Hotel terror attacks inspire need for actuary data

Severe Potential Losses

Financial losses due to terrorism can range from mediocre to massive, and follow-on lawsuits and brand name damages, while difficult to calculate, are, nevertheless, injurious.

Take, for example, the November 2008 raid on Mumbai by Lashkar e Taiba that included attacks on two hotels: the Oberi Trident, and the Taj Mahal Palace and Tower. Many of the 164 killed and 308 wounded were staying at these hotels, and the Indian government spent many thousands of dollars compensating the victims and their families. By August 2010, restoration costs for the Taj Mahal had reached 1.75 billion rupees, or $28.4 million USD. Insurance payouts for lost business and restoration reached 1.80 billion rupees, or $29.2 million USD.

The insurance payouts for the September 2008 Islamabad Marriott bombing, presumably by al Qaeda and/or its cohort organizations, didn't go smoothly at all. The owner of the hotel, Hashwani Hotels Limited, filed six lawsuits to recover 2.067 billion rupees, or $33.6 million USD, from six policies via two insurers: PICIC Insurance Company Ltd. and New Jubilee Insurance Company Ltd. The tussle was over a fire vs. bomb damage issue. When the bomb exploded, it did serious damage to the hotel, but it didn't destroy it. What exactly happened next is still being debated, but one prevalent account is that overpressure from the blast ruptured the hotel's gas lines, and the resulting fire engulfed the building, causing significant damage.

Hashwani Hotels asserted that both the blast and the fire were covered by its many insurance policies. The insurance companies disagreed, asserting that the fire damage wasn't addressed by terrorism coverage. The Pakistan Observer, in an article on corruption in Pakistan's insurance industry, says that the case was still dragging on in the courts as of 2014.

Reconstruction of the Islamabad Marriott pressed forward, regardless of the insurance wrangling, and the Pakistani government promised to have the hotel rebuilt and open for business three months after the attack. It technically reopened for business on December 28, 2008. Throughout reconstruction, 1,000 hotel staff members were put on paid leave. Reconstruction required 2,000 workers laboring full time, nearly 'round the clock. The total reconstruction and renovation cost was $20 million USD.

Hotel Terrorism Underwriting Challenges

The Hashwani Hotels fiasco is representative of the sharp financial and legal twists and turns that can occur in the hotel terrorism underwriting sector. When risk is poorly assessed, when policies aren't clear, and when there is ample room for arguing over coverage and exclusions, then insurers, re-insurers, lawyers, and victims all end up in blame game brawls and shambolic disputes over risk transference and hefty payments.

After the Islamabad Marriott attack, scores of international re-insurance companies just up and quit Pakistan. Local companies filled the gaps, but because of corruption the gaps can't be considered truly filled, and business in Pakistan suffers.

More, terrorism insurance can be narrow, which leaves clients uncovered regarding losses resulting from "popular uprisings, insurrection, civil wars and wars," says Piers Gregory, terrorism underwriting manager at Ace. As a result, the carrier has put together a set of property and full political violence insurance covers, so that clients can be assured that they have full physical damage protection should they suffer from a Hashwani-type scenario.

In some cases, local insurers have poor visibility on threats while reinsurers focus on them intently. Sherry Kennedy of the African Trade Insurance Agency (ATI) says, "At the level of the local insurance companies, nothing much is being done to re-analyze the threats." The locals rely mostly on Lloyd's for this service. Kennedy cites Tanzania as an example. "A number of Tanzanian hotel risks pass to overseas reinsurers without being seen by local insurance companies." This opens up scenarios for misunderstandings between the two insurance entities and the client.

The legal issues that hound hotel insurance are becoming more prevalent as well. PKF Hospitality Research asserts that, "Liability insurance premiums are the fastest growing expense for hotel owners." Again, this spills over into hotel terrorism coverage and also embroils duty of care of employees and patrons.

The problematic Islamabad Marriott case provides yet another example of liability issues. The widow of U.S. State Department contractor Albert DiFederico, one of two Americans killed in the bombing, filed a wrongful-death suit in June 2011 in a Maryland federal district court, not against franchiser Hashwani Hotels Ltd., but against Marriott itself.

In April 2012, the court rejected the case, saying that Pakistan was its proper venue. Lawyers for DiFederico, however, successfully appealed on grounds that Pakistan was too dangerous a place for the widow to go to court, and that investigations there were mired in irregularities. In May 2013, the court agreed to hear the case in Maryland.

The core of their fight, at present, is this: Marriott asserts that the franchise was responsible for on site security. The DiFederico attorneys assert that Marriott was responsible for insuring that Hashwani followed unrivaled security standards. The outcome of the case might provide a major precedent for the hotel industry writ large.

In a similar case, UK citizen Will Pike is suing Indian Hotels Company Ltd. for the paralyzing injuries he sustained during the terror attack on the Taj Hotel in 2008. His legal team claimed security at the Taj was lax, and that the hotel was negligent in providing for the safety of its patrons – duty of care yet again.

Hotel attack actuary data

Hotel actuary attack data and analyses can drive more effective underwriting based on long-term pattern analyses and clear case studies, which means higher quality policy writing, well understood coverage, clear exclusions, and realistic premiums.

It can reveal patterns that show if attacks are rising or falling, or simply undulating up and down. It can tell what countries and regions experience the most attacks, and it can demonstrate casualty rate trends. Actuary attack data can, in many cases, tell where explosives are most commonly placed, and the how and why of such attacks. It can moreover provide critical case studies that show clear precedents for underwriting.

Such precise information can help risk analysts better convince stubborn parties that threats do indeed exist. Kennedy of ATI provides an example from East Africa. "The threat perception from terrorist activities was ruefully low, until Westgate happened. This in spite of the fact that reinsurers were virtually shouting from the rooftops about possible attacks, based on the threats issued by Al-Shabaab."

What does hotel actuary attack data actually look like? Consider the following. From July 2013 to June 2014, there were 89 terror attacks on hotels around the world. (Two were sophisticated hoaxes that triggered significant bomb squad mobilization.) There was no set pattern of rising or falling attacks. July, August, and November had the most attacks. September, January, and June had the least. Regarding casualties, 398 people were killed, and 540 were wounded. Seventy-two percent of attacks were direct, and twenty-eight percent were indirect.

As an aside, direct vs. indirect attacks are critical to understand. Direct attacks are just that–when the hotel property is deliberately targeted and struck. Indirect attacks happen next to or near hotels, and they present major problems. National Specialty Underwriters tells us why: "The Boston Marathon bombings [April 2013] affected hotels in many ways, even though they were merely in proximity to them. The attack killed 3 people and injured 183. We have been blessed in this country [the U.S.] to have avoided many hotel related attacks, however they have happened and can easily happen here."

Immediately after the bombings, most businesses within a 15-block radius were shut down. This included hotels. The luxury Mandarin Oriental hotel, which was next to the finish line, was evacuated. The nearby Sheraton, on the other hand, went on lockdown with armed guards posted at its front entrance. The Marriott, the Hilton, the Fairmont Copley Plaza, the Loews Boston Back Bay Hotel, and the Wyndham Hotel Group increased security as well. The latter even upgraded security on its properties in NYC for good measure.

The fact that the terrorists didn't hit hotels in Boston was partly luck. Hotels overseas get hit regularly. Actuary data from the same 12-month time span mentioned earlier paints a sinister but informative picture. Some 21 countries experienced hotel attacks. Pakistan had the most, followed by India, Somalia, Afghanistan, and Kenya. Thailand, Malaysia, Myanmar, Yemen, and Egypt–among scores of others–made the list as well. Of course, regions with highly active insurgencies and terror groups–where attacks against many different targets happen almost daily–scored high on the hotel attack list. Surprisingly, however, it was countries where insurgent and terror groups with lower operational tempos that collectively had the most hotel attacks.

It's vital to know just how terrorists attack hotels as well; what their tactics, techniques, and procedures (TTPs) are. Underwriters can use actuary data to decisively define what attack scenarios are covered so there is no ambiguity such as with the Marriott Islamabad case. They can also work with clients to mitigate these TTPs to the extent possible to decrease the probability of attacks and subsequent payouts. "In many instances," says Kennedy, "premium rates have been reconsidered by the London reinsurers upon receipt of such information from the local insurers."

The most commonly used terror tactic during the aforementioned 2013-2014 time frame was premeditatedly planting bombs at or near hotels. This occurred in 24 of the 89 cases discovered. Twenty-five percent of the time, terrorists managed to smuggle bombs into hotels. Twenty-eight percent of the time, bombs were placed on the hotel property or physically against the outside of the hotel. Likewise, twenty-eight percent of the time, bombs were placed near hotels; close enough to either rattle the building or cause PR damage in the press.

There were three cases where terrorists hurried into a hotel, dropped a bomb off at the reception counter, and then rushed out. One of these happened in May 2014 in North Ireland where a masked man carrying a "hold-all" bag told reception staff at the Everglades Hotel in Londonderry he was with the IRA and was leaving them a bomb. The hotel evacuated, and as army ordnance disposal experts were trying to defuse the device, it exploded and burned the hotel lobby.

Regarding other tactics, there were 14 raids where gunmen with assault rifles, sometimes throwing grenades, assaulted hotels. In a more devious attack, in March 2014 at the upscale Serena Hotel in Kabul, teens working for the Taliban smuggled small caliber handguns through previously deemed thorough security checks and opened fire on patrons in the hotel restaurant, killing nine and wounding six. They held security off for two hours before being killed.

Other tactics included suicide bombers, car bombs, grenades hurled from the street, and even kidnapping raids. Some of the latter were amphibious raids in Sabah, Malaysia. In one situation in April 2014, Abu Sayaaf Group (ASG) terrorists from the Philippines raided the Singamata Reef Resort via boats and absconded with two hapless civilians. The ASG took the victims to the Philippines.

Next Steps

Accurately analyzing risks for hotel terrorism underwriting is critical, especially in today's increasing threat environment. Actuary data can improve underwriting by injecting discipline and fact-based terrorist behavior patterns into the risk analysis process. This means clearer and more decisive underwriting backed by science and real-world analyses, not guesswork. It also means, if applied correctly, less room for problematic and expensive litigation.

Both the automotive insurance and life insurance industries use actuary data to excellent effect, so why not hotel terrorism underwriters? Five or ten years of data, processed by terrorism subject matter experts–not MBAs and general insurance risk analysts–is the way forward. It's a niche expertise for an essential insurance sector with a tremendous amount at stake regarding lives, property, and finances.