INTERNET LIABILITY
Richard Batchelder
Corporate Underwriting
American Re-Insurance Company
1234

INTERNET LIABILITY
Agenda
 Introduction
 Risk and Exposure
 Claims Examples
 Underwriting Considerations
>>

INTERNET LIABILITY
?
?
?
?

INTERNET LIABILITY
Introduction
Definition of E-Commerce:
– Applications using electronic data networks (Internet) for handling business processes and supporting these kinds of processes.
– Trading activities via the Internet (e.g. buyer visits web site of seller in order to carry out any kind of business activities).
>>

INTERNET LIABILITY
Increase of Internet users world-wide (in millions)
800
700
600
500
400
300
200
100
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Nua Internet eMarket

INTERNET LIABILITY
Growth of e-commerce world-wide (in billions)
9000
8000
7000
6000
5000
4000
3000
2000
1000
0
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
Deloitte Research Gartner/eMarketer

INTERNET LIABILITY
Classification of Internet Sites
– Static Sites
– Interactive Sites
(collection of information)
– E-Commerce Sites
– Use of advertising
– Use of “cookies”
– Use of “spyware”
>>

INTERNET LIABILITY
E-commerce matrix
Business Consumer
Business B2B B2C
Consumer P2P

INTERNET LIABILITY
Risk Assessment
Technical Assessment
Loss Potential Evaluation
– Company Info
– Internet Presence
– Management
– IT Security
– Internet Security
– Disruption Risk
– Security Risk
– Media Risk
>>

INTERNET LIABILITY
Risk and Loss Potential
 Disruption Risk  Security Risk  Media Risk

INTERNET LIABILITY
Disruption Risk
 No connection to the
Internet / to the user
 Delayed or no access to data
 System overload /
Breakdown
 Functional breakdown caused by wrong, outdated or faulty software
I
N
G
U
S
C
A
 Loss of profit
 Loss of advertising income
 Standstill cost
 Loss of data
 Damage to data



Loss of profit
Loss of online data
Damage to data
 Loss of profit
 Damage to stored data

INTERNET LIABILITY
Exposure Examples
Disruption Risk
– Power outage
– Hacker/Cracker attacks
– Theft of data
– Malicious Code (Viruses)
– Denial of Service Attacks
(DOS Attacks)
– Distributed Denial of Service Attacks
(DDOS Attacks by Zombies)
>>

INTERNET LIABILITY
Security Risk
 Unauthorized access
 Piracy
 Harmful actions
(manipulation of data, dissemination of harmful material)
 Risk of identification and authenticity of transaction partners
(e.g. phishing)
I
N
G
U
S
C
A
 Infringement of privacy
 Loss / manipulation of transmitted data
 Loss of confidential data
 Damage to stored data
 Loss / manipulation of transmitted data
 System breakdown
 Restoration cost
 Infringement of privacy
 Loss of confidentiality and confidential data
 Economic loss

INTERNET LIABILITY
Exposure Examples
Security Risk
– Hacker / Cracker
– External
– Internal
– Malicious Code (Viruses, Trojan horses, Worms, Java applets)
– Piracy
– Phishing
– Spyware
>>

INTERNET LIABILITY
Demonstration of Virus Spread
– Spread of “Code Red” (within 24 hours)

INTERNET LIABILITY
Media Risk
Infringement of:
 Right to privacy e.g. defamation
 Trademarks e.g. domain names, logos
 Unfair competition e.g. appropriation of
IP address / URL
 Patents e.g. unauthorized use of a business process
 Copyrights e.g. downloading, storing, changing and displaying of otherwise protected content
I
N
G
U
S
C
A Danger of facing:
 Warning notices
 Inhibitory actions
 Interim injunctions
 Economic Loss

INTERNET LIABILITY
Exposure Examples
Media Risk
– Defamation, Libel and Slander;
– Domain Names, Meta-Tags, Trademark, Framing and Linking;
– Storage, manipulation, distribution of protected content

INTERNET LIABILITY
Potential Liability
– “classic” liability risk - especially arising from:
– general liability (coverage B)
– professional liability
– “new” liability risks - especially arising from:
– interruption risk
– security risk
– media risk
>>

INTERNET LIABILITY
Basis of Liability
– Interruption and security risk:
– contractual liability (assessment necessary because of legal uncertainties)
– liability for BI and PD as well as for pure financial losses (definition of data?)
Amercian Guarantee & Liability Ins. v. Ingram Micro
Inc.: Court held that defendant’s loss of use and functionality of its computers as a result of a power outage constitutes “ direct physical loss or damage ” within the meaning of a property insurance....
>>

INTERNET LIABILITY
Basis of Liability
– Media risk:
– rapid distribution of information
(“one click - one spread”)
– specific regulation for each country
(trademark / patent / copyright)
– own content / content of third parties
(framing / linking / deep linking)
>>

INTERNET LIABILITY
Example: Linking / Framing Disputes
Linking / Framing Disputes
– Linking: allows a Web surfer to click on an icon and instantly jump to another Web site.
– “Deep Linking”: takes surfers deep within a second site, bypassing advertising or pertinent information contained on the front pages of the linked Web site.
>>

INTERNET LIABILITY
Example: Linking / Framing Disputes
» Ticketmaster v Microsoft:
Microsoft established a link from its online “City Guides” pages to the ticket purchase area of the Ticketmaster Web site rather than to Ticketmaster`s homepage. The link allowed Web surfers to bypass many pages of advertising and promotional material. Ticketmaster argued that
Microsoft was “usurping” its trade name and that this “deep linking” was tantamount to stealing content. Microsoft argued that linking is simply a part of the culture of the
Internet. In January 1999 the parties settled the case, as
Microsoft agreed to link the users to Ticketmaster`s homepage.
>>

INTERNET LIABILITY
Liability of Internet Users
– Examples of Losses
– Online Bank
– Internet Book Store
>>

INTERNET LIABILITY
Online Bank
– An Online Bank also offered their customers the possibility to trade their stocks online.
– The advertised accessibility: “24 hours/day – 365 days/year”
– Due to a “DDoS Attack” the servers went down and also the backup system did not work for several hours. The customers could place their orders, however they were processed after reinstallation of the systems.
– Customers suffered financial losses on “both sides” (buyers & sellers).
Buyers (without having set limits) had to buy at a higher stock price if the stock market value had increased, while some sellers had to sell at a lower level due to a decrease in their portfolio value.
– Claim was settled out of court.
>>

INTERNET LIABILITY
Internet Bookstore
March 2001 - Large US Internet Bookstore Loses Client
Data To Hacker
– An Internet bookstore announced that hackers had stolen data, including credit card information of 98,000 customers of its
Bibliofind.com subsidiary.
– Hackers have had access to customer data from October 2000 through February 2001.
– Fortunately no indication that credit cards had been misused, but to prevent customer data from being compromised in the future, the company removed all customer credit card numbers, physical addresses, and phone numbers from its servers.
– No claims as culprits were hackers (not crackers).
>>

INTERNET LIABILITY
Underwriting Considerations
 Underwriting Challenges
 Risk Assessment
 Summary
>>

INTERNET LIABILITY
Underwriting Challenges
– Fast changes (technical standards, environment...)
– Lack of statistical data
– Uncertain legal environment
– Definition of target clients
– Definition of level of risk assessment
– Questionnaires
– Classification tools
– Individual legal & technical risk assessment
– Definition of suitable rating tools in accordance to the risk insured
>>

INTERNET LIABILITY
Risk Assessment
Examination of Standard Terms and Conditions and Individual Contracts
(Specialized Lawyers)
Technical Risk Assessment
(Specialized IT-Companies)
Claims Management
(Claims Dept. Insured, Specialized Lawyers)

INTERNET LIABILITY
Summary
– What is the company goal in providing Internet coverage?
– Gap Coverage
– Coverage for Internet-intensive clients
– Evaluate increased GL Coverage B exposure
– Evaluate Professional Liability exposure
– Evaluate potential damage to data exposure for aggregate accumulation (Liability and Property)
– Patent Infringement Coverage
>>

Richard Batchelder
Corporate Underwriting
American Re-Insurance Company
1234