I will never forget sitting across from my friend at a worn-out diner in Manhattan, years ago now. He was pushing scrambled eggs around his plate, not really eating. He owned a small office building downtown, and his world had just tilted on its axis. His insurance company wanted to strip terrorism coverage from his policy entirely after 9/11. The quote they offered to keep it was astronomical. His choice felt impossible: accept a gaping hole in his protection or pay a premium so high it might force him to sell.

That sticky table conversation changed how I view business risk forever. It is also why I am so passionate about explaining terrorism insurance today. Here is the truth so many of us miss until it is too late: in our post-9/11 world, terrorism insurance is not a standard inclusion in most commercial policies. It is a separate, critical consideration. My friend’s story occurred just before the government intervened with a solution, a backstop known as the Terrorism Risk Insurance Act, or TRIA.

This program is the only reason the marketplace for this essential business coverage exists at all. Why did the government need to create this program? Think about it from an insurer’s perspective. Before September 11th, terrorism was an afterthought, a peril bundled in without much thought. Then, a single event caused nearly $60 billion in insured losses. The industry’s models shattered. Reinsurers, the companies that insure insurance companies, retreated. Suddenly, businesses from coast to coast could not get coverage. Construction stalled. Loans were denied. The economic domino effect was very real. Congress created TRIA as an emergency measure, a shared-risk pool between the government and private insurers.

It has been renewed several times since 2002 because, frankly, the private market still struggles to price this unique risk alone. The mechanism is complex, but the outcome is simple: thanks to this federal backstop, insurers can offer terrorism insurance, and businesses can purchase it at a feasible price. Think of it as your silent financial safety net; it is the reason coverage is available and affordable, a crucial shield for business continuity in the face of unpredictable threats. The process kicks in only after a certified act of terrorism, an event meant to coerce people or the government, with significant insured losses.

Once certified, insurers pay a hefty deductible (think 20% of their annual premium), and then the government steps in to cover most of the remaining losses. This structure keeps insurers invested in smart underwriting. Now, you might be thinking, “That is for skyscrapers in big cities, not for my company.” I hear this often, and it is a dangerous assumption. TRIA requires insurers to offer the coverage, but it does not require you to buy it. This is where many business owners make costly mistakes.

Let us talk about gaps. Standard TRIA-backed policies often exclude nuclear, biological, chemical, and radiological (NBCR) attacks. Even trickier is the gray area of cyberterrorism. Consider the NotPetya attack in 2017, a devastating cyber event attributed to state actors. Was it an act of war? Terrorism? The lawsuits and denials that followed left many businesses in limbo. This uncertainty is a stark reminder to scrutinize your cyber policy. As an advisor, I have seen too many clients realize, too late, that their assumed coverage was full of holes.

A helpful resource to understand the government’s role in this is this GAO report on terrorism risk insurance. The cost is not one-size-fits-all. A warehouse in Nebraska might add it for pennies. That same building in Washington D.C. or near a symbolic landmark will cost more. But here is a reflection from my own experience: the premium is almost always less than the potential loss. We tend to focus on physical damage, but business interruption can be the real killer. After 9/11, businesses near Ground Zero were shut down for months, not from direct damage, but from access being cut off. Does your policy cover that loss of income? The threat landscape is not static.

We are now grappling with domestic extremism and attacks on soft targets like places of worship. The 2019 TRIA reauthorization even specifically highlighted the need to ensure these institutions can get coverage. Furthermore, our interconnected world means your supply chain is vulnerable. An attack on a major port thousands of miles away could shutter your operation. This is called contingent business interruption, and you must ask if your terrorism insurance covers it. So, what is the practical takeaway? My advice is always this: Do not assume. Proactively evaluate. Review your commercial property policy. Is terrorism a named inclusion, or is it excluded?

If it is offered, seriously consider it. Weigh the cost against your location and exposure. Audit your business interruption and supply chain coverage. Think beyond your four walls. Have a frank conversation with your broker about cyber threats and where they intersect with terrorism. My friend in Manhattan? He got his TRIA-backed coverage, kept his building, and his tenants slept better knowing they were protected. His story is not a relic of 2002; it is a lesson for 2024 and beyond. In a world where risk evolves daily, securing comprehensive terrorism insurance is not about fear it is about pragmatic, resilient business planning. Do not wait for a catastrophic event to reveal the gaps in your armor. Look at your policies today.

 References

U.S. Department of the Treasury. (2020). *Terrorism Risk Insurance Program*. https://home.treasury.gov/policy-issues/financial-markets-financial-institutions-and-fiscal-service/federal-insurance-office/terrorism-risk-insurance-program

National Association of Insurance Commissioners. (2025). *Terrorism Risk Insurance Act (TRIA)*. https://content.naic.org/cipr-topics/terrorism-risk-insurance-act-tria

National Association of Insurance Commissioners. (2025). *Insurance Topics | Terrorism Risk Insurance Act*. https://content.naic.org/insurance-topics/terrorism-risk-insurance-act

Insurance Information Institute. (2025). *Does my business need terrorism insurance?* https://www.iii.org/article/does-my-business-need-terrorism-insurance

Carnegie Endowment for International Peace. (2020). *War, Terrorism, and Catastrophe in Cyber Insurance*. https://carnegieendowment.org/research/2020/10/war-terrorism-and-catastrophe-in-cyber-insurance-understanding-and-reforming-exclusions