New products show insurers reassessing risk in U.S. mass shootings

NEW YORK (Thomson Reuters Regulatory Intelligence) - Lawsuits brought by survivors and relatives of those killed in mass shootings against premise owners and operators are usually based on the defendants’ alleged failure to employ adequate security and safety measures, which could trigger payment claims under the defendants’ liability insurance policies.

A salesman takes a gun out of the display case at the Cabela's store in Fort Worth, Texas June 26, 2008.

Media coverage and government data suggest a rapid rise in the frequency of mass shooting incidents. Juries, like the one in 2016 that absolved theater chain operator Cinemark in the 2012 Aurora, Colorado massacre, are sometimes reluctant to hold businesses liable for the failure to stop a determined shooter. Nevertheless, insurers have started to take a hard look at their product portfolios to determine their exposure to this class of risk.

For starters, employer liability for worker injuries suffered during a work-site attack may be covered by workers’ compensation insurance, which generally is the workers’ exclusive remedy. Commercial general liability (CGL) policies address claims for bodily injury and property damage suffered by third parties such as customers, visitors and bystanders. Many CGL policies, however, do not explicitly cover or exclude mass shooting incidents, and both CGL and workers’ compensation may not respond to certain claims, for example, those brought by people like ex-spouses specifically targeted in an attack.


CGL policies sometimes include terrorism endorsements that may, under specified conditions, address either foreign or domestic acts of terrorism.

Under the federal Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA), insurers must offer terrorism coverage embedded into their main commercial lines based on the same terms, amounts and other limitations applicable to other types of covered losses.

In exchange, the federal government provides reinsurance for certified acts of terrorism that meet the specified loss thresholds. TRIPRA is the latest reauthorization of the Terrorism Risk Insurance Act of 2002 (TRIA) and extends the federal backstop until the end of 2020. TRIA was signed into law by President Bush to respond to a severe shortage of private reinsurance capacity after the September 11, 2001 terrorist attack.

Risk-averse insurers can define “terrorism” narrowly in embedded policies to enable the insurer to obtain reinsurance on losses after it meets the specified TRIPRA deductible. The 2007 reauthorization of TRIA expanded the program to cover domestic terrorism, which had previously been excluded. Still, certification requires the government to determine that the attack was an effort to coerce U.S. civilians or the U.S. government. This standard makes it difficult for the government to certify domestic mass shootings such as those in Las Vegas, Sutherland Springs, Texas and Newtown, Connecticut, which lacked a discernable coercive motive. In any event, the U.S. government has not to date certified any acts of terrorism, foreign or domestic.

If the insured rejects embedded coverage, the insurer can specifically exclude terrorism from the policy. Policies that exclude only certified acts arguably cover losses (absent another exclusion) arising from apolitical domestic mass shootings. Insurers, however, have wide latitude under TRIPRA when drafting their exclusions. Thus, insurers can define terrorism very broadly in their policies (including their umbrella or excess liability policies) to exclude coverage for almost any kind of violence, including domestic mass shootings regardless of motive.


Some insurers offer stand-alone terrorism coverage outside the regulatory environment of TRIPRA. The market is dominated by polices that supplement commercial first-party property insurance. Recent attacks, however, have focused on producing maximum casualties with minimal property damage.

This could spur demand for stand-alone terrorism liability insurance, which typically includes broader coverage terms than embedded policies. For example, stand-alone policies can respond to the insured’s negligence even if the government does not certify the terrorist act. The policies generally also have higher coverage limits, which could help companies to insulate their CGL policies from the catastrophic loss of a major attack.

Stand-alone terrorism policies introduce another grey area if they neither specifically cover nor exclude domestic mass shootings where the motive is unclear.


A more recent trend to fill the gap is the development of active shooter insurance. Sometimes called active assailant insurance, these are policies that protect companies from liability arising from random violence, including mass killings conducted by a lone wolf with a gun or other handheld weapon.

The policies include a variety of features to help companies prepare for threats, such as vulnerability assessments and training tools. The policies also include services that kick in after an attack regardless of the insured’s liability, for example, crisis management services, counseling and funeral expense reimbursement. Active shooter policies may also include first-party property damage and business interruption components. Unlike some traditional products, the business interruption component may respond even if there is minimal property damage.

A quick survey of the sales literature indicates that some policies appear to cover both terrorist and apolitical attacks. While some policies exclude coverage for incidents affecting more than the specified number of victims, for example, 50, this could presage a consolidation of products, which would provide clarity for insureds who want protection regardless of the attacker’s motive.

(By Lawrence Hsieh for Regulatory Intelligence)

(Lawrence Hsieh is a senior legal editor for the Practical Law division of Thomson Reuters.)