Cyber-fraud More Than Just a Cost of Doing Business—It May Be Deadly Business

Ara Trembly
Insurance Experts' Forum, November 30, 2009

While most of us will never hear about it, security experts have been telling us for years that some banks and other large companies have been quietly paying protection money to criminal syndicates who would otherwise bring down or seriously compromise their computer systems.  The victimized institutions have apparently accepted such extortion as a given, and are looking at it as just another cost of doing business. 

But can any insurer, broker or other company really afford to be so cavalier about what is happening, even if we’re not talking about extortion? According to former prosecutor and FBI agent Chris Swecker, the answer is clearly no. Swecker, who is the founder of Chris Swecker Enterprises, pointed out in a recent interview with me that, “The potential to commit fraud is magnified on the Internet,” adding that cyber crime is a low-risk and profitable undertaking.  “Law enforcement authorities aren’t likely to arrest some guy in Romania who is part of a hacking syndicate,” he said. 

Obviously, fraud is a huge concern for insurers, which is why they devote so many resources and so much money to preventing it. Yet many insurers acknowledge that below a certain dollar threshold, they don’t find it profitable to pursue fraudulent activity. The dollar amount undoubtedly varies from insurer to insurer, but I have been told that carriers generally set the limit between $3,000 and $5,000. Any losses that come about as a result of fraud that nets a lesser amount are routinely ignored, and written off as a cost of doing business. 

That sounds like good business, but it fails to acknowledge that a man (or a company) may just as easily die from 1,000 cuts as from a single mortal wound. Swecker noted that, “Terrorist financing and criminal actions (like fraud) often intersect.” He said that much of the funding for terrorist activity worldwide comes from the proceeds of such activity. 

“Fraud funds terrorists,” he explained.  “They perpetrate banking or credit card fraud, then use the proceeds to turn around and hurt us again.” In some cases, he noted, terrorists will hire hackers to commit such crimes in order to fatten their own nefarious coffers. 

That really puts a whole new light on the idea of allowing smaller crimes to continue, doesn’t it? Certainly, banking or credit card transactions are an important part of what takes place in the insurance industry, and if it were just a matter of focusing on bigger fish, I would have no problem with that approach. If, on the other hand, cyber-criminals are perpetrating many “small” frauds, then turning around and using the accumulated funds to endanger American lives both here and abroad, I have a huge problem with that. 

What can we do? Swecker suggested that modern fraud sniffing software can help detect patterns of network-based fraud activity that originates in places like Russia, Egypt and Romania. Such software employs aggressive analytics along with a case management system that seeks to manage workflow and to raise red flags. 

Will insurers and others have to spend more money to do this? Absolutely. Then again, what is it worth to your organization to thwart a well-planned series of “small” events that could end up hurting the company overall and—more important—might well cost American lives? 

No one can require us to raise our level of vigilance to this level. But can we afford not to? 

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

How IT Managers Can Get Close to Policyholders

Four steps CIOs need to take to lead insurance organizations to greater “customer obsession.”

Strategic Initiatives for 2015: Making Sense of the Shifts

Insurers must choose between embracing innovation or just continuing with business as usual and run the risk of becoming a casualty in the new competitive battle.

To Stay in the Game, Insurers Must Aggressively Embrace New Consumer Technologies

Emerging technologies displayed at the CES could be some of the greatest change agents since the introduction of the Internet, offering breakthroughs that could challenge many businesses.

The Usage-Based Insurance (UBI) Short Cut

Developing a usage-based insurance program has now gotten easier.

Marketing: The Insurer’s Shadow IT Department

Marketing executives continue their march into the insurance data center.

Digital Failings

We live in a brave new world now with digital devices and equipment surrounding us in a sea of capabilities that (generally) improve the quality of our experiences.