The Hartford 2012 Annual Report Download - page 27

Download and view the complete annual report

Please find page 27 of the 2012 The Hartford annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 335

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335

Table of Contents
If we are unable to maintain the availability of our systems and safeguard the security of our data due to the occurrence of disasters or a cyber or
other information security incident, our ability to conduct business may be compromised, we may incur substantial costs and suffer other negative
consequences, all of which may have a material adverse effect on our business, financial condition, results of operations and liquidity.
We use computer systems to process, store, retrieve, evaluate and utilize customer and company data and information. Our computer, information technology
and telecommunications systems, in turn, interface with and rely upon third-party systems or third-parties firms to maintain our systems. Our business is
highly dependent on our ability, and the ability of certain third parties, to access these systems to perform necessary business functions, including, without
limitation, conducting our financial reporting and analysis, providing insurance quotes, processing premium payments, making changes to existing policies,
filing and paying claims, administering variable annuity products and mutual funds, providing customer support and managing our investment portfolios
and hedging programs.
Systems failures or outages could compromise our ability to perform our business functions in a timely manner, which could harm our ability to conduct
business and hurt our relationships with our business partners and customers. In the event of a disaster such as a natural catastrophe, a pandemic, an
industrial accident, a blackout, a terrorist attack or war, systems upon which we rely may be inaccessible to our employees, customers or business partners
for an extended period of time. Even if our employees and business partners are able to report to work, they may be unable to perform their duties for an
extended period of time if our data or systems used to conduct our business are disabled or destroyed.
Moreover, our computer systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access, cyber-
attacks or other computer related penetrations. While, to date, The Hartford has not experienced a material breach of cybersecurity, administrative and
technical controls as well as other preventive actions we take to reduce the risk of cyber incidents and protect our information technology may be insufficient to
prevent physical and electronic break-ins, denial of service and other cyber-attacks or other security breaches to our computer systems. Such an event could
compromise our confidential information as well as that of our clients and third parties with whom we interact, impede or interrupt our business operations
and may result in other negative consequences, including remediation costs, loss of revenue, additional regulatory scrutiny and litigation and reputational
damage.
In addition, we routinely transmit, receive and store personal, confidential and proprietary information by email and other electronic means. Although we
attempt to keep such information confidential, we may be unable to utilize such capabilities in all events, especially with clients, vendors, service providers,
counterparties and other third parties who may not have or use appropriate controls to protect confidential information.
Furthermore, certain of our businesses are subject to compliance with regulations enacted by U.S. federal and state governments, the European Union, Japan
or other jurisdictions or enacted by various regulatory organizations or exchanges relating to the privacy of the information of clients, employees or others. A
misuse or mishandling of confidential or proprietary information being sent to or received from an employee or third party could result in legal liability,
regulatory action and reputational harm.
Third parties to whom we outsource certain of our functions are also subject to the risks outlined above, any one of which may result in our incurring
substantial costs and other negative consequences, including a material adverse effect on our business, financial condition, results of operations and liquidity.
While we maintain cyber liability insurance that provides both third party liability and first party insurance coverages, our insurance may not be sufficient to
protect against all loss.
Our framework for managing operational risks may not be effective in mitigating risk and loss to us that could adversely affect our businesses.
Our business performance is highly dependent on our ability to manage operational risks that arise from a large number of day-to-day business activities,
including insurance underwriting, claims processing, servicing, investment, financial and tax reporting, compliance with regulatory requirements and other
activities, many of which are very complex and for some of which we rely on third parties. We seek to monitor and control our exposure to risks arising out of
these activities through a risk control framework encompassing a variety of reporting systems, internal controls, management review processes and other
mechanisms. We cannot be completely confident that these processes and procedures will effectively control all known risks or effectively identify unforeseen
risks, or that our employees and third-party agents will effectively implement them. Management of operational risks can fail for a number of reasons,
including design failure, systems failure, failures to perform, cyber security attacks, human error, or unlawful activities on the part of employees or third
parties. In the event that our controls are not effective or not properly implemented, we could suffer financial or other loss, disruption of our businesses,
regulatory sanctions or damage to our reputation. Losses resulting from these failures can vary significantly in size, scope and scale and may have material
adverse effects on our financial condition or results of operations.
27