered on either a standalone or embedded basis — while many captives generally address the economic impact of a cyber event on the policyholder’s business, they often lack coverage for potential liabilities to third-parties from such an attack, which has caused significant losses.
SIIA anticipates these risks and losses will likely increase as carriers strengthen their underwriting standards and required service vendor purchases in order to offer their coverage.
Crucially, this will likely affect many SMEs that do not have the financial resources to employ the robust cybersecurity services that some standard carriers now mandate for coverage.
The comment letter concludes that the department should expand the size and scope of TRIP to afford the same protection to SMEs that are exposed to terrorism-related risks and are generally unable to access sufficient protection under the current programme structure.
“TRIP was established to ensure the continued widespread availability and affordability of property and casualty insurance for terrorism risk, and to build capacity to absorb any future losses. Thus, SIIA recommends that the department consider examining the appropriate size and scope of TRIP, which could and should include SMEs that run the risk of significant losses from the same terrorism-related risks that large businesses face.”