Internet Telephone Service: A New Frontier for Insurance Carriers 

Harry Emerson
Emerson Development

At a time of economic downturn when insurers are struggling to grow revenue, the security issues generated by Internet phone service, aka Voice over Internet Protocol or VoIP, could very well create a new frontier for insurance carriers.  

Most of you are familiar with the popular Internet phone service known as VoIP, a low-cost, discounted service that is rapidly being adopted just about everywhere. The use of VoIP telephones is growing because of their generous price structure and the relative ease of entry for new users. But there is a dark side to nearly-free telephony which has escaped our general attention as we joyfully embrace its ever-cheaper cost of doing business. Unfortunately for the user, society will be noticing this dark side more and more as organizations and institutions across the globe continue to adopt VoIP for their primary means of telephone communication. Lured by the siren call of low cost or no-cost service, and the absence of any FCC regulations whatsoever, the public and private sectors have closed their collective eyes to the glaring absence of safeguards built into this cheaper / cheapest business model, and like lemmings are enthusiastically racing towards the cliff of cyber-insecurity.

What we are not looking nor seeing is that in the process of changing over to VoIP,  users are unwittingly shifting from the reliable and secure traditional telephone network to an Internet environment of extreme risk. As it becomes more prevalent, we anticipate that VoIP will be increasingly vulnerable to hostile acts. This is because due to the architecture of the Internet, every person and every system has direct access to one another, implicitly giving all of us a trusted relationship with every hacker and terrorist in the world. By joining the VoIP party, we not only give those with malicious intent the direct access to our existing systems, computers, and networks—which we have already conceded—but we extend that access into the private realm of telephone communications.

The honeymoon is over. It is now being recognized that friendly, affordable, easy-to-use VoIP shares all the risks of the Internet, exposing all the features of voice communications to hacking and exploitation with the potential for disastrous results.  

This is bad news for VoIP users, but indications are that it will be good news for insurance carriers who will be called upon to protect against the risk of financial loss by VoIP users, VoIP manufacturers, VoIP distributors, installers, designers, and sellers. Consequently, according to Glenn Tippy, president and managing partner of Gerrity, Baker, Williams Inc. (www.gbwinsurance.com), and board member of the Professional Insurance Agents of New Jersey Inc., we can foresee that “insurance carriers will increasingly price for Internet / VoIP telephone exposure; cyber insurance products will be created for users of VoIP, as well as for VoIP providers and vendors; and The effects upon our economy will be profound.”

What we are talking about is a major shift in the perception of safety vs. risk as the hazards built into the current VoIP system are acknowledged. We are also talking about a major new market opening for insurers.   

We are not alone in our assumption of perceived risk. With businesses and government spending vast amounts of money to protect themselves against what feels like a growing army of terrorists invading the technology we all depend upon, the Obama administration is rightfully zeroing in on cyber security, cyber crime, and cyber warfare as a major part of its homeland security priorities. Meanwhile, the situation is getting worse, not better, which is why it has now been elevated to the level of a national security concern. Should we be worried about Internet phone service as it is now configured? Unfortunately, the answer is “Yes.” 

Being server-based, Internet telephony is susceptible to espionage, hacking, eavesdropping, intrusion, interruption, identity theft, denial-of-service attacks, and other forms of malicious and criminal interference via any and all the techniques that hackers employ. The role of hackers is to devise schemes to break into Internet servers. Therefore, no one should be surprised that with the accelerating trend towards widespread use of VoIP technology, they will turn their attention to VoIP servers. All Internet servers are susceptible to hacking. The fact that VoIP relies upon servers accessible on the Internet endangers personal, corporate, and national security, which will have a direct and increasing impact upon the insurance industry and those it serves. “VoIP is making it easier to wage cyberwar…” an analyst reported as far back as 2004, “just as flaws that make some VoIP products vulnerable were revealed.” - (Network World 1/19/2004). The growth in malware and cyber attacks is exponential.  According to F-Secure Corporation, malicious software attacks tripled in 2008[1].  Midway through 2009 McAfee’s Avert Labs reported that attacks have tripled since 2008. 

We have begun to see many examples of cyber crime including the exploitation of VoIP throughout society and the world. Two extreme cases are now recognized as early warning signals: In 2007 Russia utilized cyber-warfare against Estonia and in 2008 against Georgia, and completely shut down the infrastructure of those countries. More to the point for the insurance industry, according to a recent report by the security firm McAfee and Purdue University, theft of intellectual property, fraud, and damage of corporate networks cost corporations over a $1 trillion globally in 2008. To give this discussion more focus, think about the implications for the legal profession, the banking industry, hospitals, pharmaceutical companies and medical practices, the non-for-profit sector, manufacturers, governments, the military, and private individuals as they migrate to VoIP in greater numbers; and consider the impact on the insurance industry as client losses due to VoIP begin to pile on top of that $1 trillion.