internet liability internet liability richard batchelder corporate underwriting american...
TRANSCRIPT
INTERNET LIABILITY
Internet Liability
Richard BatchelderCorporate UnderwritingAmerican Re-Insurance Company
INTERNET LIABILITY
Introduction
Risk and Exposure
Claims Examples
Underwriting Considerations
Agenda
>>
Introduction
INTERNET LIABILITY
Definition of Insurance Terms
“Internet Risk”
“Cyber Liability”“E-Business”
“E-Commerce”
?
?
?
?
INTERNET LIABILITY
Introduction
Definition of E-Commerce:
– Applications using electronic data networks (Internet) for handling business processes and supporting these kinds of processes.
– Trading activities via the Internet (e.g. buyer visits web site of seller in order to carry out any kind of business activities).
>>
INTERNET LIABILITY
Increase of Internet users world-wide (in millions)
0
100
200
300
400
500
600
700
800
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Nua Internet eMarket
INTERNET LIABILITY
Growth of e-commerce world-wide (in billions)
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
Deloitte Research Gartner/eMarketer
Risk and Exposure
INTERNET LIABILITY
Classification of Internet Sites
– Static Sites
– Interactive Sites(collection of information)
– E-Commerce Sites
– Use of advertising
– Use of “cookies”
– Use of “spyware” >>
INTERNET LIABILITY
E-commerce matrix
Business Consumer
Business B2B B2C
Consumer P2P
INTERNET LIABILITY
Risk Assessment
Technical Assessment – Company Info
– Internet Presence
– Management
– IT Security
– Internet Security
Loss Potential Evaluation – Disruption Risk
– Security Risk
– Media Risk
>>
INTERNET LIABILITY
Risk and Loss Potential
Disruption Risk Security Risk Media Risk
INTERNET LIABILITY
Disruption Risk
No connection to the No connection to the Internet / to the userInternet / to the user
Delayed or no access Delayed or no access to datato data C
A
U
S
I
N
G
Loss of profit Loss of online data Damage to data
Loss of profit Damage to stored data
System overload / System overload / BreakdownBreakdown
Functional breakdown Functional breakdown caused by wrong, caused by wrong, outdated or faulty outdated or faulty softwaresoftware
Loss of profit Loss of advertising income Standstill cost Loss of data Damage to data
INTERNET LIABILITY
Exposure Examples
Disruption Risk
– Power outage
– Hacker/Cracker attacks
– Theft of data
– Malicious Code (Viruses)
– Denial of Service Attacks(DOS Attacks)
– Distributed Denial of Service Attacks (DDOS Attacks by Zombies)
>>
INTERNET LIABILITY
Security Risk
Unauthorized accessUnauthorized access
PiracyPiracy C
A
U
S
I
N
G
Damage to stored data Loss / manipulation of
transmitted data System breakdown Restoration cost
Infringement of privacy Loss of confidentiality and
confidential data Economic loss
Harmful actions Harmful actions (manipulation of data, (manipulation of data, dissemination of dissemination of harmful material)harmful material)
Risk of identification Risk of identification and authenticity of and authenticity of transaction partnerstransaction partners(e.g. phishing)(e.g. phishing)
Infringement of privacy Loss / manipulation of
transmitted data Loss of confidential data
INTERNET LIABILITY
Exposure Examples
Security Risk
– Hacker / Cracker– External– Internal
– Malicious Code (Viruses, Trojan horses, Worms, Java applets)
– Piracy
– Phishing
– Spyware
>>
INTERNET LIABILITY
– Spread of “Code Red” (within 24 hours)
Demonstration of Virus Spread
INTERNET LIABILITY
Media Risk
C
A
U
S
I
N
G
Danger of facing:
Warning notices Inhibitory actions Interim injunctions Economic Loss
Infringement of:Infringement of:
Right to privacyRight to privacye.g. defamatione.g. defamation
TrademarksTrademarkse.g. domain names, e.g. domain names, logoslogos
Unfair competitionUnfair competitione.g. appropriation of e.g. appropriation of IP address / URLIP address / URL
Patents Patents e.g. unauthorized use e.g. unauthorized use of a business processof a business process
CopyrightsCopyrightse.g. downloading, e.g. downloading, storing, changing and storing, changing and displaying ofdisplaying ofotherwise protected otherwise protected contentcontent
INTERNET LIABILITY
Exposure Examples
Media Risk
– Defamation, Libel and Slander;
– Domain Names, Meta-Tags, Trademark, Framing and Linking;
– Storage, manipulation, distribution of protected content
Claims Examples
INTERNET LIABILITY
Potential Liability
– “classic” liability risk - especially arising from:
– general liability (coverage B)
– professional liability
– “new” liability risks - especially arising from:
– interruption risk
– security risk
– media risk
>>
INTERNET LIABILITY
Basis of Liability
– Interruption and security risk:
– contractual liability (assessment necessary because of legal uncertainties)
– liability for BI and PD as well as for pure financial losses (definition of data?)
Amercian Guarantee & Liability Ins. v. Ingram Micro Inc.: Court held that defendant’s loss of use and functionality of its computers as a result of a power outage constitutes “direct physical loss or damage” within the meaning of a property insurance....
>>
INTERNET LIABILITY
Basis of Liability
>>
– Media risk:
– rapid distribution of information(“one click - one spread”)
– specific regulation for each country(trademark / patent / copyright)
– own content / content of third parties(framing / linking / deep linking)
INTERNET LIABILITY
Example: Linking / Framing Disputes
Linking / Framing Disputes
– Linking: allows a Web surfer to click on an icon and instantly jump to another Web site.
– “Deep Linking”: takes surfers deep within a second site, bypassing advertising or pertinent information contained on the front pages of the linked Web site.
>>
INTERNET LIABILITY
Example: Linking / Framing Disputes
Microsoft established a link from its online “City Guides” pages to the ticket purchase area of the Ticketmaster Web site rather than to Ticketmaster`s homepage. The link allowed Web surfers to bypass many pages of advertising and promotional material. Ticketmaster argued that Microsoft was “usurping” its trade name and that this “deep linking” was tantamount to stealing content. Microsoft argued that linking is simply a part of the culture of the Internet. In January 1999 the parties settled the case, as Microsoft agreed to link the users to Ticketmaster`s homepage.
»Ticketmaster v Microsoft:
>>
INTERNET LIABILITY
Liability of Internet Users – Examples of Losses
– Online Bank
– Internet Book Store
>>
INTERNET LIABILITY
Online Bank
– An Online Bank also offered their customers the possibility to trade their stocks online.
– The advertised accessibility: “24 hours/day – 365 days/year”
– Due to a “DDoS Attack” the servers went down and also the backup system did not work for several hours. The customers could place their orders, however they were processed after reinstallation of the systems.
– Customers suffered financial losses on “both sides” (buyers & sellers). Buyers (without having set limits) had to buy at a higher stock price if the stock market value had increased, while some sellers had to sell at a lower level due to a decrease in their portfolio value.
– Claim was settled out of court.
>>
INTERNET LIABILITY
Internet Bookstore
March 2001 - Large US Internet Bookstore Loses Client Data To Hacker
– An Internet bookstore announced that hackers had stolen data, including credit card information of 98,000 customers of its Bibliofind.com subsidiary.
– Hackers have had access to customer data from October 2000 through February 2001.
– Fortunately no indication that credit cards had been misused, but to prevent customer data from being compromised in the future, the company removed all customer credit card numbers, physical addresses, and phone numbers from its servers.
– No claims as culprits were hackers (not crackers).>>
Underwriting Considerations
INTERNET LIABILITY
Underwriting Considerations
Underwriting Challenges
Risk Assessment
Summary
>>
INTERNET LIABILITY
– Fast changes (technical standards, environment...)
– Lack of statistical data
– Uncertain legal environment
– Definition of target clients
– Definition of level of risk assessment – Questionnaires– Classification tools– Individual legal & technical risk assessment
– Definition of suitable rating tools in accordance to the risk insured
Underwriting Challenges
>>
INTERNET LIABILITY
Risk Assessment
Claims Management
(Claims Dept. Insured, Specialized Lawyers)
Technical Risk Assessment
(Specialized IT-Companies)
Examination of Standard Terms
and Conditions and Individual Contracts
(Specialized Lawyers)
INTERNET LIABILITY
Summary
– What is the company goal in providing Internet coverage?– Gap Coverage– Coverage for Internet-intensive clients
– Evaluate increased GL Coverage B exposure
– Evaluate Professional Liability exposure
– Evaluate potential damage to data exposure for aggregate accumulation (Liability and Property)
– Patent Infringement Coverage
>>
Thank you for your interest
Richard BatchelderCorporate UnderwritingAmerican Re-Insurance Company