The challenges of cyber terror

06 December 2017

Why, in the longer term, the insurance industry’s ability to quantify and thereby help prevent terror risk will play a greater role.

David Flandro, Global Head of Analytics, JLT Re

Cyber terrorism is difficult to predict, measure and model, but very real.

The methodologies and expertise required to quantify cyber terror are rare and still emerging.

Pooling of these risks is likely to become important to the functioning of the insurance market, at least in the near to medium term.

According to UK government- backed terrorism reinsurer Pool Re’s latest Threat Analysis Report, the cyber capabilities of Islamist groups like Islamic State are in their infancy.

But terrorist groups are expected to increase their cyber capabilities – in fact, the UK recently saw its first prosecution and jailing of a cyber terrorist for supplying cyber support to the Cyber Caliphate Army.

There are also concerns that cyber terrorist groups could collaborate with cyber terrorists, purchasing expertise or malware to carry out attacks.

Modelling cyber terrorism requires expertise and experience, both uncommon in this new market.

While it is possible to model physical acts of terrorism, such as a bomb attack in a major city, there are hundreds of thousands if not millions of potentially measurable cyber terrorism scenarios.

Furthermore, cyber terrorism must be ascertained in terms of the perpetrators of an attack and their motivations. For physical terrorist attacks, insurers may rely on government attribution and certification to trigger a terrorism policy.

Attribution and certification is a larger challenge for cyber terrorism.

JLT Re believes that cyber will become an increasingly important element of terrorism insurance going forward. Provision of risk cover for cyber terrorism should ideally include a combination of traditional means, through pools, and through innovative structures.

Governments may have a role to play in the near-term provision of cyber terrorism cover, much in the same way as they already do in many countries for non-cyber terrorism risk.

Pool Re, for example, recently confirmed that it will extend cover to include physical damage caused by terrorists using a cyber- trigger to cause a fire and defined perils.

Pool Re member insurers will be able to offer this cover in primary insurance contracts from April 1, 2018.

State pools may offer an alternative in providing cover for terrorist or state-sponsored attacks in the near term given the potential limits involved and the difficulties in modelling such risks.

As with physical terrorism, governments can help create a market for cyber terrorism by acting as a backstop, enabling private insurers to develop innovative solutions and broader cover.

In the longer term, the sector’s ability to quantify and thereby help prevent terror risk will play a greater role.

JLT is actively seeking to accelerate this process for its clients and for the greater good with its industry leading terror risk modeling teams, tools, and services.


Please contact David Flandro on +44 (0)20 7466 1311 or

Download the full Risk Perspective Magazine here: