Thirteen years after the attacks on the World Trade Center and the Pentagon, one thing has become clear about the challenges of modeling and analyzing terrorism risk: at the core of the peril is the intelligence of an adversary who can decide where and when to strike and have counter-moves for every move you make.
Prior to 9/11, the mathematical science of risk modeling, particularly as it applied to the perils corporations might expect, was based on the data provided by Mother Nature, a much less intelligent actor. “We understand wind storms, we understand surf. We understand that they’re pretty particular. They like the coast,” says Richard Rabs, vice president of insurance and risk at Veolia Environnement North America, a water, waste and energy management company.
“But terrorism doesn’t have any of those types of things. We can make some assumptions, but we just don’t have the data,” he adds.
The data that any one corporation might be privy to about its terror exposures comprises a sample that’s too narrow to allow for charting out probabilities — and much less manage the risks on the basis of those assumptions, according to Rabs.
Yet narrow as the sample may be, it’s dense with different kinds of data. Terrorist acts that can hurt a company’s employees, operations and financial structure, for example, can be directly aimed at individual companies or hit them indirectly, mistakenly or as a component of a broader target. The attackers can be based domestically or in a foreign country. Their weapons can range from computer viruses to stolen planes to chemicals to nuclear, biological or radiological devices. And so on.
“I don’t think the average risk manager does a lot with terror risk modeling,” Rabs says. “Not because we don’t care about it, but because, at least in my case, we’re not 100 percent convinced that there’s really a good model out there.”
It’s a different story, of course, for the property-casualty insurance industry, which can analyze the probabilities of a strike based on the data culled from client portfolios. Compared to information about natural-catastrophe risks, however, those portfolios provide a dearth of data about terrorism risk, simply because collecting it has seemed a priority for only a dozen years.
In short, terrorist catastrophes remain “black swan” events, devastating outliers that seem predictable only in retrospect. Even for the insurance industry, the brevity of modern terrorism risk has made drawing generalizations about it a fool’s game. “Given the paucity of historical data and diversity and shifting nature of expert opinions, catastrophe models used to estimate terrorism risk are relatively undeveloped compared to those used to assess natural hazard risks,” said Robert Hartwig, president and economist of the Insurance Information Industry, in testimony prepared for a U.S. House subcommittee hearing a few weeks ago. “The bottom line is that estimating the frequency of terror attacks with any degree of accuracy … is extraordinarily challenging, if not impossible in many circumstances.”