The Hartford 2014 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2014 The Hartford annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 296

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296

Systems failures or outages could compromise our ability to perform our business functions in a timely manner, which could harm our ability to conduct
business and hurt our relationships with our business partners and customers. In the event of a disaster such as a natural catastrophe, a pandemic, an industrial
accident, a blackout, a terrorist attack (including conventional, nuclear, biological, chemical or radiological) or war, systems upon which we rely may be
inaccessible to our employees, customers or business partners for an extended period of time. Even if our employees and business partners are able to report to
work, they may be unable to perform their duties for an extended period of time if our data or systems used to conduct our business are disabled or destroyed.
Moreover, our computer systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access, cyber-
attacks or other computer related penetrations. The frequency and sophistication of such threats continue to increase as well. While, to date, The Hartford is
not aware of having experienced a material breach of our cybersecurity systems, administrative and technical controls as well as other preventive actions we
take to reduce the risk of cyber incidents and protect our information technology may be insufficient to prevent physical and electronic break-ins, denial of
service, cyber-attacks or other security breaches to our computer systems or those of third parties with whom we do business. Such an event could
compromise our confidential information as well as that of our clients and third parties, with whom we interact, impede or interrupt our business operations
and may result in other negative consequences, including remediation costs, loss of revenue, additional regulatory scrutiny and litigation and reputational
damage. In addition, we routinely transmit, to third parties personal, confidential and proprietary information, which may be related to employees and
customers, by email and other electronic means, along with receiving and storing such information on our systems. Although we attempt to keep such
information confidential, we may be unable to utilize such capabilities in all events, especially with clients, vendors, service providers, counterparties and
other third parties who may not have or use appropriate controls to protect confidential information.
Furthermore, certain of our businesses are subject to compliance with regulations enacted by U.S. federal and state governments, the European Union, Japan
or other jurisdictions or enacted by various regulatory organizations or exchanges relating to the privacy of the information of clients, employees or others. A
misuse or mishandling of confidential or proprietary information being sent to or received from an employee or third party could result in legal liability,
regulatory action and reputational harm.
Third parties to whom we outsource certain of our functions, including but not limited to third party administrators, are also subject to cyber-breaches of
confidential information, along with the other risks outlined above, any one of which may result in our incurring substantial costs and other negative
consequences, including a material adverse effect on our business, reputation, financial condition, results of operations and liquidity. While we maintain
cyber liability insurance that provides both third party liability and first party insurance coverages, our insurance may not be sufficient to protect against all
loss.
Our framework for managing operational risks may not be effective in mitigating risk and loss to us that could adversely affect our businesses.
Our business performance is highly dependent on our ability to manage operational risks that arise from a large number of day-to-day business activities,
including insurance underwriting, claims processing, servicing, investment, financial and tax reporting, compliance with regulatory requirements and other
activities, many of which are very complex and for some of which we rely on third parties. In addition, information technology investments we have made or
plan to make in order to improve our operations are subject to material challenges, uncertainties and risks which may adversely impact our ability to achieve
the anticipated business growth, expense reduction and operational efficiencies. We seek to monitor and control our exposure to risks arising out of these
activities through a risk control framework encompassing a variety of reporting systems, internal controls, management review processes and other
mechanisms. We cannot be completely confident that these processes and procedures will effectively control all known risks or effectively identify
unforeseen risks, or that our employees and third-party agents will effectively implement them. Management of operational risks can fail for a number of
reasons, including design failure, systems failure, failures to perform, cyber security attacks, human error, or unlawful activities on the part of employees or
third parties. In the event that our controls are not effective or not properly implemented, we could suffer financial or other loss, disruption of our businesses,
regulatory sanctions or damage to our reputation. Losses resulting from these failures can vary significantly in size, scope and scale and may have material
adverse effects on our financial condition or results of operations.
26