The Hartford 2013 Annual Report Download - page 27

Download and view the complete annual report

Please find page 27 of the 2013 The Hartford annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 250

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250

27
Systems failures or outages could compromise our ability to perform our business functions in a timely manner, which could harm our
ability to conduct business and hurt our relationships with our business partners and customers. In the event of a disaster such as a
natural catastrophe, a pandemic, an industrial accident, a blackout, a terrorist attack or war, systems upon which we rely may be
inaccessible to our employees, customers or business partners for an extended period of time. Even if our employees and business
partners are able to report to work, they may be unable to perform their duties for an extended period of time if our data or systems used
to conduct our business are disabled or destroyed.
Moreover, our computer systems have been, and will likely continue to be, subject to computer viruses or other malicious codes,
unauthorized access, cyber-attacks or other computer related penetrations. While, to date, The Hartford is not aware of having
experienced a material breach of cybersecurity, administrative and technical controls as well as other preventive actions we take to
reduce the risk of cyber incidents and protect our information technology may be insufficient to prevent physical and electronic break-
ins, denial of service, cyber-attacks or other security breaches to our computer systems or those of third parties with whom we do
business. Such an event could compromise our confidential information as well as that of our clients and third parties with whom we
interact, impede or interrupt our business operations and may result in other negative consequences, including remediation costs, loss of
revenue, additional regulatory scrutiny and litigation and reputational damage.
In addition, we routinely transmit, receive and store personal, confidential and proprietary information by email and other electronic
means. Although we attempt to keep such information confidential, we may be unable to utilize such capabilities in all events, especially
with clients, vendors, service providers, counterparties and other third parties who may not have or use appropriate controls to protect
confidential information.
Furthermore, certain of our businesses are subject to compliance with regulations enacted by U.S. federal and state governments, the
European Union, Japan or other jurisdictions or enacted by various regulatory organizations or exchanges relating to the privacy of the
information of clients, employees or others. A misuse or mishandling of confidential or proprietary information being sent to or received
from an employee or third party could result in legal liability, regulatory action and reputational harm.
Third parties to whom we outsource certain of our functions are also subject to the risks outlined above, any one of which may result in
our incurring substantial costs and other negative consequences, including a material adverse effect on our business, financial condition,
results of operations and liquidity.
While we maintain cyber liability insurance that provides both third party liability and first party insurance coverages, our insurance may
not be sufficient to protect against all loss.
Our framework for managing operational risks may not be effective in mitigating risk and loss to us that could adversely affect our
businesses.
Our business performance is highly dependent on our ability to manage operational risks that arise from a large number of day-to-day
business activities, including insurance underwriting, claims processing, servicing, investment, financial and tax reporting, compliance
with regulatory requirements and other activities, many of which are very complex and for some of which we rely on third parties. We
seek to monitor and control our exposure to risks arising out of these activities through a risk control framework encompassing a variety
of reporting systems, internal controls, management review processes and other mechanisms. We cannot be completely confident that
these processes and procedures will effectively control all known risks or effectively identify unforeseen risks, or that our employees and
third-party agents will effectively implement them. Management of operational risks can fail for a number of reasons, including design
failure, systems failure, failures to perform, cyber security attacks, human error, or unlawful activities on the part of employees or third
parties. In the event that our controls are not effective or not properly implemented, we could suffer financial or other loss, disruption of
our businesses, regulatory sanctions or damage to our reputation. Losses resulting from these failures can vary significantly in size,
scope and scale and may have material adverse effects on our financial condition or results of operations.