Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Pool Re chief executive Tom Clementi has warned that the UK’s specialist insurer against terrorism could become “obsolete or irrelevant” amid the growing threat of state-sponsored attacks.
In an interview with the Financial Times, Clementi said that the evolution of terrorist activity had left the insurance sector unprepared to handle key sources of systemic risk, particularly from state-backed cyber groups.
An overhaul of Pool Re’s business model, set to take effect in April, reflects a widely held view that terror risk has “bifurcated” into low-sophistication, easier-to-model attacks and more complex threats. Pool Re, which is jointly owned by companies in the UK insurance industry, plans to split its cover accordingly.
The planned changes have also revived an old debate, according to Clementi: “Where does terrorism end, and war begin?”
The UK insurance industry set up Pool Re in 1993, following the Provisional IRA’s bombing of London’s Baltic Exchange the year before, to provide backup cover when insurers pay claims after terrorist attacks. In the event of an unusually large attack, it can call on unlimited funding from the UK government.
Pool Re has never made use of that option, for which it pays the Treasury about £250mn each year. Since its founding, the scheme has paid out a total of £636mn on 13 occasions — the last was for the Manchester Arena bombing in May 2017.
Since the “bomb and blast” IRA attacks of the 1990s, most terrorist activity had become less sophisticated, Clementi said, typically involving a single attacker using a blade or a vehicle as a weapon. As a result, conventional terror has become easier for private insurers to model and price.
By contrast, the insurance industry sees greater uncertainty stemming from cyber attacks and so-called unconventional terror, which includes chemical, biological, radiological and nuclear (CBRN) threats.
The insurance industry has long been reluctant to cover war and state-backed attacks, given that the damage inflicted is potentially massive.
Similarly, many cyber insurance policies would not be triggered in the event of a state-backed cyber attack, leaving the UK government as the “insurer of first resort”.
Insurance clients have objected to the industry’s refusal to cover state-backed cyber attacks, as it leaves them exposed to hackers allied with foreign adversaries.
Governments have typically distinguished terrorism, involving rogue actors, from acts of war. But that boundary has become harder to draw — raising questions over whether Pool Re still has a role.
“It’s often quite difficult to understand who is behind an attack,” Clementi said. “If you took an extreme view and said that any act with any involvement from a state was to be excluded from the scheme, Pool Re could quickly become redundant,” he added. “You could narrow the scheme to such an extent as to make us obsolete or irrelevant.”
Pool Re’s scheme is only triggered when the government certifies an event as an act of terrorism. Clementi said the reinsurer is speaking with the government about bringing “greater clarity” to its role.
Insurers have argued that the government should extend Pool Re’s remit to state-backed cyber threats and privately say that there has been a market failure. If the government backstopped the market by offering to cover the biggest losses, they said, private insurers might be willing to provide more cyber cover.
Clementi said that, in its existing scheme, Pool Re pays the government to shoulder a responsibility that already implicitly sits in Westminster, given that the government would be expected to provide support in the event of a terrorist attack.
Furthermore, Pool Re has built up a £6.9bn reserve, and has purchased billions more in commercial insurance, giving it a £12bn buffer before it would need to call on UK government finances in the event of a major terrorist attack.
But Clementi concedes that the public backstop is vital to Pool Re being able to offer cover for CBRN attacks, which have the capacity to do the most damage. “It’s really only because of the government guarantee that we can offer that unlimited CBRN cover.”