RMS spoke at the RAA's catastrophe modeling conference in Orlando recently, discussing terrorism risk and how the corresponding modeling solutions have evolved since 9/11.

1. TERRORISM MODELING AND
RISK MANAGEMENT
Chris Folkman
Director, Model Product Management
February 11, 2014

2. OUTLINE
• Terrorism Modeling Overview
• Event frequency in probabilistic terrorism
modeling
• Modeling Framework
§
§
§
§
Exposure
Hazard
Vulnerability
Probabilistic Framework
• TRIA implications in terrorism risk
management

3. TERRORISM
MODEL
BACKGROUND
• September 11th, 2001 attacks: $40 billion insured
loss. WTC attack footprint: 16 acres.
• Models created in 2002-2003 in response to market
demand for terrorism solutions.
• Terrorism modeling data has improved over the past
decade.
Ø
Ø
Ø
Ø
More data on plot frequency
More data on attack suppression / success rates
More insight into countersecurity
Better calibration of hazard and vulnerability

4. TERRORISM RISK MANAGEMENT – A “THREE PRONGED”
APPROACH
EXPOSURE MANAGEMENT
SCENARIO LOSS MODELING
PROBABILISTIC LOSS MODELING
§ Monitor exposure
concentrations around high risk
targets.
§ Quantify loss for one attack
scenario.
§ Identify most critical attack
scenarios for a portfolio
§ Manage losses of benchmark
scenarios to acceptable levels.
§ Determine relative likelihood
of attack scenarios
§ Submitted to rating agencies
(i.e. Best SRQ).
§ Calculate impact of multiple
attacks as part of a single
event (multiplicity).
§ Identify building level
accumulations.
§ Identify exposure “Hot Spots”
within given radius.

5. PROBABILISTIC
MODELING OF
TERRORISM
Probabilistic terrorism modeling delivers deep insight into
key drivers of loss on a portfolio
Ø Analysis of comprehensive event catalog (90,000+ attacks).
Ø Key losses by account, location, target type, city, and line of
business
Ø Assist underwriters in risk selection
Ø Design and implement underwriting guidelines
Ø Capacity allocation
Ø Evaluate reinsurance needs and options

6. TERRORISM
FREQUENCY:
COMMON
MISPERCEPTIONS
“There’s not enough data to create
meaningful rates”
•
RMS rates are based on empirical data, not judgment.
•
RMS frequency is calibrated against hundreds of plots from open
source intelligence - known, intercepted, and/or resulting in court
convictions – to set the baseline threat level for each country.
•
Event rates are scaled with data based on:
• Attack mode
• Target category
• City
•
As the threat landscape changes, so does frequency.

7. TERRORISM
FREQUENCY:
COMMON
MISPERCEPTIONS
“You can’t model human behavior”
•
RMS does not model human behavior.
•
Terrorism modeled as a control process: terrorists’ actions are
constrained by countersecurity measures.
•
Terrorists are rational actors. Targeting strategy is based on
maximizing “attack leverage”.
•
Suppression and interdiction rates based on data from open
source intelligence, court convictions, DHS disbursements.
•
Range of outcomes from conventional terrorism is narrow:
Ø Multiple successive terrorist events: not plausible due to
suppressive law enforcement action following the first
event.
Ø Multiple hurricanes making landfall (i.e. 2004, Florida):
plausible.

8. PROBABILISTIC
TERRORISM
MODELING
All carriers writing terrorism cover are
making assumptions about frequency.
•
These assumptions should be informed by data, not guesswork.
•
RMS model incorporates dozens of data sources in frequency
calibration:
Terrorism Plots
ü Terrorism court convictions
ü Intercepted plots
ü Open source intelligence
Strength of
ü DHS disbursements
Countersecurity ü Municipal anti-terror resources
Environment
ü
ü
Target Selection ü
ü
Gross municipal product of city
City name recognition in middle east
Symbolic value of target
Building level security perimeters

9. FRAMEWORK FOR TERRORISM MODELING
EXPOSURE AT RISK
QUANTIFY HAZARD
ASSESS VULNERABILITY
PROBABILISTIC ANALYSIS

10. IMPORTANCE OF
ADDRESS
RESOLUTION
ZIP Code Centroid
10017
Exposure at
Risk
Assess
Vulnerability
Probabilistic
Analysis
Concentrated nature of terrorism risk demands
accurate and high resolution exposure data
•
•
•
•
•
United
Nations
Quantify
Hazard
All addresses geocoded to lat-long before modeling
Post code centroid is insufficient
Large variations of risk exist within a single post code
Hazard and vulnerability not averaged across a larger area
Data quality is paramount

11. ATTACK MODES
MODELED
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
600 lb Car Bomb
1 ton Minivan Bomb
Sabotage Attacks
2 ton Box Van Bomb
Chemical Agent Attack
5 ton Truck Bomb
Biological Agent Attack
10 ton Trailer Bomb
Radiological Attack
Tanker Conflagration Attack
Nuclear Weapon
Aircraft Impact Attack
Various wind speeds, isotopes, and indoor/outdoor options
apply

12. HAZARD BY
ATTACK TYPE
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
ATTACK MODES
HAZARD DESCRIPTION
Conventional Bomb Attacks
Blast pressure (PSI)
Hazardous Transportation Sabotage,
Industrial Sabotage - Toxic Release
Particulate
contamination
Aircraft Impact
Distance from target
Biological / Chemical Attack (Outdoor)
Dosage / deposition
of contaminant
Conflagration
Fire ignitions
Dirty Bomb, Nuclear Plant Sabotage
Radiation level
Probabilistic
Analysis

13. SIMPLE
DAMAGE
FOOTPRINT
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Bomb blast in
downtown Manhattan
NY Accumulation Centroid
Hazard rings represent blast
pressure dissipating as it
moves away from the centroid
Exposure
Highest
0
125
250
500
Meters
Lowest
Accum. Center
Probabilistic
Analysis

14. HIGH
RESOLUTION
FOOTPRINT
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
Large Anthrax
release in downtown
Chicago
Better reflects local
environment and
orientation of footprint
Anthrax
Contamination
Downtown Chicago
Highest
Lowest
0
2.5
5
10
15
20
Miles

15. VULNERABILITY
OF TERRORIST
ATTACKS
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
Represent the relationship between level of hazard
and damage
§
Effects on property, disruption of services, injury, and
loss of life
§
Expressed as mean damage ratio (MDR) or mean
casualty rate (MCR)
§
Vulnerability functions by building construction and
height.

16. MEAN DAMAGE
RATIO BY
DISTANCE TO
TARGET
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
2
Ton
Bomb
Scenario
Unknown
Construc3on
/
Height
Mean
Damage
Ra*o
(%)
Vulnerability varies
by building
characteristics.
Exposure at
Risk
Reinforced
Masonry
-­‐
High
(8-­‐14)
Steel
Structure
-­‐
V
Tall
Unknown
Construc3on
-­‐
Tall
75
100
150
250
Distance
to
A4ack
Centroid
(meters)
400

17. FIRE
LOSSES
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
Standard Fire Policy (SFP): In U.S., many states
require that fire following terrorism be included in
property coverage.
Explicit quantification of fire-related damages is critical
for selected attack modes:
Mitsubishi Steel and Armament Works
~ 700 meters from hypocenter, Nagasaki
From: www.hiroshima-remembered.com
§
§
§
§
§
Bombs
Aircraft Impact
Conflagration
Industrial Sabotage
Nuclear

18. TERRORIST
TARGET
DEVELOPMENT
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
Terrorist target selection based on maximizing attack
leverage.
Criteria for targets based on:
§
§
§
Economic Impact
Symbolic Value / Publicity Value
Casualties
§
§
§
§
Debriefings of Operatives
Historical Attack Patterns
Known Planned Attacks
Intelligence Reports and Expert Opinions

19. COMPONENTS OF
TERRORISM RATES
Exposure at
Risk
Quantify
Hazard
Assess
Vulnerability
Probabilistic
Analysis
• Attack Frequency
Ø Country Specific
Ø Plots à Attacks
Ø Recalibrated frequently
• Conditional Probability.
Given that an attack
occurs, what is its likelihood by:
Ø Type of attack
Ø Type of target
Ø City
• Attack Multiplicity
Ø Multiple attacks = One Event

20. From the Congressional Research Service, April 2013:
TRIA
STRUCTURE

21. TRIA RENEWAL
EFFORTS
Political Challenges
Key Support
Non-renewal impacts
• House financial committee
has 46% new membership
since last TRIA renewal.
• Aversion to perceived “bail
out” legislation persists.
• TRIA backstop provided
without charge, premium
collected without incident.
• Strong, united lobby from
banking, insurance, and
construction industries to
promote TRIA renewal.
• Renewal proposed 3 times
in congress in 2013, by
members of both parties.
• Moody’s downgrades in
2002.
• Sunset clauses in 2005:
delayed / halted lending and
construction.
• Capacity shortage, large
rate increases.
• RMS top five cities for
terrorism risk: New York,
Washington, Chicago, San
Francisco, Los Angeles.

22. TRIA
CONSIDERATIONS
Propor*on
of
Average
Annual
Terrorism
Loss
by
Metropolitan
area
Los
Angeles
San
Francisco
The terrorism threat
gradient is steep: 75%
of AAL is in five metro
areas.
Washington
DC
Rest
of
U.S.
Chicago
New
York

23. RMS U.S. Industry Loss Curves by Peril
TRIA
CONSIDERATIONS
600,000
500,000
400,000
$ Millions
Terrorism risk is
comparable
with nat cat risk.
250 Year
1,000 Year
300,000
5,000 Year
200,000
100,000
0
Winterstorm
Terrorism
Earthquake
+ Fire
Hurricane
Convective
Storm

24. TRIA
CONSIDERATIONS
Event
Descrip*on
Nuclear
Detona*on,
5
kiloton
yield,
Chicago
Nuclear
Detona*on
,
1
kiloton
yield,
Los
Angeles
Anthrax
a4ack,
75
kg
anthrax
slurry,
Philadephia
Nuclear
Power
Plant
Sabotage,
Illinois
Dirty
Bomb,
15,000
curies
cesium-­‐137,
New
York
Anthrax
a4ack,
1
kg
anthrax
slurry,
Philadephia
Sarin
Gas
A4ack,
1,000
kg
release,
New
York
NBCR severity makes it difficult to insure
Total
Loss
($Billions)
Property
Damage
Loss
($Billions)
Workers'
Comp
Loss
($Billions)
Fatali*es
$530
$323
$207
300,000
$230
$163
$67
110,000
$216
$125
$91
60,000
$148
$146
$2
Few
$127
$127
$0.1
Few
$44
$26
$18
10,000
$17
$12
$5
2,000

25. TRIA RENEWAL:
WHAT’S AT STAKE
• Market Capacity
Ø Evan Greenberg, CEO ACE Ltd: “I wouldn’t make
[terrorism cover] available, nor would any other company
that I know of.”
• Workers’ Compensation
Ø Terrorism cannot be excluded
Ø Residual markets can be >50% more expensive than
private carriers
• Commercial Development
Ø Loan Covenants require terrorism cover
Ø Moody’s: $4.5 billion in mortgage securities downgraded
(2002) due to lack of terrorism insurance.

26. •
All terrorism writers make assumptions on event frequency.
• Assumptions should be based on data.
• Probabilistic terrorism modeling allows most comprehensive
view of risk.
•
Terrorists are rational actors whose targeting selections align with
principals maximizing “attack leverage”
•
Best practice: Use multiple approaches to best triangulate terrorism risk
• Exposure management
• Deterministic scenarios
• Probabilistic modeling
•
Location-level data quality is important due to small event footprints
•
Terrorism risk is comparable with nat cat risk.
•
Terrorism risk can be successfully modeled. Insuring it remains difficult.
TAKE AWAYS