Tag Archives: TRIA

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

  • Vulnerabilities and potential costs of cyber-attacks to the United States;
  • Whether adequate coverage is available for cyber terrorism;
  • Whether cyber terrorism coverage can be adequately priced by the private market;
  • Whether TRIA’s current structure is appropriate for cyber terrorism events; and
  • Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

House Panel Approves Terrorism Insurance Backstop Reauthorization

“Ground Zero,Lower Manhattan,NYC.”

The House Financial Services Committee on October 31 approved an amended version of the Terrorism Risk Insurance Program Reauthorization Act of 2019 that would require the Government Accountability Office (GAO) to report on cyberterrorism risks and the Department of Treasury to issue a biennial report that includes “disaggregated data on places of worship.”

The Terrorism Risk Insurance Act of 2002 (TRIA), approved after the 9/11 terrorist attacks in New York City and Washington, D.C., provided a backstop to encourage insurers to resume writing terrorism policies. After 9/11, primary insurers sought to explicitly exclude terrorism coverage from their commercial policies, and reinsurers became unwilling to assume risks in urban areas perceived as vulnerable to attack.

TRIA created the Terrorism Risk Insurance Program (TRIP), a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism. TRIP provides a backstop for insurers and has to be periodically reauthorized. It is currently due to expire at the end of 2020.

In addition to the reporting requirements mentioned above, the amended legislation shortens the extension period from 10 years.

The bill says the cyber report should analyze the general vulnerabilities and potential costs of cyberattacks on the nation’s infrastructure and reach conclusions about whether cyberrisk, particularly cyberliabilities, under property/casualty insurance, can be sufficiently covered and adequately priced.

The insurance industry has praised the progress of the extension as well as the proposed studies of cyber exposures. The next step toward TRIA reauthorization is a floor vote in the House of Representatives.

Follow the conversation about the federal terrorism backstop here.

A world without TRIA: premiums skyrocket following 9/11

Below is an abstract from the I.I.I. database citing a Wall Street Journal article from October 8, 2001. It describes the sharp increase in insurance rates immediately following the terrorist attacks of 9/11 2001.

The abstract is part of our series covering the Terrorism Risk Insurance Act of 2002 (TRIA). The act made public and private sharing of insured losses from acts of terrorism in the United States possible.

I.I.I.’s report, A World Without TRIA: Incalculable Risk, describes the function of the federal  terrorism backstop.

How TRIA Would Handle Another 9/11

The Insurance Information Institute’s new white paper, “A World Without TRIA: Incalculable Risk,” shows how the market for terrorism insurance has evolved since the 2001 terrorist attacks – from the early days in which there was effectively no market (insurers avoided covering terrorism wherever they could) to today, where the market is stronger but by all accounts unable to shoulder the entire burden without government backstop.

The 9/11 attacks generated by far the most insured losses of any terrorism event. We wanted to see how the government program the Terrorism Risk Insurance Act (TRIA) created in its wake would handle financially a repeat of that awful day.

If that happened, the government’s net payout would be less than zero, as it would recover more from mandatory surcharges to insurance policies than it would reimburse insurers for a portion of their losses.

Meanwhile, the net payout by insurance companies would be nearly $20 billion. Repeating the exercise in the future, the insurer contribution would steadily grow, assuming the law was renewed with the same terms under which it is set to expire at the end of next year. The share borne by policyholders through the surcharge increases more dramatically.

These estimates come from a mathematical model created by the Reinsurance Association of America to increase understanding of how the law operates.

The RAA created the model around the time of the first reauthorization of TRIA in 2005. It is widely regarded as a credible look at how the federal program would react to various scenarios. It has been shown to organizations as diverse as the Federal Insurance Office, the National Association of Insurance Commissioners, the Government Accountability Office, ratings agencies and business groups with a stake in the program, like the U.S. Chamber of Commerce.

“Our intention is to be inclusive so that all of the interested groups vested in the program understand the statute,” said RAA President Frank Nutter.

At the request of the Triple-I, the RAA created four scenarios, each replicating the insurance losses stemming from 9/11. The years modeled were 2019, 2020, 2029 and 2030. Losses were adjusted using the Consumer Price Index. Insurer premium – an important input – was adjusted by a 4 percent compound rate of growth, which is close to what the Congressional Budget Office projects as the growth in nominal Gross Domestic Product over the next decade.

The original program has been modified each time Congress has reauthorized it: 2005, 2007 and 2015. The program has a number of parts, and the RAA model shows that each reauthorization has increased the burden on insurance companies and decreased the burden on the government.

The Triple-I estimates that adjusted for inflation, 9/11 this year would generate insurance losses of $45.7 billion. According to the RAA model, the government would contribute $6.6 billion. It would front another $19.3 billion but recover $27.0 billion from a mandatory surcharge that would be placed on the insurance purchased in all lines of business that the program covers. Netting all that out means the government would pay less than zero. Insurers would be responsible for $19.7 billion, or 43 percent of the total insured loss.

By 2030 9/11 would be a $58 billion event. The government would contribute nothing. It would front $29.6 billion but recover $41.5 billion from policyholders due to the recoupment and surcharge. Insurers would be responsible for $28.4 billion, or 49 percent of the total insured loss.

The main drivers of the changes:

  • Beginning in 2020, the law makes the size of the industry marketplace retention a function of insurers’ aggregate premiums, so the marketplace retention grows as the industry’s premium does.
  • Also in 2020 the government’s co-payment shrinks to 80 cents per dollar insurers pay above their deductible, down from 81 cents in 2019.
  • The amount of losses subject to policyholder surcharges grows to $29.6 billion from $19.3 billion, shrinking the federal support.

The work “is a reminder under the current statute, policyholder and company retentions go up over time,” said RAA President Nutter. “In 2020 this becomes effective in a way that changes retentions of the private sector. It also shows a vanishing federal share.”

The RAA model can show the impact of any proposed changes to the program. It also has the ability to show how the federal program would handle specific major events, including 25-ton truck bombs, chemical or biological events, industrial sabotage and port bombs, using information from two major catastrophe modeling firms, RMS and AIR. It also can tailor results to individual cities; car bombs in New York and Baltimore, for example, will generate different levels of loss.

The modeling firms’ data show “just how big some of the [nuclear, biological, chemical and radiological] events are,” said Scott Williamson, the RAA vice president who developed the model. “The workers compensation exposure is really very large.”