In the past 10 years, there have been some 40 unsuccessful terrorist plots against the U.S. The insurance industry has a vital role to play in preventing future attacks, says Vincent J. Vitkowsky, a partner at the law firm of Edwards Angell Palmer & Dodge L.L.P. Insurers should comply with economic sanctions programs and anti-money-laundering requirements, and consider supporting civil litigation against terrorist sponsors. Also, because cyber risks are among the most serious threats in the post-9/11 matrix, insurers need to evaluate their network security systems and have breach response plans in place, he says.

As we pause to remember, mourn and honor the victims of 9/11, we must also remember that the terrorist threat continues.

In the past 10 years, there have been approximately 40 unsuccessful plots against the U.S., two of which failed at the point of execution. So it is equally important to understand that the insurance industry has a vital role in preventing future attacks.

First, insurance and reinsurance companies should carefully observe the economic sanctions programs administered by the Office of Foreign Assets Control of the U.S. Treasury Department. As the Treasury Department has said, “OFAC programs are a frontline defense against foreign threats to our national safety, economy and security.”

OFAC programs prohibit the issuance and facilitation of insurance and reinsurance, and the payment of claims, involving designated terrorists, their affiliates and sponsors, and other persons and entities that threaten national security. Their prohibitions apply to direct policies, facultative reinsurance, and treaty reinsurance, and the regime is based on strict liability. Although a formal compliance program is not mandatory, every company should consider implementing one that addresses the particular risks associated with its business.

Life insurance companies also can disrupt terrorist financing by complying with the anti-money-laundering provisions of the USA Patriot Act. Here, a compliance program is mandatory, because regulations have been in place since mid-2006 that require life insurers to implement policies and procedures tailored to their specific products.

The key component in Patriot Act compliance is filing suspicious activity reports on certain transactions, and the crucial portion of these reports is the narrative description explaining why the transaction is suspicious. The narratives should be drafted with care and detail. The more illuminating they are, the more effective they will be.

Yet another way the industry can fight terrorism is by pursuing private litigation seeking civil damages by way of subrogation claims against state and private financial sponsors of terrorism. Some insurers are doing this already. For example, European insurers who made payments to the estates of Americans killed in the bombing of a French airliner over Africa took assignments and sued Libya, which sponsored the terrorists. Libya tried to have the case dismissed, but a federal appellate court held that such claims could go forward as long as either the claimant or the victim was a U.S. national. Also, in the case of In re Terrorist Attacks on September 11, 2001, many subrogated insurers are pressing claims against individuals, ostensible charitable organizations and other entities alleged to have provided financial and logistical support to al-Qaida in the run-up to the attacks. The case is in the discovery phase.

The Foreign Sovereign Immunities Act now specifically allows suits against recognized state sponsors of terrorism for reasonably foreseeable property loss, whether insured or uninsured, third-party liability and loss claims under life and property insurance policies. In addition, the Antiterrorism Act grants a civil cause of action to U.S. nationals who are killed or injured by reason of international terrorism and their heirs or representatives. It provides for treble damages and attorney fees. Significantly, it allows claims against defendants who provided material support or resources to terrorists—that is, terrorist financiers.

Although the Executive Branch often discourages private citizens from getting involved in national security matters, the ATA material support provision is an exception. The Justice Department has supported private litigants, filing an amicus brief in the leading case that said “the government believes that this provision can be an effective weapon in the battle against international terrorism; it fights terrorism by discouraging those who would provide financing for this activity.”

Granted, recovery in cases against terrorists and their sponsors is difficult. The road is challenging and multidimensional, sometimes requiring successful lobbying for legislative changes. But there have been significant successes, especially against Libya and Syria.

Finally, some of the most serious threats in the post-9/11 matrix are cyber threats, including terrorism, warfare, espionage of government and industrial secrets, theft of personal information, and attacks designed to deny service or, more ominously, to destroy, degrade or disrupt information, operations or infrastructure. After Osama bin Laden’s death, al-Qaida has explicitly called for “cyber jihad,” and the many high-profile hacks of 2011 are bringing into focus the possibility of a “cyber 9/11.” This could consist, for example, of attacks on the networks of financial institutions, making them unreliable and generating widespread panic and instability, or disruptive attacks on the energy, transportation or telecommunication sectors, or on other critical infrastructure targets.

Insurance companies themselves are targets. Their chief operating officers, chief risk officers and chief information officers need to evaluate their network security systems, and they have breach response plans prepared. Also, companies that insure cyber risks can encourage insureds to implement their own strong security systems through questions in applications, warranties and conditions of coverage, and by providing technical and support services.

The cyber risks that affect insurers most directly and immediately are data breaches of personal information of individuals. These implicate an array of state, federal, industry and international laws and regulations on data privacy and security, primarily addressing what happens after a breach has occurred. But the legal regime for prevention is still developing, and 2011 has seen several different proposed federal legislative initiatives. Any effective legislation would have to strike a realistic balance between privacy and security, and would require an unprecedented level of cooperation among federal and state governments and private industry without imposing unwarranted compliance burdens on business. This is no small challenge. The insurance industry should be fully engaged in shaping the legislation that ultimately emerges.

The people who lead the insurance industry today are from the generations that have shaped the values and achievements of contemporary America. You have created the America that the terrorists are trying to attack. It is thus altogether fitting that you are on the front lines. This is your fight.

Vincent J. Vitkowsky is a partner in the law firm of Edwards Angell Palmer & Dodge L.L.P. He can be reached at vvitkowsky@eapdlaw.com or 212-912-2828.