Chapter 9: Emerging Issues and Trends in Insurance C16

1)      What is the definition of cybercrime?

  • Cybercrime is a criminical offence involving a computer as the object of the crime, or the tool used to commit a material component of the offence.


2)      Identify THREE (3) cybercrime exposure areas of particular concern for companies.

1)      Banking and financial transactions data
2)      Information intelligence
3)      Intellectual property
4)      Customer identification data leading to identity theft.

3)      What is DoS?

  • Denial of service (DoS) attacks: computers are perpetrated internally or externally to disable an organization’s network and e-commerce services.
  • Attackers use large-scale communications bandwidth of an intermediary to overwhelm their victims’ systems with meaningless service requests thereby degrading or denying service to legitimate users.

4)      What is DDoS?

  • Distributed denial of service (DDoS) attacks: occurs when multiple compromised systems flood the bandwidth of a targeted system, usually one or more Web services.
  • These types of attacks cause significant challenges for targeted organizations because multiple machines can generate more attack traffic than one machine and the behaviour of each attack machine can be stealthier, making it hard to track down and shut down.

5)      What is meant by URL hijacking?

  • Occurs when someone takes advantage of the common typos users make when they enter a Web address into their browser.
  • Hijackers will legally register a domain name with a misspelled version of a popular URL.
  • Consumers will associate the wrong site with the targeted victim.
  • The victimized company will suffer when consumers receive very poor service and inferior products.


6)      Explain the risk of loss of reputation from cybercrime.

  • Once a victim has been targeted by a criminal, further to the out-of-pocket financial losses caused, substantial additional costs are associated with trying to restore the victim’s reputation in the community and correcting the improper information generated by the criminal.
  • Negative publicity may lead to brand and reputation damage as well as disintegrated relationships with customers and other stakeholders; all of these things decrease revenue.


7)      What is identify theft?

  • Identity theft is a crime in which someone wrongfully obtains and uses another person’s personal data to commit fraud.
  • Personal data such as SIN, bank account numbers and other valuable identifying data can be used for profit and to the detriment of the victim.


8)      Identify internal and external perpetrators of cybercrime.

  • Perpetrators include disgruntled employees, hackers, virus writers, criminal groups and terrorists.
  • Employees, contractors and cleaning staff pose the greatest threats according to experts.
  • Internal perpetrators may access sensitive information through visual surveillance of operational systems, by going through garbage to retrieve sensitive information, by using spam, or through insider access, information leaks, or espionage.
  • A significant exposure exists from those who exceed their authorised use of an organization’s systems.
  • External perpetrators also enter private networks illegally to commit crimes.
  • Cyber criminals may be professionals hired for their skills and services or they commit e-crimes for personal gain or retribution.


9)      Identify FIVE (5) ways to manage IT risks.

1)      Build awareness of cyber risks
2)      Installing protection for systems
3)      Security system protocols
4)      Enter into employee user agreements
5)      Disable any remote access by ex-employees
6)      Accountability by business administrators for securities policies in place
7)      Built-in barriers to discourage thieves


10)  What would an insurer’s audit of a client’s IT system try to determine?

  • Underwriters typically request an audit of the insured’s security systems and policies to determine whether the following has been implemented:

1) Establishing technology protocols
2) Employee user-agreement contracts that specify non-abuse of company data
3) The implementation and enforcement of IT security
4) A robust data recovery plan that is regularly backed up.


11)  Define pandemic.

  • Pandemic: is the spread of a highly infectious disease over a wide geographical area such as a large part of a continent.  Flu pandemics typically come in waves of multiple outbreaks, often consisting of 2-3 periods that last 6-8 weeks.  An influenza pandemic could last for a year or more infecting up to 1/3 of the population in Canada.
  • Epidemic: is an above-average but limited incidence of an infectious disease such as influenza, cholera, and SARS.  Any disorder in which infectious viruses or bacteria are easily transmitted can cause an epidemic.
  • Endemic: refers to the presence of an infectious disease in a certain region at all times for a significant percentage of a population.  I.E. Aids in Africa.


12)  How would companies approach the risk of absenteeism from a pandemic?

  • Operational risks relates to the loss of people available for work for prolonged periods of time.
  • Management policies for supporting quarantined staff should be developed.
  • Specific consequences for insurers operations may involve difficulty renewing or writing business.
  • There would also likely be an increase in claims and many of the people affected might not be insured.
  • Off-site operations or moving the office locations would be difficult and impractical as the virus would be present in every part of the country.  If employees could work remotely then management would have had to create the necessary infrastructure in advance.
  • Supply resources maybe contaminated and supply chains may be cut off.






13)  What are the financial risks to insurance companies from a pandemic?

  • Financial risks would be related to market liquidity and credit risk.
  • They may be concerned about reduced accessibility to cash, the impact of their investments and about risks related to reinsurers.
  • A decline in market confidence is sure to occur, asset prices will drop, and there will be an increased in demand for liquidity in investments.


14)  Identity the business that would have the greatest exposure to the risks of a pandemic?

  • The greatest exposure is in those sectors where people congregate in large numbers or are involved in treating the disease.
  • Segments of the economy related to air travel, tourism, entertainment, resort hotels, local public transportation, restaurants, etc would be especially at risk.


15)  How would the pharmaceutical industry be affected by a pandemic?

  • Healthcare workers and airline crews are frequently exposed to and highly at risk of contracting infectious diseases.
  • Hospital and other medical facilities may be liable in the case of a pandemic if patients are diagnosed falsely or if medical care for the disease has been delayed.
  • Additional exposure can arise if the disease spreads because infected patients are not quarantined promptly.


16)  How would a pandemic cause a loss under a director’s and office’s policy?

  • If management fails to protect a company’s assets against the effects of a pandemic it may be sued by stockholders, customers and even its staff.
  • Although contingency planning is a legal obligation in many countries for listed companies at the least, a company can still be liable if its plan is inadequate or has been executed improperly.


17)  What did Chief Justice McLachlin state about the duty of care to members of the public for a social host at a party where alcohol is served?

  • He stated that a social host at a party where alcohol is served is not under a duty of care to members of the public who may be injured by a guest’s actions, unless the host’s conduct implicates him/her in the creation or exacerbation of the risk.
  • Thus, the Supreme Court rejected the notion that a social host is responsible for his/her guest’s actions. (Childs v. Desormeaux case)


18)  Who is primarily legally liable in a liquor liability case?

  • The burden of such liquor liability cases remains with the party primarily responsible for it; the intoxicated driver.


19)  Is a duty of care created if a host fails to prevent a guest from becoming intoxicated?

  • Failing to prevent a guest from becoming intoxicated or from driving does not create a duty of care upon a social host.
  • However if for example, the host created a liquor risk by encouraging excessive consumption in drinking games or some other such activity, he/she could be found liable.


20)  What is the standard of care imposed by the law?

  • In general terms, the standard of care imposed by the law is to act reasonably to avoid the risk of foreseeable harm.
  • However it is problematic to define what is meant by “reasonable,” and by “foreseeable.”

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)