Travelers 2015 Annual Report Download - page 68

Download and view the complete annual report

Please find page 68 of the 2015 Travelers annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 287

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287

exceeds capacity or a third-party system fails or experiences an interruption. Business interruptions and
failures of controls could also result if our internal systems do not interface with each other as
intended, including as it relates to recently acquired businesses. Business continuity can also be
disrupted by an event, such as a pandemic, that renders large numbers of a workforce unable to work
as needed, particularly at critical locations; for example, our largest location employs about 20% of our
employees. If our business continuity plans did not sufficiently address a business interruption, system
failure or service denial, this could result in a deterioration of our ability to write and process new and
renewal business, provide customer service, pay claims in a timely manner or perform other necessary
business functions.
Our operations rely on the reliable and secure processing, storage and transmission of confidential
and other information in our computer systems and networks. Computer viruses, hackers (including
individuals, organizations or rogue states) and employee or vendor misconduct, and other external
hazards, could expose our data systems to security breaches, cyber-attacks or other disruptions. In
addition, we routinely transmit and receive personal, confidential and proprietary information by e-mail
and other electronic means. While we attempt to develop secure transmission capabilities with third-
party vendors and others with whom we do business, we may be unable to put in place secure
capabilities with all of such vendors and third parties and, in addition, these third parties may not have
appropriate controls in place to protect the confidentiality of the information.
Like other global companies, our computer systems are regularly subject to and will continue to be
the target of computer viruses, malware or other malicious codes, unauthorized access, cyber-attacks or
other computer-related penetrations. While we have experienced threats to our data and systems, to
date, we are not aware that we have experienced a material cyber-security breach. However, over time,
the sophistication of these threats continues to increase. Our administrative and technical controls as
well as other preventative actions we take to reduce the risk of cyber incidents and protect our
information may be insufficient to detect or prevent unauthorized access, other physical and electronic
break-ins, cyber-attacks or other security breaches to our computer systems or those of third parties
with whom we do business. In addition, new technology that could result in greater operational
efficiency may further expose our computer systems to the risk of cyber-attacks.
We have increasingly outsourced certain technology and business process functions to third parties
and may continue to do so in the future. If we do not effectively develop, implement and monitor our
outsourcing relationships, third party providers do not perform as anticipated, we experience
technological or other problems with a transition, or outsourcing relationships relevant to our business
process functions are terminated, we may not realize expected productivity improvements or cost
efficiencies and may experience operational difficulties, increased costs and a loss of business. Our
outsourcing of certain technology and business process functions to third parties may expose us to
increased risk related to data security or service disruptions, which could result in monetary and
reputational damages or harm to our competitive position. In addition to risks caused by third party
providers, our ability to receive services from third party providers outside of the United States might
be impacted by cultural differences, political instability, unanticipated regulatory requirements or public
policy inside or outside of the United States.
The increased risks identified above could expose us to data loss, disruption of service, monetary
and reputational damages, competitive disadvantage and significant increases in compliance costs and
costs to improve the security and resiliency of our computer systems. The compromise of personal,
confidential or proprietary information could also subject us to legal liability or regulatory action under
evolving cyber-security, data protection and privacy laws and regulations enacted by the U.S. federal
and state governments, Canada, the European Union or other jurisdictions or by various regulatory
organizations or exchanges. As a result, our ability to conduct our business and our results of
operations might be materially and adversely affected.
68