As aircraft from the United States and other nations continue to bomb parts of the self-proclaimed Islamic State (commonly known as ISIS), the long-term effects of the offensive remain unclear. What is extremely worrying, however, is that ISIS has more financial power — thanks to seized oil production and black markets — than al-Qaeda had even when it perpetrated the 11 September 2001 attacks against the United States.

Back then, private insurers paid out US$44 billion in claims, allowing most of the affected businesses to bounce back and to protect jobs. But after the shock of 9/11 — then the most costly disaster in the history of insurance — insurers started to exclude terrorism from their policies, so governments were forced to take on some of the risk.

Thirteen years later, terrorism risk insurance remains a peculiar, yet crucial, business. Governments want their citizens and corporations to have financial protection. But, for security reasons, they are reluctant to share information about a terror threat that is dynamic in nature: terrorist organizations morph and adapt to governments’ foreign policies and countermeasures. Yet to decide on a cost-sharing agreement, and to make sure that compensation will be in place, all involved in the negotiations must have some idea of the probable impact of a possible terrorist act.

Most national insurance schemes have a threshold at which the government intervenes. The United States is currently debating this as part of discussions on the renewal of its post-9/11 agreement, the Terrorism Risk Insurance Act (TRIA), which is scheduled to expire in December. Congress and the president should renew it.

The United States might be the most high-profile target for terrorists, but the threat is international. Still, only 10 of the 34 countries in the Organisation for Economic Co-operation and Development (OECD) have established national public–private terrorism risk-sharing programmes that are transparent and legally binding. This is short-sighted: ex ante risk-sharing can considerably reduce the market and political over-reaction after a large attack.

On 10 September, the day that President Barack Obama announced the United States’ offensive against ISIS, I chaired an OECD conference in Washington DC that gathered together the heads of these national programmes, insurance executives and scientists from around the world to discuss the status of these programmes and ways to improve them.

A key issue that emerged is the importance of determining the probable maximum financial impact of a terrorist attack, and who should foot the bill. Private insurers can cover losses of a few billions of dollars without assistance. But if losses are likely to reach $50 billion or $100 billion, then they want government guarantees that their liability will be capped at an acceptable level.

This is where scientists have a role. Through practical experience and theoretical models, researchers — from weapons specialists, chemists and engineers, to physicians, economists and psychologists — hold knowledge that can help each country with that analysis.

Terrorism risk insurance remains a peculiar, yet crucial, business.

By combining data such as infrastructure systems, working patterns, evacuation plans, health impacts, business interruption and recovery time with a range of plausible attack scenarios, one can predict economic loss. And by combining that with information on market conditions, it is possible to quantify how terrorism losses will be spread across different stakeholders under alternative national risk-sharing designs.

The Wharton Risk Management Center’s ‘TRIA after 2014’ study, which was undertaken with Risk Management Solutions and which I co-led, does that for the four largest cities in the United States. It found, for example, that the loss caused by a 1-tonne sarin chemical-agent attack would range from $9 billion in Houston, Texas, to $25 billion in New York. By comparison, a 10-tonne truck-bomb attack would cost $28 billion and $32 billion, respectively. Under the current TRIA, the US federal government would not pay any of those damages — insurers and businesses would.

Costs would be much higher for a 1-kilotonne nuclear-weapon attack: around $170 billion in Houston, $230 billion in Los Angeles, $340 billion in Chicago and $550 billion in New York City. Losses of property and because of business interruption account for the majority of the cost, but workers’ compensation loss is large, too (because of the combination of blast effects, and thermal and nuclear radiation).

Although there is a consensus that such a nuclear attack would be much harder for terrorists to perpetrate without being spotted by intelligence services, ISIS’s financial capability should not be underestimated; nor should the possibility that it, or other organizations, will decide to adopt other modes of attacks, such as using cyberspace.

With proper access to data on exposure and insurance markets, our methods could be applied to help any country to make informed decisions, whether or not it has a terrorism insurance programme. The OECD could provide a neutral platform for these discussions.

This is a new global context. Of course, proper insurance coverage will not prevent the next large-scale terrorist attack. But it will help economies to become more terror-proof, bringing an ounce of stability into our turbulent world.