Corporate active assailant and K&R risks are no longer "emerging" threats

Jane Brown ; 2025-12-04 12:39:07

Workplace anger, ambiguous motives and outdated definitions are redefining risk exposure for businesses

Wholesale

By Chris Davis

Nov 26, 2025Share

Active assailant and kidnap & ransom (K&R) risks have become embedded in day-to-day corporate planning - no longer reserved for distant geographies or classified as emerging. That shift, said Mark Skinner (pictured), chief underwriting officer at Samphire Risk, reflects both a growing frequency and a significant change in the nature of threats.

“It’s much more domesticated,” Skinner said. “Active shooter, kidnap and ransom - these are very much now part of board-level planning.”

Media visibility has also contributed to the shift. “Before, it used to be a story here or there that somebody picked up,” he said. “Now I think mainstream media is definitely reporting more.” As attacks have become more public and more frequent, insurers have responded with product development to meet rising demand.

Are you an insurance innovator? Tell us — we want to hear your story

But visibility isn’t the only thing driving change. The motives behind attacks have also become harder to categorize. Where once K&R and active shooter coverage might have been limited to politically motivated terrorism or targeted extortion, Skinner said today’s incidents often stem from more personal or workplace grievances.

“You could have a workplace violence situation, where somebody’s been let go and fired and has come back into the entity armed with the intent to cause damage and killing,” he said. “That kind of archetypal truck bomb in downtown New York potentially is very difficult to carry out, versus high impact but low sophistication attacks we have seen with vehicles, knives etc.”

From ideological to ambiguous

Skinner said definitions have not kept pace with how these risks are playing out in the real world. Many terrorism policies still require government declaration and specific thresholds to trigger - ideological motive, casualty numbers, or a defined level of property damage. That complexity often leaves insureds exposed.

“Those thresholds can be considered quite high for there actually to be an actual terrorist incident,” he said.

Some organizations approach to active assailant coverage has been to remove that ambiguity. “An attack involving a weapon with the intent to cause harm,” Skinner said, describing the broader definition used in its active shooter policies. “That can be a very basic example of a person with a knife targeting, stabbing one person…which an active shooter policy would pick up.”

That distinction becomes critical when events fall short of terrorism definitions but still have severe consequences for a business and its people. “It offers wider coverage because it actually picks up the traditional terrorist event, too,” he said.

Blended risks, fragmented responses

The blurring of motives and methods means risk is no longer easily segmented - and yet the market still often is. “You’ve got an incident over here on the left-hand side, you call one number…oh, actually, no, it’s a kidnap and it’s somewhere else, so you’ve got to call another number,” Skinner said. “Big, large corporates can end up having five or six numbers to call if there’s an incident.”

He pointed out the operational risk this creates, especially during high-stress, high-impact events. “That incident generally involves a person…something very bad has happened…and cripple this business from a human and asset perspective,” he said. “There’s potential ambiguity of what number do I call, what policy actually responds to that.”

To mitigate this, Samphire advocates for simplified, integrated plans that offer a single point of contact and unified response. “We very much believe in looking at that blending piece…or very clear and concise structured plans so they’re embedded in,” he said.

However, consistent coverage can be difficult to maintain when clients remarket their insurance annually. “Year one, you get one number; year two, you get another number…that cycle just goes around, which actually presents a risk in itself,” he said.

Prevention as coverage

One of the most significant developments in the space is how policies are now being structured to respond “left of incident” - before an event actually takes place.

“If you suspect something’s going to happen…you can pick up that number and get some immediate advice,” he said. “Some of these policies actually respond before the incident happens.”

In the case of active assailants, that includes pre-incident indicators such as stalking or threats. “Was that person known? Was that person displaying traits that something might do that?” Skinner said. “Law enforcement may not get involved until the act has actually happened, but what do you do before? That’s where insurance can actually step in.”

This proactive structure is also emerging in K&R coverage, where virtual kidnaps, express kidnaps and detentions are seeing increased focus. While traditional abduction events still exist, Skinner said the market is trending toward coverage that anticipates and mitigates early-stage threats.

“We’re seeing a lot more around the other acts…often included but not the high-profile bit of policies,” he said.

When claims get complicated

Liability disputes are common, Skinner said, particularly when claims involve multiple parties, landlords, subleases or shared properties. “These are quite elongated, complex risks,” he said. “That’s why this insurance exists.”

The challenge lies in assigning responsibility. “There is always a challenge around who is ultimately held responsible from a vicarious legal liability perspective,” he said.

Having well-informed brokers who understand the specific wordings and nuances of these policies is key to reducing these disputes. “The good brokers and good distribution channels really understand their core wordings,” Skinner said. “The insured needs to be aware of what they’re buying, and how it responds.”

Tangible risk, misunderstood exposure

Partnerships between insurers and crisis response firms like Spearfish Security have become central to addressing risk in high-value sectors, such as mining or crypto. What concerns Skinner most, however, is when clients don’t even realize the level of risk they face.

“You’ve got somebody’s expert in crypto…has a lot of assets…but is unaware of that risk because they’re in a different environment,” he said. “The risk still presents itself as being very tangible and credible and potentially being targeted.”

This disconnect - between operational expertise and personal threat awareness - has created new pressure on insurance to evolve beyond indemnification and toward active risk mitigation.

“That false perception of safety is a risk in itself,” Skinner said.