The recent bombings at the Brussels Airport and Maalbeek metro station are another sobering reminder of how much vigilance is needed to protect against these kinds of public health and safety from attacks. They show once again that violence—whether resulting from terrorism or otherwise—can occur any time at any place, and can have far-reaching impacts.

Risk management programs should generally include measures to reduce the risk of violent attacks, such as security policies and procedures. At the same time, companies should also prepare for the possibility that precautions are not enough to prevent all attacks. As a result, preparations should also include steps such as creating a comprehensive crisis response plan as well as reviewing the “terrorism” provisions in the company’s insurance policies.

Terrorism provisions may cover terrorism or exclude it. In addition, the scope of these provisions can vary widely from policy to policy.

Terrorism coverage usually defines “terrorism” narrowly. For example, under the Terrorism Risk Insurance Act, a terrorist attack must meet a minimum damage threshold and be officially certified as an “act of terrorism” to trigger coverage under the program.

Conversely, terrorism exclusions often define “terrorism” broadly. Sometimes these provisions are so broad they could be read to exclude coverage for claims that would not normally be thought of as “terrorism.”

One recent piracy case we handled illustrates this point. Several gunmen boarded an oil rig off the coast of Nigeria, wounding workers and holding them hostage, even taking one of them ashore to a camp in Nigeria for ten days before he was rescued “amidst gunfire, bombings, and a helicopter raid.” After being sued by victims of this incident, our clients sought coverage under several policies, including package policies as well as stand-alone kidnap and ransom policies. Some of those policies defined “terrorism” as:

the use or threatened use of force or violence against persons or property, or commission of an act dangerous to human life or property, or commission of an act that interferes with or disrupts an electronic communication system, undertaken by any person or group, whether or not acting on behalf of or in connection with any organization, government, power, authority or military force when the effect is to intimidate or coerce a government, the civilian population or any segment thereof, or to disrupt any segment of the economy.

The carriers denied coverage, principally relying on this definition, and suit was filed in response. The court found these events could reasonably be “terrorism” because such actions could (1) have a chilling effect on maritime activity in African coastal waters, a “segment of the economy,” and (2) could intimidate all vessel workers in that area, a “segment” of the “civilian population.”

On the other hand, the court also found that these events could reasonably be just a violent robbery and kidnapping only affecting the workers on that rig, and so not “terrorism” under the policies’ definition. Because both interpretations were reasonable and all doubts must be construed in favor of coverage, the court properly held in favor of the insureds.

Even though the insureds prevailed, it is noteworthy that the court found a broad reading of the terrorism exclusion was “reasonable.” Under that reading, claims such as premises liability for a parking lot holdup might constitute “terrorism.” Insureds should check their policies for similar language. If broad terrorism exclusions are present as well as vulnerability to terrorist attacks, it may be worthwhile to ask for a narrower definition or look elsewhere in the market. As the history of this claim illustrates, insurers are not shy about raising terrorism exclusions to bar coverage.