BY ARA C. TREMBLY
We all know insurance is a rather sedate industry. It seems the scandals and publicity that dog other industries (even related ones like finance) usually dont play in our sleepy acre of the public consciousness. To tell the truth, Im losing consciousness just thinking about the lack of entertainment value in this field. Why its enough to make one consider switching to a more exciting and potentially dangerous work setting. The post office comes to mind.
But before we lose hope for any juicy excitement in the annals of insurance, lets consider a scenario that could create the kind of hullabaloo that grabs headlines. First, relax and empty your mind. Now, let your body sway to a thumping, churning reggae beat, and open your mind to the accompanying lyrics: Bad boy, bad boy, whatchoo gonna do? Thats right, you know where Im going. Were in the opening of a special Cops program focusing on some real bad boyscyber criminals. But were not talking about just any hackers here, were talking about those no-goodniks who ply their nefarious trade in insurance.
As the show begins, our cyber-sleuths visit the offices of a large multiline insurance company that has detected unauthorized access to its systems.
Company Executive: Thank God youre here. Someones accessing all kinds of personal information on our clients and our employees.
Sleuth: This could be serious, like a Sarbanes-Oxley or HIPAA problem.
Executive: I was thinking more of that streaming video of me dressed as an elf on the conga line at the office Christmas party.
Sleuth: Uh, well, at any rate, lets follow the cyber-trail and nab this dirtbag.
What follows is one of those really pulse-pounding chase scenes through the offices of the carrier. Every time the cops reach an office, they see a shadowy figure disappearing with an evil snicker through a stairwell door. Finally, the cops corner the suspect under a desk in a huge, wood-paneled office on the buildings top floor.
Sleuth (approaching cautiously as his backup agents fan out): OK, sir, the running is over. Come on out now, and nobody will get hurt.
Crook (cackling madly): Youll never get me, copper!
The suspect makes a mad dash for an open window but is tackled by numerous agents, wrestled into submission, and handcuffed by two burly men who sit on him to keep him still.
Sleuth (breathing hard) to Executive: Heres the guy whos been causing all the trouble. Do you recognize him?
Executive (mouth agape): Ah well, this is a bit embarrassing.
This is Mr. Foggybottom, our CEO.
Is our scenario a mere flight of fantasy? Perhaps not entirely, according to Cyber Protect, a British firm that provides cyber-security products and services. Cyber Protect claims its December 2003 survey of 150 British insurers revealed a shocking 60 percent of employees admitted to accessing confidential data from systems within their own companies, even though they had no authority to do so. Whats more, the research surprisingly found senior managers to be the most hacker-happy, the company asserts.
The survey questioned random-level staff in companies with 25 or more employees. Senior managers comprised 45 percent of the sample, while 25 percent were executives. Further, 35 percent of the respondents say they deliberately had corrupted or deleted the information they accessed.
What prompts people in such responsible positions to commit these acts? According to Jamie Bisker, senior analyst, insurance, for TowerGroup, the perpetrators want to manipulate the data to make themselves look better. An insurance companys data, says Bisker, affects [senior managers] numbers and their bonuses. Ive seen [such manipulations] happen. The fact the diddling is electronic, he adds, makes it easier for them to access data then to cover it up by deleting or corrupting the files. The survey results point to a periodic need to revisit the ethics question, says Bisker. But some people may be caught up in the power that comes with manipulating information, he notes.
According to Ronald Westrate, a clinical psychologist practicing in New Jersey, a feeling of power is indeed the key to such behaviors. They do it because they can. Theres a certain sense of omnipotence, he says, adding such acts also may be driven by insecurity.
If youre an IT pro, understanding the perpetrators rationale may be critical, because you may be the sleuth in your company. On the other hand, if youre an executive or manager who either has dipped or has thought about dipping into some confidential information for your own gain, you would do well to consider the implications of such an act. If you know another who is in that situation, now is the time to reach out to someone who could lose a job or a career as a result of an ill-conceived slip. Chances are he or she needs counseling.
For anyone involved in illegal or unethical acts of cyber-manipulation, I have only one question: Whatchoo gonna do when they come for you?
Ara C. Trembly is technology editor for National Underwriters property/casualty and life/health editions. He may be reached at atrembly@nuco.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.