Research Brief


How does the Terrorism Risk Insurance Act (TRIA) align with the evolving terrorism threat? Transnational and domestic terrorism trends reveal that TRIA does not provide adequate financial protection, particularly in the face of economically motivated attacks. It also shows that TRIA has significant gaps and is not robust to an evolving threat, particularly in the area of chemical, biological, radiological, and nuclear attacks and in the exclusion of domestic attacks. Policy recommendations are made to address these concerns.

After 9/11, concerns about the insurance industry's ability to provide coverage against the risk of terrorism led Congress to pass the Terrorism Risk Insurance Act of 2002 (TRIA). TRIA requires insurers to offer insurance that will pay on claims that occur from a terrorist attack perpetrated by foreign groups using conventional weapons on commercial assets; for losses on the scale of 9/11, it provides a "backstop" in the form of reinsurance. But while such terrorism insurance is widely available, many American businesses have not "taken it up." Because the act "sunsets" on December 31, 2005, now is a good time to examine whether the structure and style of government involvement, and the terrorism insurance market that has been created, provide appropriate financial protection against the current or future threat of terrorism.

RAND Corporation research seeks to address this issue, focusing on two sets of questions: (1) what is the evolving threat from transnational and domestic terrorism? (2) what are the public policy implications of these trends for terrorism insurance?

The Evolving Transnational Terrorist Threat

Al Qaeda remains the principal transnational threat to the United States. However, the group has suffered in the wake of the Global War on Terror, morphing from a centrally controlled organization capable of executing strategic assaults with an inner core of jihadist activists to a more nebulous, segmented, and polycentric organization that has been forced to "farm out" tactical strikes to local affiliates (and individuals) as (and when) opportunity arises.

These changes portend four future trends. First, the group will have a continuing interest in hard targets but an increased focus on soft, civilian-centric venues. Destroying hard targets underscores al Qaeda's credentials as a meaningful force, and its importance to the group is indicated by the continuing interest in such venues since 9/11. However, because of the operational constraints of the post-9/11 era, the group has been forced to give increased attention to soft targets, which are both easier to attack and more consistent with the capabilities and resources of affiliates. Although lacking the symbolic prominence of hard targets, the relatively unguarded and highly civilian-centric nature of these sites means that attacks are liable to produce large numbers of casualties.

Second, there is an ongoing emphasis on attacks with large economic consequences. For bin Laden, 9/11 exposed the United States as a "paper tiger" on the verge of financial ruin and total collapse. It also underscored his belief that the best way to destroy the country was to focus attacks on key pillars of the American economy. The group has made it clear that it would like to pursue this objective directly on U.S. soil.

Third, the group will continue to rely on suicide attacks, which have spread across Europe, Asia, and the Middle East since 9/11. While no such attacks have occurred in the United States since 9/11, the nation is vulnerable, since it has lots of venues, a lack of law enforcement expertise in the area, and a highly risk-averse society.

Fourth, the group will continue its active interest in chemical, biological, radiological, and nuclear (CBRN) attacks, but it will have little ability to execute large-scale ones. The most likely scenarios are releases of radiological material through so-called "dirty bombs" and low-technology biological attacks, such as the contamination of the food supply with a bacteria or toxin.

The Evolving Domestic Terrorist Threat

A growing groundswell of domestic radicalism has emerged. Increasingly motivated by anti-globalization, three homegrown entities—all of which have demonstrated, in varying degrees, an explicit penchant for civilian-directed violence—are of particular concern in this regard:

  • Anarchists, who resonate with the claim that international trade and commerce is, in fact, a mask designed to hide and covertly advance U.S. global economic, cultural, and political power.
  • Far-right extremists, who reject the loss of identity from international movements of people, commodities, and money; who oppose the concentration of power from globalization; and who argue globalization is an American-led conspiracy by and for the benefit of Jewish capitalists.
  • Radical environmentalists, who now routinely denigrate corporate power and capitalism (and the unrestrained discretionary spending they entail) as posing the single greatest threat to the planet.

A notable common thread in many of the trends is an increased risk for the private sector. This arises from the changes in the operational environment because of the Global War on Terror; the hardening of government facilities, which is shifting risk to softer targets; the rise of extremists motivated by anti-globalization and therefore hostile to corporate power; and the increased focus by al Qaeda on attacks that yield magnified economic consequences.

Public Policy Implications for Terrorism Insurance

We identify two key implications of these trends.

First, TRIA does not provide adequate financial protection, particularly in the face of economically motivated attacks. Specifically, take-up rates for terrorism insurance may be too low, thus escalating the risk of disruption after future attacks and undermining resilience. As al Qaeda increasingly advertises its interest in attacks with magnified economic consequences and as the private sector becomes more the focus of terrorist attacks, institutions that buffer the economic consequences of such an attack must be fortified. Insurance provides funds to compensate injured victims and the families of the deceased, sustain business operations during disruption, and rebuild damaged and destroyed assets and infrastructure. But take-up rates at current low levels are likely to lead to widespread uninsured losses, which would slow recovery and magnify the economic consequences.

Second, TRIA has significant gaps and is not robust to an evolving threat. There remains a real possibility of large uninsured losses accruing in the near-to-medium term from attacks that are excluded from coverage, which will significantly impede the recovery from some future attacks. The most profound risk is in the area of CBRN attacks, for which insurers are not required to offer coverage (except under workers' compensation). Another significant gap is TRIA's exclusion of domestic attacks; while such attacks are less of a risk than imported threats, they remain real and increasingly focused on private-sector targets. Excluding domestic attacks is also problematic because al Qaeda "franchises" attacks to local affiliates and because it is hard to attribute attacks to a particular group.

Policy Recommendations

Given these conclusions, the report suggests that instead of allowing TRIA to sunset, particularly in the face of economically motivated terrorist attacks, Congress might prefer to consider policy measures that increase the take-up of terrorism insurance and lower its price. These measures might include offering subsidies for the purchase of terrorism insurance or providing more risk sharing within the insurance industry in the form of lower TRIA "deductibles" for insurance companies. With lower individual company deductibles, if the entire industry's backstop remains the same (the industry "retention" of $15 billion), the price of terrorism insurance is likely to fall without increasing costs to taxpayers.

A long-term solution to providing terrorism insurance in the United States must address CBRN attacks and attacks by domestic groups. While the extension of TRIA to domestic attacks is straightforward, CBRN coverage poses significant challenges for insurance and may be appropriately covered through a direct government program.

Other suggestions include considering mandatory requirements for companies that own or operate systems vital to the functioning of U.S. critical infrastructure to carry adequate levels of insurance. Also, while the ability of insurance to prompt increased security in the private sector is promising, further research is needed. Finally, an oversight board of national governors should be established to review the performance of TRIA or its successor and ensure that it is robust to changes in the underlying risk.

The RAND Center for Terrorism Risk Management Policy is a joint project of RAND Infrastructure, Safety, and Environment; RAND Institute for Civil Justice; and Risk Management Solutions.

This report is part of the RAND research brief series. RAND research briefs present policy-oriented summaries of individual published, peer-reviewed documents or of a body of published work.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.