We all know that insurance is a rather sedate industry. It seems the scandals and publicity that dog other industries (even related ones like finance) usually dont play in our sleepy acre of the public consciousness.
To tell the truth, Im losing consciousness just thinking about the lack of entertainment value in this field. Why its enough to make one consider switching to a more exciting and potentially dangerous work setting. The post office comes to mind.
But before we lose hope for any juicy excitement in the annals of insurance, lets consider a scenario that could just create the kind of hullabaloo that grabs headlines.
First, relax and empty your mind. Now, let your body sway to a thumping, churning reggae beat and open your mind to the accompanying lyrics: “Bad boy, bad boy, whatchoo gonna do?”
Thats right, you know where Im going. Were in the opening of a special “Cops” program focusing on some real bad boyscyber-criminals. But were not talking about just any hackers here, were talking about those no-goodniks who ply their nefarious trade in insurance.
As the show begins, our cyber-sleuths visit the offices of a large multiline insurance company that has detected unauthorized access to its computer systems.
Company Executive: “Thank God youre here. Someones accessing all kinds of personal information on our clients and our employees.”
Sleuth: “This could be serious, like a Sarbanes-Oxley or HIPAA problem.”
Executive: “I was thinking more of that streaming video of me dressed as an elf on the conga line at the office Christmas party.”
Sleuth: “Uh, well at any rate, lets follow the cyber-trail and nab this dirtbag.”
What follows is one of those really pulse-pounding chase scenes through the offices of the carrier. Every time the cops reach an office, they see a shadowy figure disappearing with an evil snicker through a stairwell door.
Startled claims reps gasp as the fleeing fugitive leaps over their desks with wild abandon. Secretaries shriek and drop their steno pads in utter terror as the bad guy speed types gibberish into their vulnerable workstations. Even the actuaries raise an eyebrow when the cyber-crook knocks over their abaci.
Finally, the cops corner the suspect under a desk in a huge, wood-paneled office on the buildings top floor.
Sleuth (approaching cautiously as his back-up agents fan out): “OK, sir, the running is over. Come on out now, and nobody will get hurt.”
Crook (cackling madly): “Youll never get me, copper!”
The suspect makes a mad dash for an open window but is tackled by numerous agents, wrestled into submission and handcuffed by two burly men who sit on him to keep him still.
Sleuth (breathing hard) to Executive: “Heres the guy whos been causing all the trouble. Do you recognize him?”
Executive (mouth agape): “Ah well, this is a bit embarrassing. This is Mr. Foggybottom, our CEO.”
Is our scenario a mere flight of fantasy? Perhaps not entirely, according to Cyber Protect, a British firm that provides cyber-security products and services.
Cyber Protect claims that its December 2003 survey of 150 British insurers revealed that a shocking 60% of employees admitted to accessing confidential data from systems within their own companies, even though they had no authority to do so. Whats more, “the research surprisingly found senior managers to be the most hacker-happy,” the company asserts.
The survey questioned random level staff in companies with 25 or more employees, says Cyber Protect. Senior managers comprised 45% of the sample, while 25% were “executives.”
The kinds of information inappropriately accessed included sales data, staff information, and personal and company financial data, the company says. Further, 35% of the respondents say they deliberately had corrupted or deleted the information they accessed.
What prompts people in such responsible positions to commit these acts? According to James Bisker, senior analyst, insurance, for the Needham, Mass.-based TowerGroup, the perpetrators want to “manipulate” the data in order to make themselves look better.
An insurance companys data, says Bisker, “affects [senior managers] numbers and their bonuses. Ive seen [such manipulations] happen.” The fact that the diddling is electronic, he adds, makes it easier for them to access data, then to cover it up by deleting or corrupting the files.
The survey results, says Bisker, point to a “periodic need to revisit the ethics question.” But some people may be caught up in the “power” that comes with manipulating information, he notes.
According to Ronald Westrate, a clinical psychologist practicing in New Jersey, a feeling of power is indeed the key to such behaviors. “They do it because they can. Theres a certain sense of omnipotence,” he commented.
“Its an addiction,” he continues. “They may even logically think about it and develop a scenario ahead of time to get out of it in case theyre caught. Its a very arrogant gesture.”
Westrate says such acts also may be driven by insecurity–the idea that “Im going to get my goodies while I can, because you never know when the other shoe will drop.” Such a shoe might be a layoff or the loss of a job to a younger person, he adds.
Whatever the rationale, however, acts of cyber-crime are at best irresponsible and at worst, illegal and in violation of federal policies on information privacy.
If youre an executive or manager who either has dipped or has thought about dipping into some confidential information for your own gain, you would do well to consider the far-reaching implications of such an act. If you know another who is in that situation, now is the time to reach out and be a real friend to someone who could lose a job or lose a career as a result of an ill-conceived slip. Chances are he or she needs counseling.
If youre involved in illegal or unethical acts of cyber-manipulation, I have only one question: Whatchoo gonna do when they come for you?
Reproduced from National Underwriter Life & Health/Financial Services Edition, February 13, 2004. Copyright 2004 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.