Police in Verviers, Belgium investigate after anti-terrorism operations on 15 January that left two suspects dead. Credit: JOHN THYS/AFP/Getty Images

From France to Nigeria, the world is reeling from a wave of deadly terrorist attacks. As governments scramble to respond, researchers and analysts are attempting to calculate what the terrorism risk is and how it is changing. Such insights are crucial for those trying to foil attacks and for companies that offer insurance against terrorism, but it is neither an easy nor an exact science.

Al Gore’s dream spacecraft gears up for launch Hidden hurdle for women in science Science and satire: The Paris attacks

To calculate the risk of attacks, analysts must have access to a system for tracking events that have already happened. That is not straight­forward, in part because terrorism is hard to define — the boundary between crude acts of terrorism and violent insurgencies is blurry.

At the University of Maryland in College Park, Erin Miller oversees an effort to record terrorist events and make the data available to researchers. The group has settled on a definition of terrorism: “the threatened or actual use of illegal force and violence by a non-state actor to attain a political, economic, religious, or social goal through fear, coercion, or intimidation”. The resulting Global Terrorism Database (GTD) provides insights into how terrorism has changed over the past few decades (see ‘The changing nature of terrorism’).

Overall, it shows that the number of reported events — from targeted assassinations to hijackings and suicide bombings — has sharply increased globally since the turn of the millennium, mostly driven by attacks in the Middle East, Africa and south Asia. In the past ten years, half of all global terrorist attacks, and 60% of all fatalities, occurred in just three countries — Iraq, Afghanistan and Pakistan. By contrast, after the attacks in the United States on 11 September 2001, Europe and North America suffered relatively few successful attacks.

Credit: Source: Global Terrorism Database

Counterterrorism measures vary between regions. In areas widely controlled by militant organizations such as the Afghan Taliban, ISIS or Boko Haram — responsible for an attack in Baga, Nigeria, this month that killed an estimated 150 people, among other events — counter­terrorism forces are ineffective, corrupt or simply absent. However, many Western countries stepped up prevention measures in the wake of 9/11.

Plots in the West that were not foiled — including fatal attacks in Madrid in 2004, London in 2005, Norway in 2011 and most recently against the magazine Charlie Hebdo and in a supermarket in Paris — may be due to terrorist organizations switching to using fewer operatives, relying instead on small cells and lone actors, says Miller. This makes it less likely that details of a planned attack will leak out. “Al-Qaeda propaganda is clearly encouraging individuals to take up small attacks on their own,” she says.

As well as tracking attacks, the GTD is also being used to make predictions. Relying in part on the database, Aaron Clauset, a computer scientist at the University of Colorado Boulder, found in 2013 that the likelihood and magnitude of terrorist attacks are related by a phenomenon known as a power law. Smaller strikes with relatively few fatalities, such as in Paris, are sooner or later followed by a rare event with extremely high severity, such as 9/11 (A. Clauset and R. Woodard Ann. Appl. Stat. 7, 1838–1865; 2013).

Power laws are a source of mathematical fascination because they describe a wide range of phenomena, including earthquakes and stock-market collapses. But Clauset used the relationship to predict that, given the historic rate of small-scale attacks, there is at least a 30% chance of another attack on the scale of 9/11 in the next decade somewhere in the world. He also points out that very large events are more likely under a power law than they would be under a bell-shaped distribution — something that counterterrorism authorities should consider.

His predictions are relevant on a global scale, but they do not help to assess the risk to specific cities or companies, or the absolute magnitude of attacks. Besides counterterrorism agencies, one group tasked with addressing those issues is insurance underwriters, who must assess the terrorism cover that is mandatory for large businesses in the United States and a number of European countries.

The 9/11 attacks caused insured losses exceeding US$40 billion; a nuclear detonation over Chicago, Illinois, or Los Angeles, California, would cause hundreds of thousands of fatalities and financial losses far in excess of $100 billion, according to Risk Management Solutions in Newark, California, which develops terrorism risk models for insurers.

However, such estimates are uncertain. The modelling resembles a game of poker in that it depends on erratic human behaviour and incomplete information.“You cannot reliably track terrorism risk without access to classified information,” says Erwann Michel-Kerjan, executive director of the Wharton Risk Center at the University of Pennsylvania in Philadelphia.

Because insurance companies have not had to pay out substantial claims since 9/11, terror premiums have steadily decreased. However, the terrorism landscape is in flux, and Michel-Kerjan says that governments, scientists and insurance companies are “pretty lost” when it comes to quantifying such a volatile risk. “Charlie Hebdo could have happened anywhere, any time,” he says. “We may not need to raise insurance premiums right away — but we will all need to pay more attention to what is happening in the Middle East, connect the dots, and do the science.”