‘When, not if’: Gallagher’s Rae puts political violence on the boardroom agenda

The era of the highly coordinated, spectacular attack has given way to smaller, localised and home-grown violence that defies traditional risk modelling. Businesses need to stop thinking about political violence as an insurance purchase and start treating it as a resilience challenge.

KEY POINTS:
Self-radicalised attacks rising in UK
Low-tech violence defies modelling
Martyn’s Law puts risk on the board

That is the message from Jonathan Rae, executive director of crisis management at Gallagher, who believes organisations are facing a more unpredictable threat environment than ever before.

“Businesses need to look at when an attack is going to happen, not if an attack is going to happen,” he told AIRMIC Today.

Some businesses are exposed by design. Rae is particularly concerned about venues that attract large crowds, including transport hubs, shopping centres, stadiums, libraries and courts. But he argues that the implications extend well beyond those sectors.

“Unfortunately, the security situation globally and also locally is on a worsening decline,” he said.

Businesses, he argued, need to build security and operational resilience into their C-suite agenda, “which is not something that many businesses have done in the past”.

“Many organisations still misunderstand the scope of their cover”

Changing threat landscape

For many organisations, the challenge is that political violence is changing. Large-scale, highly coordinated attacks have increasingly given way to self-radicalised individuals, flash protests and spontaneous acts of violence. Much of this activity falls below the legal threshold for terrorism, yet can still cause significant operational disruption, Rae warned.

“It’s very difficult to model political violence,” he said. An attacker using a knife, a vehicle or a crude home-made device requires little planning, making traditional predictive approaches less effective. 

The shift is forcing businesses to rethink their approach. Rather than focusing solely on transferring risk, boards are increasingly being asked to consider security, preparedness and operational resilience.

That conversation is likely to intensify as organisations prepare for the Terrorism (Protection of Premises) Act 2025, better known as Martyn’s Law. The legislation, which received Royal Assent last year, will place new duties on venues and public spaces to improve preparedness for terrorist incidents.

According to Rae, the law represents a significant shift in accountability. “We’re not just waiting for a loss to happen,” he said, noting that the focus has to be on prevention.

“Businesses need to look at when an attack is going to happen, not if an attack is going to happen.”

Mind the policy gaps

While insurance remains an important part of the solution, Rae believes many organisations still misunderstand the scope of their cover.

Political violence encompasses a range of distinct perils, including terrorism, riots, civil commotion and malicious damage. He explained terrorism cover is the usual entry point, but its wording often requires proof of ideological or religious motivation, and clauses involving foreign government involvement can void a claim.

“If you’re only purchasing three out of the seven or eight definitions, then potentially you’ve got gaps within that policy,” he warned.

One of the most commonly overlooked exposures, he said, is non-damage denial of access. Following an attack, police cordons or forensic exclusion zones can prevent businesses from accessing otherwise undamaged premises for days.

“You could be caught up in a non-damage denial-of-access loss,” Rae said, “where your building isn’t damaged, but you are still unable to access the premises.”

Technology is adding another layer of complexity. Rae points to AI, drones and 3D-printed firearms as developments that could further increase the frequency and unpredictability of attacks. With digital connectivity and social media, an incident across the Atlantic can spark protests across London’s streets within a day, which is why political violence, he said, can “behave like a pandemic”.

For risk managers, that means looking beyond individual sites and considering wider operational dependencies, including suppliers, transport networks and critical infrastructure. Rae’s advice is to work with specialist brokers who can bundle threat intelligence and crisis response with the cover itself.

The challenge, Rae argues, is no longer simply securing enough insurance capacity. “There’s still a healthy, competitive market in this space,” Rae said. It is building the intelligence, preparedness and resilience needed to respond when disruption occurs. 

For more news from AIRMIC Today, click here.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.