INTERNET LIABILITY Internet Liability Richard Batchelder Corporate Underwriting American Re-Insurance Company 1234

INTERNET LIABILITY  Introduction  Risk and Exposure  Claims Examples  Underwriting Considerations Agenda >>

Introduction

INTERNET LIABILITY Definition of Insurance Terms “Internet Risk” “Cyber Liability” “E-Business” “E-Commerce” ? ? ? ?

INTERNET LIABILITY Introduction Definition of E-Commerce: –Applications using electronic data networks (Internet) for handling business processes and supporting these kinds of processes. –Trading activities via the Internet (e.g. buyer visits web site of seller in order to carry out any kind of business activities). >>

INTERNET LIABILITY Increase of Internet users world-wide (in millions)

INTERNET LIABILITY Growth of e-commerce world-wide (in billions)

Risk and Exposure

INTERNET LIABILITY Classification of Internet Sites –Static Sites –Interactive Sites (collection of information) –E-Commerce Sites –Use of advertising –Use of “cookies” –Use of “spyware” >>

INTERNET LIABILITY E-commerce matrix BusinessConsumer Business B2B B2C Consumer P2P

INTERNET LIABILITY Risk Assessment Technical Assessment– Company Info – Internet Presence – Management – IT Security – Internet Security Loss Potential Evaluation– Disruption Risk – Security Risk – Media Risk >>

INTERNET LIABILITY Risk and Loss Potential  Disruption Risk  Security Risk  Media Risk

INTERNET LIABILITY Disruption Risk  No connection to the Internet / to the user  Delayed or no access to data CAUSINGCAUSING  Loss of profit  Loss of online data  Damage to data  Loss of profit  Damage to stored data  System overload / Breakdown  Functional breakdown caused by wrong, outdated or faulty software  Loss of profit  Loss of advertising income  Standstill cost  Loss of data  Damage to data

INTERNET LIABILITY Exposure Examples Disruption Risk –Power outage –Hacker/Cracker attacks –Theft of data –Malicious Code (Viruses) –Denial of Service Attacks (DOS Attacks) –Distributed Denial of Service Attacks (DDOS Attacks by Zombies) >>

INTERNET LIABILITY Security Risk  Unauthorized access  Piracy CAUSINGCAUSING  Damage to stored data  Loss / manipulation of transmitted data  System breakdown  Restoration cost  Infringement of privacy  Loss of confidentiality and confidential data  Economic loss  Harmful actions (manipulation of data, dissemination of harmful material)  Risk of identification and authenticity of transaction partners (e.g. phishing)  Infringement of privacy  Loss / manipulation of transmitted data  Loss of confidential data

INTERNET LIABILITY Exposure Examples Security Risk –Hacker / Cracker –External –Internal –Malicious Code (Viruses, Trojan horses, Worms, Java applets) –Piracy –Phishing –Spyware >>

INTERNET LIABILITY – Spread of “Code Red” (within 24 hours) Demonstration of Virus Spread

INTERNET LIABILITY Media Risk CAUSINGCAUSING Danger of facing:  Warning notices  Inhibitory actions  Interim injunctions  Economic Loss Infringement of:  Right to privacy e.g. defamation  Trademarks e.g. domain names, logos  Unfair competition e.g. appropriation of IP address / URL  Patents e.g. unauthorized use of a business process  Copyrights e.g. downloading, storing, changing and displaying of otherwise protected content

INTERNET LIABILITY Exposure Examples Media Risk –Defamation, Libel and Slander; –Domain Names, Meta-Tags, Trademark, Framing and Linking; –Storage, manipulation, distribution of protected content

Claims Examples

INTERNET LIABILITY Potential Liability –“classic” liability risk - especially arising from: –general liability (coverage B) –professional liability –“new” liability risks - especially arising from: –interruption risk –security risk –media risk >>

INTERNET LIABILITY Basis of Liability –Interruption and security risk: –contractual liability (assessment necessary because of legal uncertainties) –liability for BI and PD as well as for pure financial losses (definition of data?) Amercian Guarantee & Liability Ins. v. Ingram Micro Inc.: Court held that defendant’s loss of use and functionality of its computers as a result of a power outage constitutes “direct physical loss or damage” within the meaning of a property insurance.... >>

INTERNET LIABILITY Basis of Liability >> –Media risk: –rapid distribution of information (“one click - one spread”) –specific regulation for each country (trademark / patent / copyright) –own content / content of third parties (framing / linking / deep linking)

INTERNET LIABILITY Example: Linking / Framing Disputes Linking / Framing Disputes –Linking: allows a Web surfer to click on an icon and instantly jump to another Web site. –“Deep Linking”: takes surfers deep within a second site, bypassing advertising or pertinent information contained on the front pages of the linked Web site. >>

INTERNET LIABILITY Example: Linking / Framing Disputes Microsoft established a link from its online “City Guides” pages to the ticket purchase area of the Ticketmaster Web site rather than to Ticketmaster`s homepage. The link allowed Web surfers to bypass many pages of advertising and promotional material. Ticketmaster argued that Microsoft was “usurping” its trade name and that this “deep linking” was tantamount to stealing content. Microsoft argued that linking is simply a part of the culture of the Internet. In January 1999 the parties settled the case, as Microsoft agreed to link the users to Ticketmaster`s homepage. »Ticketmaster v Microsoft: >>

INTERNET LIABILITY Liability of Internet Users – Examples of Losses –Online Bank –Internet Book Store >>

INTERNET LIABILITY Online Bank –An Online Bank also offered their customers the possibility to trade their stocks online. –The advertised accessibility: “24 hours/day – 365 days/year” –Due to a “DDoS Attack” the servers went down and also the backup system did not work for several hours. The customers could place their orders, however they were processed after reinstallation of the systems. –Customers suffered financial losses on “both sides” (buyers & sellers). Buyers (without having set limits) had to buy at a higher stock price if the stock market value had increased, while some sellers had to sell at a lower level due to a decrease in their portfolio value. –Claim was settled out of court. >>

INTERNET LIABILITY Internet Bookstore March Large US Internet Bookstore Loses Client Data To Hacker –An Internet bookstore announced that hackers had stolen data, including credit card information of 98,000 customers of its Bibliofind.com subsidiary. –Hackers have had access to customer data from October 2000 through February –Fortunately no indication that credit cards had been misused, but to prevent customer data from being compromised in the future, the company removed all customer credit card numbers, physical addresses, and phone numbers from its servers. –No claims as culprits were hackers (not crackers). >>

Underwriting Considerations

INTERNET LIABILITY Underwriting Considerations  Underwriting Challenges  Risk Assessment  Summary >>

INTERNET LIABILITY –Fast changes (technical standards, environment...) –Lack of statistical data –Uncertain legal environment –Definition of target clients –Definition of level of risk assessment –Questionnaires –Classification tools –Individual legal & technical risk assessment –Definition of suitable rating tools in accordance to the risk insured Underwriting Challenges >>

INTERNET LIABILITY Underwriting Consequences –Definition of target clients –Definition of level of risk assessment –Questionnaires –Classification tools –Individual legal & technical risk assessment –Definition of suitable rating tools in accordance to the risk insured >>

INTERNET LIABILITY Risk Assessment Claims Management (Claims Dept. Insured, Specialized Lawyers) Technical Risk Assessment (Specialized IT-Companies) Examination of Standard Terms and Conditions and Individual Contracts (Specialized Lawyers)

INTERNET LIABILITY Summary –What is the company goal in providing Internet coverage? –Gap Coverage –Coverage for Internet-intensive clients –Evaluate increased GL Coverage B exposure –Evaluate Professional Liability exposure –Evaluate potential damage to data exposure for aggregate accumulation (Liability and Property) –Patent Infringement Coverage >>

Thank you for your interest Richard Batchelder Corporate Underwriting American Re-Insurance Company 1234