Cyber-fraud More Than Just a Cost of Doing Business—It May Be Deadly Business

Ara Trembly
Insurance Experts' Forum, November 30, 2009

While most of us will never hear about it, security experts have been telling us for years that some banks and other large companies have been quietly paying protection money to criminal syndicates who would otherwise bring down or seriously compromise their computer systems.  The victimized institutions have apparently accepted such extortion as a given, and are looking at it as just another cost of doing business. 

But can any insurer, broker or other company really afford to be so cavalier about what is happening, even if we’re not talking about extortion? According to former prosecutor and FBI agent Chris Swecker, the answer is clearly no. Swecker, who is the founder of Chris Swecker Enterprises, pointed out in a recent interview with me that, “The potential to commit fraud is magnified on the Internet,” adding that cyber crime is a low-risk and profitable undertaking.  “Law enforcement authorities aren’t likely to arrest some guy in Romania who is part of a hacking syndicate,” he said. 

Obviously, fraud is a huge concern for insurers, which is why they devote so many resources and so much money to preventing it. Yet many insurers acknowledge that below a certain dollar threshold, they don’t find it profitable to pursue fraudulent activity. The dollar amount undoubtedly varies from insurer to insurer, but I have been told that carriers generally set the limit between $3,000 and $5,000. Any losses that come about as a result of fraud that nets a lesser amount are routinely ignored, and written off as a cost of doing business. 

That sounds like good business, but it fails to acknowledge that a man (or a company) may just as easily die from 1,000 cuts as from a single mortal wound. Swecker noted that, “Terrorist financing and criminal actions (like fraud) often intersect.” He said that much of the funding for terrorist activity worldwide comes from the proceeds of such activity. 

“Fraud funds terrorists,” he explained.  “They perpetrate banking or credit card fraud, then use the proceeds to turn around and hurt us again.” In some cases, he noted, terrorists will hire hackers to commit such crimes in order to fatten their own nefarious coffers. 

That really puts a whole new light on the idea of allowing smaller crimes to continue, doesn’t it? Certainly, banking or credit card transactions are an important part of what takes place in the insurance industry, and if it were just a matter of focusing on bigger fish, I would have no problem with that approach. If, on the other hand, cyber-criminals are perpetrating many “small” frauds, then turning around and using the accumulated funds to endanger American lives both here and abroad, I have a huge problem with that. 

What can we do? Swecker suggested that modern fraud sniffing software can help detect patterns of network-based fraud activity that originates in places like Russia, Egypt and Romania. Such software employs aggressive analytics along with a case management system that seeks to manage workflow and to raise red flags. 

Will insurers and others have to spend more money to do this? Absolutely. Then again, what is it worth to your organization to thwart a well-planned series of “small” events that could end up hurting the company overall and—more important—might well cost American lives? 

No one can require us to raise our level of vigilance to this level. But can we afford not to? 

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Wearables Poised to Reshape Insurer-Insured Relationship

Boosted by the impending release of the Apple Watch, wearable devices have received a fair amount of attention recently – and with good reason. This emergent technology has the potential to alter the way the health insurance industry operates on a fundamental level.

Core Transformation – The Ultimate Balancing Act

The core transformation journey requires companies to shift from reactive to proactive business models, incorporating maturing and emerging technologies, customizing and personalizing products, and accelerating speed to market while providing improved customer service.

Despite Valiant Efforts, Insurers' Consumer Ratings Drop

Insurers also are confronting waves of disruptive changes, including big data analytics, an aging population, ongoing economic uncertainty and the growing frequency and severity of natural disasters, which threaten to challenge and undermine businesses.

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

The Apple Bounce: Are Wearables Truly this Big?

I just don’t believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novarica’s last study on these topics.