Pool Re chief: as terrorists lose the physical war, they will transfer into the cyber space

Pool Re is exploring ways of helping its policyholders mitigate risks before they have occurred, according to Julian Enoizi, the chief executive of the government-backed terrorism reinsurance pool.

In an interview with Airmic News, Mr Enoizi said that Pool Re wants to take a more collaborative approach to terrorism risk management, especially working with the larger organisations in the scheme.

"Pool Re has traditionally been about providing help at the bottom of the cliff," he explained. "We are now looking at helping our policyholders put a fence at the top of the cliff, so hopefully they are less likely to fall off. We hope this will be of particular interest to Airmic members who have the ability to take significant steps to promote their own, and ultimately the nation's, resilience."

The insurance industry-owned vehicle has, in recent years, put in place processes to reward good risk management through its pricing system. This next step will be about working more closely with individual businesses, according to Mr Enoizi. "For example, we hope to do more on-site risk assessment visits, and to discuss with our members what is possible in terms of risk mitigation. It's about closer collaboration and advising businesses on the threat and how they can take more responsibility for guarding against it."

Cyber changes to be "price neutral"

Pool Re announced last month that it will be extending its cover to include cyber-triggered terrorism, a decision welcomed by Airmic as a "major step". Offering cyber cover is a notoriously challenging area for terrorism insurance providers given the accumulation effects of the risk and the potential magnitude of claims that could arise from one event.

Mr Enoizi confirmed that, while the new cover will have to be priced using "conventional measures", Pool Re will introduce a number of other changes to keep the extension "price neutral." It will also offer premium discounts for organisations who can demonstrate that they have "reduced the likelihood of loss by adopting accredited protective security measures", he added.

The response to the proposed changes from the business community and insurance market has been "overwhelmingly positive", he added. "This was undoubtedly a gap in our coverage that needed to be closed. I think if we hadn't made these changes, we'd have failed in our duty to evolve the scheme to meet the changing nature of the threat."

Noting that the cover only addresses certain elements of cyber-related terrorism, he said: "What we have done is take off the table one element of cyber risk, hopefully leaving businesses free to focus on other areas of cyber terrorism, and increasing insurance capacity in those other areas."

"Future proofing" the UK

Pool Re's decision has made headlines internationally, as the first move of its kind by any government. "The UK is definitely leading the way. What the government has done is future proofed the scheme and in doing so, made the UK a more attractive place to do business," Mr Enoizi commented.

Pool Re's announcement was the culmination of more than two years of work and is based upon a research study which was commissioned from the Centre for Risk Studies at University of Cambridge Judge Business School, to further Pool Re's understanding of the nature of the cyber terrorism threat.

The study notes that most relevant cyber terrorist actors currently pose a "low likelihood of inflicting severe physical destruction through digital means before 2020", and indeed, the UK has yet to suffer a major terror attack with an officially-classified cyber trigger.

However, the nature of terrorism is likely to change in the near future. According to Mr Enoizi, terrorists usually target the "lowest hanging fruit" and, currently, it is still "far easier for terrorists to drive a car down a crowded street to achieve their objective".

Planning for something major like the 9/11 attack or even the Manchester bombing in May last year, requires a huge amount of knowledge, planning and sophistication, he explains, and the same is true for cyber terrorism.

"However, as the terrorists start to lose the physical war, they will likely look to other means and that may mean that they transfer into the cyber space, though they would still need a level of sophistication in order to cause damage."

Julian Enoizi is chief executive of Pool Re