0001193125-12-236210.txt : 20120628 0001193125-12-236210.hdr.sgml : 20120628 20120516131653 ACCESSION NUMBER: 0001193125-12-236210 CONFORMED SUBMISSION TYPE: CORRESP PUBLIC DOCUMENT COUNT: 1 FILED AS OF DATE: 20120516 FILER: COMPANY DATA: COMPANY CONFORMED NAME: HARTFORD FINANCIAL SERVICES GROUP INC/DE CENTRAL INDEX KEY: 0000874766 STANDARD INDUSTRIAL CLASSIFICATION: FIRE, MARINE & CASUALTY INSURANCE [6331] IRS NUMBER: 133317783 STATE OF INCORPORATION: DE FISCAL YEAR END: 1231 FILING VALUES: FORM TYPE: CORRESP BUSINESS ADDRESS: STREET 1: ONE HARTFORD PLAZA CITY: HARTFORD STATE: CT ZIP: 06155 BUSINESS PHONE: 8605475000 MAIL ADDRESS: STREET 1: ONE HARTFORD PLAZA CITY: HARTFORD STATE: CT ZIP: 06155 FORMER COMPANY: FORMER CONFORMED NAME: ITT HARTFORD GROUP INC /DE DATE OF NAME CHANGE: 19930328 CORRESP 1 filename1.htm RESPONSE LETTER

May 16, 2012

VIA EDGAR

Mr. Jeffrey Riedler

Assistant Director

Division of Corporation Finance

United States Securities and Exchange Commission

100 F Street, N.E.

Washington, D.C. 20549

 

Re:

    The Hartford Financial Services Group, Inc.
   Form 10-K for the Fiscal Year Ended December 31, 2011
   Filed February 24, 2012
   File No. 001-13958

Dear Mr. Riedler:

This letter is in response to your May 7, 2012 letter providing comments from the United States Securities and Exchange Commission (the “Commission”) Staff (the “Staff”) resulting from their review of the Company’s disclosures in the filing listed above.

For your convenience, your comments are shown below in bold, italicized text, followed by our response.

Staff Comment:

Item 1A. Risk Factors, page 14

“If we are unable to maintain the availability of our systems and safeguard the security of our data due to the occurrence of disasters or a cyber…”, page 25

1. In response to our prior comment 2, you state that you have not experienced a material breach of cybersecurity. Your response does not appear to address whether you are experiencing any potential current business risks concerning cybersecurity. For example, despite the fact you believe you have not experienced a material breach of your cybersecurity, are you currently experiencing attacks or threats to your systems? If you have experienced attacks in the past, please expand your risk factor in the future to state that.

Company Response:

In response to the Staff’s comment, The Hartford will revise its risk factor disclosure in subsequent filings substantially as indicated by the underlined language below.

If we are unable to maintain the availability of our systems and safeguard the security of our data due to the occurrence of disasters or a cyber or other information security incident, our ability to conduct business may be compromised, we may incur substantial costs and suffer other negative consequences, all of which may have a material adverse effect on our business, financial condition, results of operations and liquidity.

We use computer systems to process, store, retrieve, evaluate and utilize customer and company data and information. Our computer, information technology and telecommunications systems, in turn, interface with and rely upon third-party systems. Our business is highly dependent on our ability, and the ability of certain third parties, to access these systems to perform necessary business functions, including, without limitation, conducting our financial reporting and analysis, providing insurance quotes, processing premium payments, making changes to existing policies, filing and paying claims, administering variable annuity products and mutual funds, providing customer support and managing our investment portfolios and hedging programs.

Systems failures or outages could compromise our ability to perform our business functions in a timely manner, which could harm our ability to conduct business and hurt our relationships with our business partners and customers. In the event of a disaster such as a natural catastrophe, a pandemic, an industrial accident, a blackout, a terrorist attack or war, systems upon which we rely may be inaccessible to our employees, customers or business partners for an extended period of time. Even if our employees and business partners are able to report to work, they may be unable to perform their duties for an extended period of time if our data or systems used to conduct our business are disabled or destroyed.

Moreover, our computer systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access, cyber-attacks or other computer related penetrations. While, to date, The Hartford has not experienced a material breach of cybersecurity, administrative and technical controls as well as other preventive actions we take to reduce the risk of cyber incidents and protect our information technology may be insufficient to prevent physical and electronic break-ins, cyber-attacks or other security breaches to our computer systems. Such an event could compromise our confidential information as well as that of our clients and third parties with whom we interact, impede or interrupt our business operations and may result in other negative consequences, including remediation costs, loss of revenue, additional regulatory scrutiny and litigation and reputational damage.

In addition, we routinely transmit, receive and store personal, confidential and proprietary information by email and other electronic means. Although we attempt to keep such information confidential, we may be unable to utilize such capabilities in all events, especially with clients, vendors, service providers, counterparties and other third parties who may not have or use appropriate controls to protect confidential information.

Furthermore, certain of our businesses are subject to compliance with regulations enacted by U.S. federal and state governments, the European Union, Japan or other jurisdictions or enacted by various regulatory organizations or exchanges relating to the privacy of the information of clients, employees or others. A misuse or mishandling of confidential or proprietary information being sent to or received from an employee or third party could result in legal liability, regulatory action and reputational harm.

Third parties to whom we outsource certain of our functions are also subject to the risks outlined above, any one of which may result in our incurring substantial costs and other negative consequences, including a material adverse effect on our business, financial condition, results of operations and liquidity.

While we maintain cyber liability insurance that provides both third party liability and first party insurance coverages, our insurance may not be sufficient to protect against all loss.

* * * * * *

In connection with our response to the Staff’s comments, we hereby acknowledge that:

 

 

The Company is responsible for the adequacy and accuracy of the disclosure in the filing;

 

 

Staff comments or changes to disclosure in response to Staff comments do not foreclose the Commission from taking any action with respect to the filing; and

 

 

The Company may not assert Staff comments as a defense in any proceeding initiated by the Commission or any person under the federal securities laws of the United States.

We would be happy to respond to any further questions you or others in the Staff may have. You may call me at 860-547-4135.

Sincerely,

/s/ Beth A. Bombara

Beth A. Bombara

Senior Vice President and Controller

cc: Christopher J. Swift, Executive Vice President and Chief Financial Officer