Bad Boys In Cyberspace
We all know that insurance is a rather sedate industry. It seems the scandals and publicity that dog other industries (even related ones like finance) usually don't play in our sleepy acre of the public consciousness.
To tell the truth, I'm losing consciousness just thinking about the lack of entertainment value in this field. Why, it's enough to make one consider switching to a more exciting and potentially dangerous work setting. The post office comes to mind.
But before we lose hope for any juicy excitement in the annals of insurance, let's consider a scenario that could just create the kind of hullabaloo that grabs headlines.
First, relax and empty your mind. Now, let your body sway to a thumping, churning reggae beat and open your mind to the accompanying lyrics: “Bad boy, bad boy, whatchoo gonna do?”
That's right, you know where I'm going. We're in the opening of a special “Cops” program focusing on some real bad boys cyber-criminals. But we're not talking about just any hackers here. We're talking about no-goodniks who ply their nefarious trade in insurance.
As the show begins, our cyber-sleuths visit the offices of a large multiline insurance company that has detected unauthorized access to its computer systems.
Company Executive: “Thank God you're here. Someone's accessing all kinds of personal information on our clients and our employees.”
Sleuth: “This could be serious, like a Sarbanes-Oxley or HIPAA problem.”
Executive: “I was thinking more of that streaming video of me dressed as an elf on the conga line at the office Christmas party.”
Sleuth: “Uh, well at any rate, let's follow the cyber-trail and nab this dirt-bag.”
What follows is one of those really pulse-pounding chase scenes through the offices of the carrier. Every time the cops reach an office, they see a shadowy figure disappearing with an evil snicker through a stairwell door.
Startled claims reps gasp as the fleeing fugitive leaps over their desks with wild abandon. Secretaries shriek and drop their steno pads in utter terror as the bad guy speed-types gibberish into their vulnerable workstations. Even the actuaries raise an eyebrow when the cyber-crook knocks over their abaci.
Finally, the cops corner the suspect under a desk in a huge, wood-paneled office on the building's top floor.
Sleuth (approaching cautiously as his back-up agents fan out): “Okay, sir, the running is over. Come on out now, and nobody will get hurt.”
Crook (cackling madly): “You'll never get me, copper!”
The suspect makes a mad dash for an open window but is tackled by numerous agents, wrestled into submission, and handcuffed by two burly men who sit on him to keep him still.
Sleuth (breathing hard) to Executive: “Here's the guy who's been causing all the trouble. Do you recognize him?”
Executive (mouth agape): “Ah, well, this is a bit embarrassing. This is Mr. Foggybottom, our CEO.”
Is our scenario a mere flight of fantasy? Perhaps not entirely, according to Cyber Protect, a British firm that provides cyber-security products and services. Cyber Protect claims that its December 2003 survey of 150 British insurers revealed that a shocking 60 percent of employees admitted to accessing confidential data from systems within their own companies, even though they had no authority to do so. What's more, “the research surprisingly found senior managers to be the most hacker-happy,” the company asserted.
The survey questioned random-level staff in companies with 25 or more employees, said Cyber Protect. Senior managers comprised 45 percent of the sample, while 25 percent were “executives.”
The kinds of information inappropriately accessed included sales data, staff information, and personal and company financial data, the company said. Further, 35 percent of the respondents said they had deliberately corrupted or deleted the information they accessed.
What prompts people in such responsible positions to commit these acts? According to James Bisker, a senior analyst, insurance, for the Needham, Mass.-based TowerGroup, the perpetrators want to “manipulate” the data to make themselves look better.
An insurance company's data, said Mr. Bisker, “affects [senior managers] numbers and their bonuses. I've seen [such manipulations] happen.” The fact that the diddling is electronic, he added, makes it easier for them to access data, then to cover it up by deleting or corrupting the files.
The survey results, said Mr. Bisker, point to a “periodic need to revisit the ethics question.” But some people may be caught up in the “power” that comes with manipulating information, he noted.
According to Ronald Westrate, a clinical psychologist practicing in New Jersey, a feeling of power is indeed the key to such behaviors. “They do it because they can. There's a certain sense of omnipotence,” he commented. “It's an addiction. They may even logically think about it and develop a scenario ahead of time to get out of it in case they're caught. It's a very arrogant gesture.”
Mr. Westrate said such acts may also be driven by insecurity the idea that “I'm going to get my goodies while I can, because you never know when the other shoe will drop.” Such a shoe might be a layoff or the loss of a job to a younger person, he added.
Whatever the rationale, however, acts of cyber-crime are at best irresponsible and at worst, illegal and in violation of federal policies on information privacy.
If you're an executive or manager who either has dipped or has thought about dipping into some confidential information for your own gain, you would do well to consider the far-reaching implications of such an act. If you know another who is in that situation, now is the time to reach out and be a real friend to someone who could lose a job or lose a career as a result of an ill-conceived slip. Chances are he or she needs counseling.
If you're involved in illegal or unethical acts of cyber-manipulation, I have only one question: Whatchoo gonna do when they come for you?
Senior Editor Ara Trembly covers technology for National Underwriter. He may be reached at [email protected].
Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, March 12, 2004. Copyright 2004 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.