1234 Internet Liability Richard Batchelder Corporate Underwriting

advertisement

INTERNET LIABILITY

Internet Liability

Richard Batchelder

Corporate Underwriting

American Re-Insurance Company

1234

INTERNET LIABILITY

Agenda

 Introduction

 Risk and Exposure

 Claims Examples

 Underwriting Considerations

>>

Introduction

INTERNET LIABILITY

“Internet Risk”

?

“E-Commerce”

Definition of

Insurance Terms

?

“E-Business”

“Cyber Liability”

?

?

INTERNET LIABILITY

Introduction

Definition of E-Commerce:

– Applications using electronic data networks (Internet) for handling business processes and supporting these kinds of processes.

– Trading activities via the Internet (e.g. buyer visits web site of seller in order to carry out any kind of business activities).

>>

INTERNET LIABILITY

Increase of Internet users world-wide (in millions)

800

700

600

500

400

300

200

100

0

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

Nua Internet eMarket

INTERNET LIABILITY

Growth of e-commerce world-wide (in billions)

9000

8000

7000

6000

5000

4000

3000

2000

1000

0

1996 1997 1998 1999 2000 2001 2002 2003 2004 2005

Deloitte Research Gartner/eMarketer

Risk and Exposure

INTERNET LIABILITY

Classification of Internet Sites

– Static Sites

– Interactive Sites

(collection of information)

– E-Commerce Sites

– Use of advertising

– Use of “cookies”

– Use of “spyware”

>>

INTERNET LIABILITY

E-commerce matrix

Business Consumer

Business B2B B2C

Consumer P2P

INTERNET LIABILITY

Risk Assessment

Technical Assessment

Loss Potential Evaluation

– Company Info

– Internet Presence

– Management

– IT Security

– Internet Security

– Disruption Risk

– Security Risk

– Media Risk

>>

INTERNET LIABILITY

Risk and Loss Potential

 Disruption Risk  Security Risk  Media Risk

INTERNET LIABILITY

Disruption Risk

 No connection to the

Internet / to the user

 Delayed or no access to data

 System overload /

Breakdown

 Functional breakdown caused by wrong, outdated or faulty software

I

N

G

U

S

C

A

 Loss of profit

 Loss of advertising income

 Standstill cost

 Loss of data

 Damage to data

Loss of profit

Loss of online data

Damage to data

 Loss of profit

 Damage to stored data

INTERNET LIABILITY

Exposure Examples

Disruption Risk

– Power outage

– Hacker/Cracker attacks

– Theft of data

– Malicious Code (Viruses)

– Denial of Service Attacks

(DOS Attacks)

– Distributed Denial of Service Attacks

(DDOS Attacks by Zombies)

>>

INTERNET LIABILITY

Security Risk

 Unauthorized access

 Piracy

 Harmful actions

(manipulation of data, dissemination of harmful material)

 Risk of identification and authenticity of transaction partners

(e.g. phishing)

I

N

G

U

S

C

A

 Infringement of privacy

 Loss / manipulation of transmitted data

 Loss of confidential data

 Damage to stored data

 Loss / manipulation of transmitted data

 System breakdown

 Restoration cost

 Infringement of privacy

 Loss of confidentiality and confidential data

 Economic loss

INTERNET LIABILITY

Exposure Examples

Security Risk

– Hacker / Cracker

– External

– Internal

– Malicious Code (Viruses, Trojan horses, Worms, Java applets)

– Piracy

– Phishing

– Spyware

>>

INTERNET LIABILITY

Demonstration of Virus Spread

– Spread of “Code Red” (within 24 hours)

INTERNET LIABILITY

Media Risk

Infringement of:

 Right to privacy e.g. defamation

 Trademarks e.g. domain names, logos

 Unfair competition e.g. appropriation of

IP address / URL

 Patents e.g. unauthorized use of a business process

 Copyrights e.g. downloading, storing, changing and displaying of otherwise protected content

I

N

G

U

S

C

A Danger of facing:

 Warning notices

 Inhibitory actions

 Interim injunctions

 Economic Loss

INTERNET LIABILITY

Exposure Examples

Media Risk

– Defamation, Libel and Slander;

– Domain Names, Meta-Tags, Trademark, Framing and Linking;

– Storage, manipulation, distribution of protected content

Claims Examples

INTERNET LIABILITY

Potential Liability

– “classic” liability risk - especially arising from:

– general liability (coverage B)

– professional liability

– “new” liability risks - especially arising from:

– interruption risk

– security risk

– media risk

>>

INTERNET LIABILITY

Basis of Liability

– Interruption and security risk:

– contractual liability (assessment necessary because of legal uncertainties)

– liability for BI and PD as well as for pure financial losses (definition of data?)

Amercian Guarantee & Liability Ins. v. Ingram Micro

Inc.: Court held that defendant’s loss of use and functionality of its computers as a result of a power outage constitutes “ direct physical loss or damage ” within the meaning of a property insurance....

>>

INTERNET LIABILITY

Basis of Liability

– Media risk:

– rapid distribution of information

(“one click - one spread”)

– specific regulation for each country

(trademark / patent / copyright)

– own content / content of third parties

(framing / linking / deep linking)

>>

INTERNET LIABILITY

Example: Linking / Framing Disputes

Linking / Framing Disputes

– Linking: allows a Web surfer to click on an icon and instantly jump to another Web site.

– “Deep Linking”: takes surfers deep within a second site, bypassing advertising or pertinent information contained on the front pages of the linked Web site.

>>

INTERNET LIABILITY

Example: Linking / Framing Disputes

» Ticketmaster v Microsoft:

Microsoft established a link from its online “City Guides” pages to the ticket purchase area of the Ticketmaster Web site rather than to Ticketmaster`s homepage. The link allowed Web surfers to bypass many pages of advertising and promotional material. Ticketmaster argued that

Microsoft was “usurping” its trade name and that this “deep linking” was tantamount to stealing content. Microsoft argued that linking is simply a part of the culture of the

Internet. In January 1999 the parties settled the case, as

Microsoft agreed to link the users to Ticketmaster`s homepage.

>>

INTERNET LIABILITY

Liability of Internet Users

– Examples of Losses

– Online Bank

– Internet Book Store

>>

INTERNET LIABILITY

Online Bank

– An Online Bank also offered their customers the possibility to trade their stocks online.

– The advertised accessibility: “24 hours/day – 365 days/year”

– Due to a “DDoS Attack” the servers went down and also the backup system did not work for several hours. The customers could place their orders, however they were processed after reinstallation of the systems.

– Customers suffered financial losses on “both sides” (buyers & sellers).

Buyers (without having set limits) had to buy at a higher stock price if the stock market value had increased, while some sellers had to sell at a lower level due to a decrease in their portfolio value.

– Claim was settled out of court.

>>

INTERNET LIABILITY

Internet Bookstore

March 2001 - Large US Internet Bookstore Loses Client

Data To Hacker

– An Internet bookstore announced that hackers had stolen data, including credit card information of 98,000 customers of its

Bibliofind.com subsidiary.

– Hackers have had access to customer data from October 2000 through February 2001.

– Fortunately no indication that credit cards had been misused, but to prevent customer data from being compromised in the future, the company removed all customer credit card numbers, physical addresses, and phone numbers from its servers.

– No claims as culprits were hackers (not crackers).

>>

Underwriting Considerations

INTERNET LIABILITY

Underwriting Considerations

 Underwriting Challenges

 Risk Assessment

 Summary

>>

INTERNET LIABILITY

Underwriting Challenges

– Fast changes (technical standards, environment...)

– Lack of statistical data

– Uncertain legal environment

– Definition of target clients

– Definition of level of risk assessment

– Questionnaires

– Classification tools

– Individual legal & technical risk assessment

– Definition of suitable rating tools in accordance to the risk insured

>>

INTERNET LIABILITY

Risk Assessment

Examination of Standard Terms and Conditions and Individual Contracts

(Specialized Lawyers)

Technical Risk Assessment

(Specialized IT-Companies)

Claims Management

(Claims Dept. Insured, Specialized Lawyers)

INTERNET LIABILITY

Summary

– What is the company goal in providing Internet coverage?

– Gap Coverage

– Coverage for Internet-intensive clients

– Evaluate increased GL Coverage B exposure

– Evaluate Professional Liability exposure

– Evaluate potential damage to data exposure for aggregate accumulation (Liability and Property)

– Patent Infringement Coverage

>>

Thank you for your interest

Richard Batchelder

Corporate Underwriting

American Re-Insurance Company

1234

Download