The Silent Book: The UAP Exposure Underwriters Have Already Written
A Blackgrove Global Risk Analytical Essay — for Chief Underwriting Officers, Reinsurers, and Catastrophe Modelers
TL;DR
The insurance industry's primary UAP/Disclosure exposure is non-affirmative (silent) — it already sits unpriced inside aviation, property, business-interruption (BI), and war books written on physical-loss triggers and Cold War-era war/terrorism exclusions that never contemplated the peril. The wording, not the metaphysics, decides the loss.
The controlling precedents are already on the record and they cut in tension: COVID-19 BI litigation (AC Ocean Walk v. American Guarantee, NJ Supreme Court, 24 Jan 2024) shows physical-loss triggers and contamination exclusions defeat correlated non-damage claims in the US, while FCA v. Arch ([2021] UKSC 1) shows differently-worded UK non-damage extensions pay out — proving wording drives opposite results on the same peril. Merck v. ACE American (NJ App. Div., 1 May 2023) shows a war exclusion fails absent attribution to military action by a sovereign — and UAP is by definition unattributed.
The single most actionable conclusion: run the Lloyd's "silent cyber" remediation playbook (Market Bulletin Y5258, 4 July 2019) as a template and affirm-or-exclude anomalous-incursion exposure at clause level. TRIA offers no reliable backstop — an unattributed anomalous event would almost certainly fail the Secretary of the Treasury's certification test (no act of terrorism has ever been certified in 20+ years), leaving primary insurers holding a null-first book of ordinary drone, weather, and misidentification losses with no federal co-share.
Key Findings
1. The exposure is silent, not named. No standard aviation, property, BI, or war wording names "UAP," "anomalous phenomena," or "Disclosure." Exposure therefore enters through general triggers and exclusions never drafted for this peril — the precise definition of non-affirmative risk that the PRA (SS4/17, July 2017) and Lloyd's (Y5258) forced the market to confront for cyber.
2. Null-first is the correct analytic posture. The 2024–25 US drone episode is the design-basis case: in their 16 December 2024 joint statement, DHS, the FBI, the FAA, and the DoD said investigators had "reviewed over 5,000 reported sightings" and "have not identified anything anomalous," assessing them as "a combination of lawful commercial drones, hobbyist drones, and law enforcement drones, as well as manned fixed-wing aircraft, helicopters, and stars mistakenly reported as drones." Losses will overwhelmingly trace to ordinary causes — which is exactly why wording, not origin, decides claims.
3. Wording decides the loss — proven three ways. (a) US physical-loss triggers plus contamination/virus exclusions defeated COVID BI claims; (b) UK disease and prevention-of-access clauses paid out on the same pandemic; (c) the war exclusion failed in Merck because the loss could not be tied to military action by a sovereign. Attribution is the hinge — and UAP is unattributed.
4. TRIA is not a backstop for an unattributed event. Certification requires a perpetrator and coercive intent; the program has never certified any act of terrorism. An anomalous event with no identifiable actor fails certification, stranding primary insurers.
5. UAP risk is Knightian uncertainty, not insurable risk. There is no credible frequency base rate, so it cannot be priced in the classical sense. The serious insurance primary record on UAP is essentially empty — a genuine white space, not an established risk class.
Details
1. The Lloyd's "silent cyber" remediation — the template
The central template for affirm-or-exclude discipline is Lloyd's Market Bulletin Y5258 (4 July 2019), "Providing clarity for Lloyd's customers on coverage for cyber exposures." It mandated that all first-party property damage policies "affirm or exclude" cyber cover for policies incepting on or after 1 January 2020, and defined cyber risk (consistent with the PRA) as any loss "cyber-related, arising from either malicious acts… or non-malicious acts… involving either tangible or intangible assets." Lloyd's explicitly viewed policies "where no exclusion exists and there is no express grant of cyber coverage as non-affirmative."
Market Bulletin Y5277 (January 2020) set the phased rollout across remaining lines: Phase 2 (e.g., political risks, crime) from 1 July 2020; Phase 3 (PI, D&O, EL/PL, aviation) from 1 January 2021; Phase 4 (medical malpractice, treaty reinsurance) from 1 July 2021.
The regulatory genesis was the PRA's Supervisory Statement SS4/17, "Cyber insurance underwriting risk" (published and effective 5 July 2017), following a cross-industry review (Oct 2015–June 2016) whose key findings were published in a "Dear CEO" letter on 14 November 2016. SS4/17 defined the two exposures precisely: "(a) affirmative cyber risk, ie insurance policies that explicitly include coverage for cyber risk; and (b) non-affirmative cyber risk, ie insurance policies that do not explicitly include or exclude coverage for cyber risk." It expected boards to own a strategy reducing "unintended exposure" to silent cyber. A January 2019 PRA letter reinforced that all insurers should have action plans to reduce non-affirmative exposure. (Note: SS4/17 was subsequently updated, published 15 November 2024, effective 31 December 2024.) Prarulebook
The LMA model property clauses (published 13 November 2019):
LMA5400 (Property Cyber and Data Endorsement) — excludes cyber loss but writes back cover for physical loss/damage caused by fire or explosion resulting directly from a cyber incident. Iistl
LMA5401 (Property Cyber and Data Exclusion) — an absolute exclusion, no write-back; "should be avoided whenever possible" from a buyer's standpoint. Marsh
LMA5402 (Marine Cyber Exclusion) and LMA5403 (Marine Cyber Endorsement) — the marine equivalents, introduced at the start of 2020. AJG
These replaced the older NMA2914/NMA2915 fire-and-explosion write-backs. The market practice that emerged: LMA5400 for standard property (preserving fire/explosion cover), LMA5401 reserved for CAT markets. LinkedIn
The proof case for why silent exposure matters — NotPetya: The June 2017 NotPetya attack caused "more than $10 billion in total damages, according to a White House assessment confirmed to WIRED by former Homeland Security adviser Tom Bossert," who at the time of the attack was President Trump's most senior cybersecurity-focused official. Two coverage battles followed under property (not standalone cyber) policies:
Merck & Co. v. ACE American Ins. Co., No. A-1879-21, A-1882-21, 2023 WL 3160845 (N.J. Super. Ct. App. Div., decided 1 May 2023), affirming the trial court (Judge Thomas J. Walsh, 2021). Merck claimed ~$1.4 billion under twenty-six "all risks" property policies for losses across ~40,000 machines. Insurers invoked the "Hostile/Warlike Action" exclusion. The Appellate Division held: "The exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action." Terms like "hostile or warlike action" are "intended to relate to actions clearly connected to war or, at least, to a military action or objective." Even if NotPetya were attributed to Russia, that was insufficient absent armed conflict directed at Merck. The NJ Supreme Court granted certification and was set to hear argument, but the parties settled on 5 January 2024, leaving the Appellate Division decision standing. Hunton + 3
Mondelez International v. Zurich American (Illinois state court, filed October 2018) — a parallel ~$100 million claim (1,700 servers, 24,000 laptops). The parties settled in late October/early November 2022, during the second week of jury trial, just before closing arguments, leaving no published precedent. CSO Online + 2
The analytic transplant to UAP:Merck establishes that whether a loss is excluded as "war" turns on attributing the act to military action by a sovereign. UAP is by definition unattributed. A UAP-attributed loss would fail the war exclusion for the same reason NotPetya did — the insurer cannot carry its burden of proving a sovereign-military nexus. That throws the loss back onto the affirmative grant (or its absence). K&L Gates
2. War, hostile-acts, and terrorism exclusions
NMA464 (War and Civil War Exclusion Clause, 1/1/38), drafted by Lloyd's Underwriters' Non-Marine Association following the Spanish Civil War, is the genetic ancestor: it excludes loss "directly or indirectly occasioned by, happening through or in consequence of war, invasion, acts of foreign enemies, hostilities (whether war be declared or not), civil war, rebellion, revolution, insurrection, military or usurped power…" Its breadth ("directly or indirectly," "whether war be declared or not") is wide, but as Merck shows, courts still demand a war/military-action nexus and a state actor. MapfreHarmankemp
The post-NotPetya LMA cyber war suite is the live laboratory for attribution-based wording:
Original clauses, LMA Bulletin LMA21-042-PD, 25 November 2021: LMA5564 (War, Cyber War and Cyber Operation Exclusion No. 1 — strictest, excludes all state cyber operations); LMA5565 (No. 2); LMA5566 (No. 3); LMA5567 (No. 4 — most generous, covers "bystanding cyber assets"). LinkedIn + 2
Revised "A/B" versions published 18 January 2023 (LMA5564A/B–LMA5567A/B); the original four were withdrawn. The "A" versions meet Lloyd's Market Bulletin Y5381 (16 August 2022) requirements (state-backed cyber-attack exclusions mandatory for standalone cyber risk codes CY and CZ from 31 March 2023); the "B" versions do not address attribution and are non-compliant absent Lloyd's agreement. DAC Beachcroft
The operative analytic features are exactly those a UAP/incursion claim would test: a threshold of harm ("major detrimental impact" on a state's security, defense, or essential services — deliberately left undefined), and robust attribution to a specific state rather than a private actor. LMA5567 emerged as the most widely used — and it does notblanket-exclude state attacks; it covers them unless thresholds are met. The crux for UAP: every one of these mechanisms presupposes an attributable state actor. An unattributed anomalous event satisfies neither the attribution requirement of the exclusion nor (cleanly) the threshold test. Insurance Journal + 4
3. TRIA — the federal backstop that likely will not respond
Statutory lineage: Terrorism Risk Insurance Act of 2002 (Pub. L. 107-297, 116 Stat. 2322, signed 26 November 2002), codified at 15 U.S.C. § 6701 note. Reauthorized by TRIEA 2005 (Pub. L. 109-144), TRIPRA 2007 (Pub. L. 110-160), the 2015 Reauthorization Act (Pub. L. 114-1, 129 Stat. 3), and TRIPRA 2019 (Pub. L. 116-94, 133 Stat.), which extended the program through 31 December 2027. U.S. Department of the Treasury + 5
Certification mechanics: The Secretary of the Treasury, in consultation with the Secretary of Homeland Security and the Attorney General, must certify an "act of terrorism." The statutory definition requires an act that is dangerous to human life, property, or infrastructure, committed by an individual or individuals as part of an effort to coerce U.S. civilians or influence U.S. government policy or conduct by coercion. The 2007 reauthorization removed the original requirement that the act be committed "on behalf of any foreign person or foreign interest," so the program now covers both domestic and foreign acts. The Secretary may not certify if aggregate property/casualty insurance losses do not exceed $5 million; the certification decision is not subject to judicial review and cannot be delegated. Congress.gov + 4
Program economics (2020+): $200 million program trigger (aggregate industry insured losses); 20% insurer deductible (of prior-year direct earned premiums in TRIP-eligible lines); 80% federal co-share above the deductible; $100 billion program cap; mandatory recoupment of 140% of the difference between the aggregate retention amount (~$53.3 billion for 2025) and uncompensated insured losses. Congress.gov + 3
No act of terrorism has ever been certified under TRIA (GAO-20-348; GAO-25-108748).
The analytic crux: TRIA certification requires a perpetrator with coercive intent. An unattributed anomalous event has neither an identifiable "individual or individuals" nor a provable coercive purpose. It would almost certainly fail certification, leaving primary insurers exposed with no federal co-share — even before reaching the $200 million trigger. This is the inverse of the comfort underwriters may assume terrorism backstops provide. (TRIA is also "generally silent on cyberterrorism," and NCBR events may be excluded by the underlying private policies — illustrating that the backstop is narrower than commonly assumed even for named perils.)
Live status (mid-2026): Reauthorization legislation is in motion ahead of the 2027 sunset. The House Financial Services Committee reported H.R. 7128 (Rep. Mike Flood) in March 2026, which would extend TRIA to 2034 and raise the certification loss threshold to $10 million starting 2029, with new Treasury notice requirements; in the Senate, S. 4395(Sen. David McCormick, April 2026) would extend the program seven years without amendment. Neither had been enacted as of this writing. Congress.gov
4. The COVID BI analog — physical-loss trigger as the decisive gate
COVID-19 BI litigation is the closest systemic, correlated, previously-unmodeled shock and the controlling analog.
US holdings (physical-loss trigger + virus/contamination exclusions → insurers win):
AC Ocean Walk, LLC v. American Guarantee & Liability Ins. Co., A-28-22 (N.J. Sup. Ct., 24 January 2024) — unanimous. To show "direct physical loss" or "direct physical… damage," a policyholder "was required to demonstrate that its property was destroyed or altered in a manner that rendered it unusable or uninhabitable." Loss of use from a government shutdown order is "completely divorced from the physical condition of the premises." The Court held in the alternative that the contamination exclusion (covering "virus" / "pathogen or pathogenic organism") independently barred coverage. The casino had sought up to $50 million; insurers had paid a $1,000,000 sublimit under a communicable-disease endorsement. KSAT + 4
The decision aligned with "the majority of federal and state courts" and the bulk of state high courts (insurer counsel cited 14 state supreme courts holding similarly); the Vermont Supreme Court (Huntington Ingalls) is a notable contrary outlier. Post & Schell, P.C. + 2
Systemic scale (why this peril is uninsurable at scale):
APCIA's April 2020 analysis, via CEO David A. Sampson, estimated monthly BI losses for shuttered small businesses at $255 billion to $431 billion per month for firms with fewer than 100 employees, and $393 billion to $668 billion per month for firms with fewer than 500 employees — versus roughly $4.5 billion/month in relevant commercial property premiums (APCIA also cited ~$6 billion/month). APCIA put total P&C industry surplus at ~$800 billion. Sampson: "Pandemic outbreaks are uninsured because they are uninsurable." InsuranceNewsNet
GAO-24-106075 ("Pandemic Risk," Dec 2023/2024): pandemic risk "is largely uninsurable because it does not meet key insurability criteria"; potential losses "estimated at more than $1 trillion based on the experience with COVID-19"; "insurers generally did not pay pandemic-related claims, because nearly all policies required physical damage to property," and insurers have since cut exposure via physical-damage requirements and virus exclusions. U.S. GAOU.S. GAO
UK counterpart — wording drove the opposite result:
FCA v. Arch Insurance (UK) Ltd [2021] UKSC 1 (15 January 2021). The Supreme Court substantially found for policyholders on non-damage BI extensions: disease clauses, prevention-of-access/hybrid clauses. It rejected the strict "but for" causation test, held each case of COVID-19 a "separate and equally effective cause," and overruled Orient-Express Hotels v. Assicurazioni Generali [2010] EWHC 1186 (Comm) on trends clauses. Per the Modern Law Review analysis of the judgment, the test case "covered some 700 policies issued by over 60 different insurers, affecting up to 370,000 policyholders," with "twenty-one selected policy wordings, fourteen of which were held to respond." Policyholderperspective
The lesson: identical peril (COVID), opposite outcomes (US insurers largely win on physical-loss triggers; UK insurers largely lose on non-damage extensions) — driven entirely by wording. A UAP/Disclosure shock would fracture the same way along physical-loss-trigger and exclusion lines, jurisdiction by jurisdiction and clause by clause.
5. Modeling "unknown unknowns"
Lloyd's Realistic Disaster Scenarios (RDS) are mandatory stress tests across compulsory, de minimis, and self-defined scenarios. The 2022–2026 specifications include US terrorism (Rockefeller Plaza / NYC), Northeast and South Carolina hurricanes, a cyber "Cloud Cascade" (RDS 17.3), and aviation scenarios — but critically, syndicates must also report two self-defined "Alternative A and B" events representing material accumulations "not already covered by compulsory or de minimis scenarios." That is precisely the slot where an anomalous-incursion accumulation scenario belongs. Lloyd's frames RDS as "part of the equation, not the answer," and warns the market must "act now to understand and actively manage risks from emerging threats." Industry commentary (Guy Carpenter) notes emerging/casualty-catastrophe modeling is hampered because "by their very definition, there may be limited data on hand on which to base any modeling." LloydsGuy Carpenter
Knightian uncertainty: The actuarial literature is explicit that insurers are ambiguity averse — controlled experiments with underwriters, actuaries, and reinsurers show they charge higher premiums (or decline) when probability distributions are not fully known (Cabantous et al.; Kunreuther/Hogarth). The distinction between insurable "risk" (priceable loss distribution) and uninsurable Knightian "uncertainty"/"unknown unknowns" (no base rate) traces to Knight (1921) and Ellsberg (1961). UAP sits at the far end: literally zero credible frequency data. It cannot be priced classically; it can only be bounded by wording and aggregate exposure caps.
6. Aviation and airspace-disruption — the concrete near-term channel
This is the most tangible loss pathway. Gatwick (19–21 December 2018) is the design-basis civil event: approximately 1,000 flights diverted or cancelled, affecting around 140,000 passengers, in what was the biggest disruption at Gatwick since the 2010 Iceland volcano closure; Sussex Police logged 170 sightings, 115 of which were deemed "credible." Airport Technology reported the near-shutdown "is estimated to have cost the Gatwick's partners and stakeholders over £50m" (other estimates put combined operator/airline cost at ~£60 million; easyJet alone reported a ~£15 million loss). The FAA has logged 2,000+ drone incursions near airports since 2021. Coverage counsel (Hunton) flagged at the time that the most significant exposures were business interruption and contingent BI under airline/airport property programs, plus liability under owners/operators/manufacturers policies — the same silent channels. Wotton Kearney + 2
Military design-basis events: Langley AFB incursions (December 2023, ~2+ weeks, a dozen-plus drones, ~20-foot craft observed by Gen. Mark Kelly); the 2024–25 Northeast/New Jersey episode (first confirmed sighting 13 November 2024 at Picatinny Arsenal; subsequent incursions over Naval Weapons Station Earle; FAA temporary flight restrictions over 22 areas in New Jersey and 30 in New York in December 2024; airspace closure at Wright-Patterson AFB). The Joint Staff confirmed sightings but said DOD "did not know who operated the drones" with "no indication of involvement by adversary nations" — i.e., unattributed. Note the source-quality caveat: some politician claims (e.g., an Iranian "mothership") were unsubstantiated, and a former FAA official attributed much of the episode to misidentified manned aircraft — reinforcing the null-first posture. Washington Times + 7
Emerging-product note: parametric "runway-closure" covers triggered by verified disruption are being discussed for non-damage BI, but widespread piloting for drone-specific events is not yet confirmed.
7. The Disclosure-event scenario for insurers
A government Disclosure event — validation that the phenomenon is real, regardless of origin — would function as a correlated repricing trigger and a clash/accumulation event, simultaneously testing silent exposure across property, aviation, BI, and war books. The mechanism mirrors NotPetya (one event, many lines, war-exclusion litigation) and COVID (one correlated shock, mass simultaneous BI claims testing physical-loss triggers). The reinsurance amplification is the same as any uncertainty spike: reinsurers raise prices or exclude the risk, transmitting the shock through the tower.
The white space is genuine. There is essentially no serious insurance primary-source literature treating UAP as an underwriting or accumulation risk. What exists falls into two non-serious buckets: (a) novelty products (alien-abduction policies via the St. Lawrence Agency; "Spooksafe"; the Heaven's Gate cult coverage via broker GRIP) — curiosities, not risk analysis; and (b) speculative trade-adjacent commentary (e.g., a 2025 USA Herald piece arguing Disclosure "could trigger an insurance industry shock," using future-conditional language — "may be forced," "could reach," "will raise prices") that is genuinely speculative and not a primary industry record. This should be presented as a true gap, not overstated: no Lloyd's bulletin, LMA clause, RDS scenario, or major reinsurer white paper names the peril as of this writing. Wikipedia
Recommendations
Stage 1 — Diagnose the silent book now (0–3 months). Run the Y5258 playbook internally: inventory aviation hull/liability, airport/airspace-disruption, property, BI/contingent-BI, and war/terrorism wordings for whether an anomalous-incursion loss would fall to (a) a physical-loss trigger, (b) a war/hostile-acts exclusion requiring attribution, (c) a terrorism exclusion/TRIA, or (d) silent default cover. Classify each as affirmative, excluded, or non-affirmative — exactly as the PRA's SS4/17 framework demands.
Stage 2 — Decide affirm-or-exclude at clause level (3–9 months). For each line, make a deliberate choice. The aviation/contingent-BI channel is the priority because it is the concrete near-term loss path (Gatwick, Langley, NJ). Consider an explicit "airspace closure / aerial incursion" BI sub-limit or exclusion rather than leaving the peril to ride silently on physical-loss triggers and "act of God" language. Borrow the LMA cyber-war architecture: a defined harm threshold plus an attribution mechanism — but recognize that attribution clauses fail by design against an unattributed peril, so a threshold-and-sublimit structure is more robust than an attribution-based exclusion.
Stage 3 — Model the clash (6–12 months). Add an anomalous-incursion/"Disclosure clash" scenario as a self-defined RDS "Alternative A/B" event, stressing correlated accumulation across property, aviation, BI, and war books simultaneously. Treat it as Knightian: bound it with aggregate exposure caps and reinsurance structure, not frequency-based pricing.
Stage 4 — Do not rely on TRIA. Assume no federal backstop for an unattributed event. Price and reserve as if the primary layer is fully exposed. Track the 2027 reauthorization (H.R. 7128 / S. 4395) and any move of the certification threshold to $10 million, but do not let a live reauthorization create false comfort — certification of an unattributed anomalous event remains implausible regardless of the threshold.
Benchmarks that would change the posture:
A government Disclosure event or a sustained, attributable incursion campaign → escalate from Stage 1 diagnosis to immediate exclusion/affirmation and emergency repricing.
A court ruling that airspace-closure BI does (or does not) satisfy a physical-loss trigger → recalibrate aviation/BI wording immediately (the COVID analog shows a single high-court ruling can settle a wave).
A Lloyd's bulletin or LMA model clause naming the peril → adopt as market standard, as happened with cyber post-Y5258.
TRIA reauthorization clarifying (or not) treatment of non-attributable events → adjust backstop assumptions.
Caveats
Primary vs. secondary records. Court holdings (Merck, Ocean Walk, FCA v. Arch), statutes (TRIA/Pub. L. citations), Lloyd's bulletins (Y5258, Y5277, Y5381), LMA clauses (LMA5400–5403, LMA5564–5567), PRA SS4/17, and GAO/APCIA/Treasury reports are primary or near-primary. Loss figures for NotPetya (~$10bn, per a White House assessment confirmed to WIRED by Tom Bossert), Gatwick (£50–60m, per Airport Technology), and Merck (~$1.4bn) are reported/assessed estimates, not audited primary figures, and are flagged as such.
Two intended primary-source confirmations could not be independently completed within tool limits: (a) the verbatim TRIA §102(1) statutory text and the precise 2007 removal of the foreign-nexus clause (sourced here to CRS, Treasury, NAIC, and consistent secondary summaries); and (b) the precise clause numbers/text of the Lloyd's/LMA terrorism exclusion suite (e.g., NMA2920/2921, T3/T3A) — referenced but not clause-verified here, and they should be confirmed against lmalloyds.com before publication.
Speculation flag. All UAP-Disclosure "shock"/"repricing" framing is scenario analysis, not prediction. The only primary-source-grade claims are the wordings, statutes, and precedents; the application to UAP is analytic. The USA Herald commentary and similar trade-adjacent pieces use future-conditional language and should be held below the line.
Null-first integrity. The thesis explicitly assumes most "incursion" losses are ordinary drones, weather, sensor artifacts, or misidentification — corroborated by the 16 December 2024 joint DHS/FBI/FAA/DoD assessment of the 2024–25 episode. Nothing here asserts the reality or origin of any phenomenon; the underwriting analysis is decoupled from the metaphysical question by design.
Live developments (mid-2026). TRIA reauthorization (H.R. 7128 / S. 4395) and any post-2024 LMA wording updates were retrieved live but remain in flux; verify status at completion.
