Modeling Terrorism: the Intelligence-led Approach

In today's risk environment, where the threat of terrorism is real and significant, developing an appropriate system for accurately assessing this threat is of paramount importance to insurers and risk managers. Existing models use a defensive approach, assessing the maximum potential for damage to a building resulting from a terrorist attack - regardless of the likelihood of that building being targeted. Terrorism modeling should be approached in a much more strategic way. An intelligence-led model that analyzes the probability of an attack occurring at a particular location adds significant value. Important among the considerations are the building type (such as a government building or tourist attraction) and how large an attack at that location might be.

A common criticism of adopting this probabilistic approach to risk assessment is that recent catastrophic events with far-reaching implications, such as Hurricane Katrina and the terrorist attacks of September 11, 2001, have fallen outside of the predictable - they have been extreme outliers to a probabilistic model. The argument against the probabilistic approach is that if models failed to predict these truly significant catastrophic events, then those models have no value. Consequently, businesses often adopt an approach that excludes probability from decision making, relying instead on assuming plausible worst-case scenarios and then managing exposure to avoid business failure if that catastrophic event does occur.

Not all Modeling is Created Equal
Without probabilistic inputs, problems arise at both ends of the risk spectrum. At one extreme, by excluding probability an insurer may feel unshackled by the constraints of assessing the level of risk and therefore may offer coverage at prices that would startle the more informed competitor. This approach assumes that the only important event is a truly catastrophic one and therefore, as long as total risk exposure levelslare respected, the risk is manageable. However, the majority of terrorism events are not catastrophic and are not entirely unpredictable.

At the other end of the spectrum, excluding a probabilistic component from risk management may lead to missed opportunities. Without using location intelligence to identify the probability of events businesses may tend toward risk-aversion, influenced by models that impose unrealistically large blast radii. This leads insurers to reach total exposure limits prematurely, and encourages less wary competitors to meet the demand.

It is in this context that location intelligence plays a role in helping risk managers make sounder, and ultimately more profitable, business decisions. Events such as Hurricane Katrina have shown that black box modeling techniques that rely predominantly on mathematical algorithms and stretch the available intelligence to reach unjustifiable and unreliable conclusions have limited benefit to the industry. A more reliable approach is required, one that places location intelligence at the center of a transparent model and uses the output as a decision support tool.

Mitigating Risk with Location Intelligence
By bringing location intelligence to the risk-management process, insurers can create more realistic and reliable worst-case strategic plans. Realistic disaster scenarios can be beneficial to insurers and risk managers. But by assuming that only catastrophic events are significant, they open themselves up to heavy losses from the accumulation of many smaller events that the professional intelligence company may have seen coming - the proverbial "death of a thousand cuts."

Explaining to shareholders (insurers and risk managers) why a loss occurred on a target previously identified as high-risk is not a favorable situation. We live in a world in which there are outliers beyond the available models, but these are the exceptions. The vast majority of political violence occurs within the realm of the predictable, on the bell curve. This is particularly true in high-risk territories with high event density, such as Colombia or Sri Lanka. Forecasting risk of violence in such countries is possible with an extensive intelligence infrastructure that allows for the collation and processing of strategic intelligence through a rigorous methodology that produces highly specific, actionable forecasts. By leveraging this infrastructure to identify trends, and by understanding how the future environment will change, modeling risk can produce highly reliable decision-ready information on pricing risk to specific assets.

Modeling political violence in less high-risk environments, in particular Western Europe and North America, presents a different challenge because the data indicating previous trends are sparser and may not accurately reflect risk. The principles that make accurate and credible forecasting possible for high-risk territories are, however, transferable. Whereas in Colombia the model may be skewed more heavily toward attack trend data, in the West, where data are less reliable, the subjective expertise of analysts, supported by an intelligence infrastructure, becomes more critical. Just as in Colombia, most terrorism events are on the probabilistic bell curve. The transport bombings in March 2004 in Madrid and July 2005 in London, and the subsequently thwarted plots in the U.S. and Europe, occurred within the bounds of predictability. While it is impossible to say precisely how many attacks will occur in a country over a year and where exactly they will be, it is achievable to predict, once the intentions of terrorist groups are analyzed, which asset types (and even which specific targets) are at highest risk. Furthermore, it is possible to predict the probable maximum size of an event that is likely to occur, given terrorist capabilities and the effectiveness of security and intelligence services in intercepting the attacks.

Using fact-based, location-specific metrics to model terrorism risk requires a scoring system that rates the likelihood and maximum severity of violent risks on global points of interest. By integrating such insight into location intelligent technology, insurers and risk managers are able to make more discerning underwriting, rating, coverage and risk selection decisions.

Evaluating Risk with Technology
It is under these principles that Exclusive Analysis has developed TerrorRisk, together with Pitney Bowes MapInfo. TerrorRisk is a service that allows the user to evaluate and differentiate risk across key cities in North America, Western Europe and Asia/Pacific, right down to street-level granularity. A decision-support tool, it assigns risk values on the basis of an algorithm that is fed by comprehensive empirical event data, moderated by subjective analysis. This analyst input is at the center of the distinction between TerrorRisk and other models. Exclusive Analysis' multilingual current intelligence team feeds in 1,000 risk-relevant events a week to its Country Risk Evaluation and Assessment model (CREAM), and terrorism risk relevant events are streamed into the TerrorRisk data set. This intelligence is reviewed by a core team of London-based analysts who manage 200 regional contract analysts and draw on a network of 1,200 sources to produce decision-ready forecasts. A Global Jihad Analysis unit, which tracks jihadi Internet communiqués, arrests and attacks and forecasts future trends in capabilities and target sets, further supports this process. Systematically and methodologically monitoring the trends, capabilities, intentions and targeting priorities of terrorist actors worldwide ensures the subjective analysis which is so critical to the model's integrity.

Armed with this information, risk managers are able to gain a clear understanding of the terrorism risk environment and evaluate individual or aggregate exposures accordingly. This informs risk selection and pricing negotiations for buyers and providers of terrorism coverage, enables identification of opportunities to write business in locations previously considered too high-risk in the absence of credible intelligence, and facilitates profitable and efficient use of aggregation capacity. The user is also able to demonstrate risk management best practice to shareholders, ratings agencies or reinsurers. Terrorism is not a static phenomenon; new attacks are carried out or thwarted on a daily basis, and terrorists' target sets and capabilities are constantly evolving. TerrorRisk and the data file updated are fed continuously with this intelligence.

Intelligence is the key to credible, trusted modeling and successful risk management. In any business, the unknown may be significantly more costly than the known. By embracing intelligence inputs into decision making processes, businesses can significantly reduce the realm of the unknown, thereby minimizing risk and enabling growth.