The use of technology for business purposes

1
The use of technology for business purposes

• University of Texas Austin
• Introduction to Risk Management Insurance
• Patricia M. Arnold, CPCU, ALCM

2
Risk Management

• Identify risks
• Quantify magnitude of loss/damage
• Review options
• Identify most advantageous
• Implement, monitor

3
1. Identify risks

• _at_ Law, Insurance the Internet
• Risks business interruption and thirdparty
  liability
• Does property damage include loss of access,
  loss of use and functionality?
• What are the consumers reasonable expectations?
• What are the insurance consumers reasonable
  expectations?

4
Physical Damage to covered property (accidental)

• Fire, water, wind, crime....
• Valuable papers and records
• Accounts receivable
• Money and securities
• to your property or property of others for which
  youre responsible.

5
ID risks

• Publication of images, news, reports
• Use of data, design of database
• Outsourcing
• Dependent properties
• Uninterrupted power supply
• Access to market customers

6
New trends

• Failure to fulfill consumer expectations
• Inaccurate advice, misrepresentation
• Failure to deliver (or maintain) working system
• Online negligence and content liability

7
Third-party negligence, breach of contract

• Failure to Perform
• vendor design reliance
• Delay, Loss of Market
• vendor failure to deliver
• Unintended Access Use
• hackers, viruses, fraud
• On-line problems not resolved with customers

8
Risks as they appear in insurance coverage

• Legal Expenses
• Legal Liability Exposures
• Premises/Operations, Products/Completed
  Operations
• Errors Omissions, Professional liability, Media
  Liability
• Contract Liability
• Employment Liability

9
2. Quantify magnitude of loss / damage

• The FTC says that over a one-year period, nearly
  10 million people had discovered that they were
  victims of identity theft.
• Estimated losses translated into 48 billion for
  businesses and 5 billion to consumers.
• One in five employers has had to divulge employee
  emails in a discovery order.

10
Evaluating

• Values exposed?
• Locations?
• Contracts with others?
• Employees? Their use of information?
• Security of transactions?

11
3 4. Determine and Select among options

• Redundancy, back-up copies
• Control, training, certification
• Outsourcing, contracts
• Security measures
• Risk transfer techniques
• Insurance
• Bonds (e.g., BuySafe)
• RFID?

Buysafe is a bonding service for eBay users. It
verifies merchants' identities and confirms they
are financially stable. In the first 16 months of
business, Buysafe sealed over 1.2B worth of
transactions and more than half a million bonds.
Sellers pay 1 of their final sales price for
each bonded item. Sellers gain the Buysafe logo,
which should help them to sell more -
particularly more expensive items.
12
Redundancy

• Many companies protect their data by using a
  technology called RAID (Redundant Array of
  Independent Disks), which copies all files to a
  second hard drive as they are created. If the
  first hard drive ever fails, the second drive
  contains an up-to-the-minute "mirrored" copy of
  all the data. The downside is that adding RAID
  requires opening your PC to install a RAID
  controller and at least one more hard drive.
• To simplify this, several companies are creating
  RAID external hard drives that connect via USB or
  FireWire, or over a network.

13
U.N. Control of the Internet and Open Information

• Day to Day, October 14, 2005
• There are international efforts to move central
  control of the Internet from the United States to
  a United Nations group.
• Day to Day technology contributor Xeni Jardin
  reports that some critics of the proposed move
  question whether it would give too much control
  to countries that don't embrace the idea of open
  information.

14
5. Implement plan, monitor be

• Back-up copies
• Security measures
• Risk transfer techniques
• Insurance
• Bonds

15
Insurance

• Underwriting, marketing, risk management
• Do we have a market here?
• Do we have a viable product?

16
Accepting Credit Cards on your
websitecourtesy of citibank
Image used with the permission of bizzed.com
17
eCommerce Insurance

• Why? For guarantees of quality, compliance,
  credit, authority, identity.
• According to Forrester Research
• Three new classes of solutions providers -
  eCommerce trust brokers, information suppliers,
  and underwriters - will work together to develop
  insurance suites

18
How to deal with emerging risks pricing, data
collection, risk management services

• Traditional approach
• Eligible? Acceptability?
• COPE, premium basis times rate?
• Place coverage?
• Additional coverages needed?
• Exclusions appropriate?
• Risk Management?
• Losses, Review, Audit, Survey?

19
Yesterday and Tomorrow

• Application information will adapt - requesting
  email address, website address, encryption
  practices, clientele...
• Yesterdays risk management strategies will
  evolve, assuming fault tolerance is
  effective....
• Underwriting will evolve - expectations of
  coverage will challenge traditional coverages and
  premium strategies...

20
Underwriting

• Depend on it - the uses of the internet are
  ever-changing!
• The degree of risk may not be measurable and
  manageable by the traditional means.
• Payroll, receipts, square footage, sales
• Fire Protection, Construction,
• Tangible values

21
Issues for insurance industry

• When did the insurable transaction take place
  (insuring a second in time) - does the annual
  policy term still make sense?
• If transactions grow as predicted (158 in the
  eMarketplace over the next two years), how much
  insurance is enough? (what are the potential
  liabilities and vulnerabilities?)
• Risk Management and Reunderwriting activities
  demand new skills.

22
Useful Links

• Integrating IT Security into the Capital Planning
  and Investment Control Process
• AIG NetAdvantage-The Definitive Guide to
  insurance and reinsurance of internet, eCommerce,
  and cyber perils
• Study Security still top IT spending
  priority- IDG News Service 11/18/05
• Links to Legal Resources (U S Govt)
• Professional Liability
• Insuring First-Party Cyber Risk for Fortune 1000
  CompaniesA Worthwhile Endeavor or Boondoggle?
  (November 2002 by Michael A. Rossi Insurance Law
  Group, Inc.)