{
  "ticker": "HIG",
  "company": "Hartford Financial Services Group Inc.",
  "filing_type": "10-K",
  "year_current": "2024",
  "year_prior": "2023",
  "summary": {
    "added": 2,
    "removed": 0,
    "modified": 1,
    "unchanged": 5,
    "total_current": 8,
    "total_prior": 6
  },
  "source": "SEC EDGAR",
  "url": "https://riskdiff.com/hig/2024-vs-2023/",
  "markdown_url": "https://riskdiff.com/hig/2024-vs-2023/index.md",
  "json_url": "https://riskdiff.com/hig/2024-vs-2023/index.json",
  "generated": "2026-05-10",
  "ai_summary": "Hartford Financial Services Group Inc. added a dedicated cybersecurity risk disclosure in its 2024 10-K, reflecting heightened regulatory focus on data security governance. The company substantively modified its Insurance Industry and Product Related Risks section, indicating evolving business or market conditions affecting core operations. Five existing risk factors remained unchanged, suggesting stability in Hartford's primary risk exposures across underwriting, market, and operational domains.",
  "risks": [
    {
      "status": "ADDED",
      "current_title": "Part I - Item 1C. Cybersecurity",
      "prior_title": null,
      "current_body": "Item 1C. Item 1C. CYBERSECURITYThe Hartford has implemented an information protection program with established governance routines for assessing and managing risks. The Hartford employs a ‘defense-in-depth’ strategy that uses multiple security measures to protect the integrity of the Company's information assets. This ‘defense-in-depth’ strategy aligns to the National Institute of Standards and Technology Cybersecurity Framework, where controls are implemented throughout our environments to achieve five categorical objectives, including identification, protection, detection, response and recovery. Our 'defense in depth' program uses several methods to protect against intrusion by a bad actor, including such techniques as reputational filtering, anti-virus scans, intrusion prevention, multi-factor authentication, and account isolation among others. We also use numerous approaches to detect ransomware and other cyber attacks, including, among others, dark web searches, email sandboxing, endpoint detection, and intrusion detection. The Hartford continues to monitor and enhance its framework to respond to evolving cyber threats and regulations for data privacy, including the European Union General Data Protection Regulation and the California Consumer Privacy Act.We regularly assess our programs and control environment, leveraging externally conducted cyber tests and evaluations along with internally managed cyber risk assessments and testing. Additionally, the Company collaborates with industry associations, government authorities, peers and external advisors to monitor the threat environment and to inform our security practices. In connection with the regular assessment of third-party service providers performed by our procurement organization, our information protection team performs a third-party assessment of each vendor’s information security practices and protocols, including its readiness to protect against and respond to cybersecurity breaches. Third-party service providers are categorized in tiers depending on the significance of their operations to the Company’s business processes and risk assessments for vendors in the highest tier are completed periodically. With respect to cyber, we have procedures to verify each service provider’s information security controls, and each vendor completes a cyber questionnaire that also addresses their resiliency in the event of an intrusion to their systems. We proactively communicate with suppliers to understand mitigation steps taken when major cyber exposures are identified.We are executing on a multi-year roadmap to, among other things, further improve our ability to defend against, respond to, and recover from ransomware and other cyber events; enhance application cybersecurity capabilities, including defenses against fraud attacks; and to ensure security capabilities are built into new cloud-based platforms that we adopt. We are also required to maintain strong cyber defense protocols in the states where we are authorized or licensed to write business. A number of states where our insurance companies are domiciled, including Connecticut, have adopted the NAIC Insurance Data Security Model Law. Our legal team monitors the status of new cybersecurity regulations, including notification requirements. To the best knowledge of Management, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. For further discussion of the Company's risks related to cybersecurity, see Part I, Item 1A, — Risk Factors for the risk factor \"Our businesses may suffer and we may incur substantial costs if we are unable to access our systems and safeguard the security of our data in the event of a disaster, cyber breach or other information security incident.\" From a governance perspective, senior members of our Enterprise Risk Management, Information Protection and Internal Audit functions provide detailed, regular reports on cybersecurity matters to the Board, primarily through the Audit Committee, which oversees controls for the Company's major risk exposures and has principal responsibility for oversight of cybersecurity risk, and the Finance, Investment and Risk Management Committee (\"FIRMCo\"), which oversees business risk related to cyber insurance products. The topics covered by these updates include the Company's activities, policies and procedures to prevent, detect and respond to cybersecurity incidents, as well as lessons learned from cybersecurity incidents and internal and external testing of our cyber defenses.The Audit Committee is provided with updates on technology and cybersecurity risks at least four times annually, including annual reviews of the Company's cybersecurity program and technology risks and controls, and bi-annual updates on operational risks (in spring and fall). Given its importance, the full Board is invited to attend the annual cybersecurity program and time is reserved at each Audit Committee meeting for cybersecurity technology matters that warrant discussion between the standing sessions. In addition, our Enterprise Risk Management team provides FIRMCo with an assessment of cybersecurity insurance risk once per year. The Audit Committee, FIRMCo and the full Board are apprised of developments in the external environment and business strategies that present additional potential cyber risk exposure to the Company, such as modifications to on-line platforms and expanded use of cloud-based applications, on an ongoing, as-needed basis. As a result, cybersecurity and cyber risk are typically discussed more frequently than the annual minimum requirements.The Company has established an Executive Privacy & Security Council (\"EPSC\") that meets semi-annually. Formed in 2003, the EPSC consists of a cross-functional senior leaders, including the Chief Information Officer (\"CIO\"), the Chief Information Security Officer (\"CISO\"), the Chief Risk Officer (\"CRO\") and General Counsel among others. The EPSC receives a monthly written executive briefing on topics, and with metrics related to cybersecurity, including incident prevention, detection, mitigation and remediation. Quarterly, the IT Risk Council, made up of senior IT leaders, is also provided with an update of cybersecurity risks and preparedness. Various other meetings are held on cybersecurity topics periodically, including monthly business operating reviews, and meetings of the Enterprise Risk and Capital Committee (\"ERCC\") and executive leadership team. CYBERSECURITYThe Hartford has implemented an information protection program with established governance routines for assessing and managing risks. The Hartford employs a ‘defense-in-depth’ strategy that uses multiple security measures to protect the integrity of the Company's information assets. This ‘defense-in-depth’ strategy aligns to the National Institute of Standards and Technology Cybersecurity Framework, where controls are implemented throughout our environments to achieve five categorical objectives, including identification, protection, detection, response and recovery. Our 'defense in depth' program uses several methods to protect against intrusion by a bad actor, including such techniques as reputational filtering, anti-virus scans, intrusion prevention, multi-factor authentication, and account isolation among others. We also use numerous approaches to detect ransomware and other cyber attacks, including, among others, dark web searches, email sandboxing, endpoint detection, and intrusion detection. The Hartford continues to monitor and enhance its framework to respond to evolving cyber threats and regulations for data privacy, including the European Union General Data Protection Regulation and the California Consumer Privacy Act.We regularly assess our programs and control environment, leveraging externally conducted cyber tests and evaluations along with internally managed cyber risk assessments and testing. Additionally, the Company collaborates with industry associations, government authorities, peers and external advisors to monitor the threat environment and to inform our security practices. In connection with the regular assessment of third-party service providers performed by our procurement organization, our information protection team performs a third-party assessment of each vendor’s information security practices and protocols, including its readiness to protect against and respond to cybersecurity breaches. Third-party service providers are categorized in tiers depending on the significance of their operations to the Company’s business processes and risk assessments for vendors in the highest tier are completed periodically. With respect to cyber, we have procedures to verify each service provider’s information security controls, and each vendor completes a cyber questionnaire that also addresses their resiliency in the event of an intrusion to their systems. We proactively communicate with suppliers to understand mitigation steps taken when major cyber exposures are identified.We are executing on a multi-year roadmap to, among other things, further improve our ability to defend against, respond to, and recover from ransomware and other cyber events; enhance application cybersecurity capabilities, including defenses against fraud attacks; and to ensure security capabilities are built into new cloud-based platforms that we adopt. We are also required to maintain strong cyber defense protocols in the states where we are authorized or licensed to write business. A number of states where our insurance companies are domiciled, including Connecticut, have adopted the NAIC Insurance Data Security Model Law. Our legal team monitors the status of new cybersecurity regulations, including notification requirements. CYBERSECURITY The Hartford has implemented an information protection program with established governance routines for assessing and managing risks. The Hartford employs a ‘defense-in-depth’ strategy that uses multiple security measures to protect the integrity of the Company's information assets. This ‘defense-in-depth’ strategy aligns to the National Institute of Standards and Technology Cybersecurity Framework, where controls are implemented throughout our environments to achieve five categorical objectives, including identification, protection, detection, response and recovery. Our 'defense in depth' program uses several methods to protect against intrusion by a bad actor, including such techniques as reputational filtering, anti-virus scans, intrusion prevention, multi-factor authentication, and account isolation among others. We also use numerous approaches to detect ransomware and other cyber attacks, including, among others, dark web searches, email sandboxing, endpoint detection, and intrusion detection. The Hartford continues to monitor and enhance its framework to respond to evolving cyber threats and regulations for data privacy, including the European Union General Data Protection Regulation and the California Consumer Privacy Act. We regularly assess our programs and control environment, leveraging externally conducted cyber tests and evaluations along with internally managed cyber risk assessments and testing. Additionally, the Company collaborates with industry associations, government authorities, peers and external advisors to monitor the threat environment and to inform our security practices. In connection with the regular assessment of third-party service providers performed by our procurement organization, our information protection team performs a third-party assessment of each vendor’s information security practices and protocols, including its readiness to protect against and respond to cybersecurity breaches. Third-party service providers are categorized in tiers depending on the significance of their operations to the Company’s business processes and risk assessments for vendors in the highest tier are completed periodically. With respect to cyber, we have procedures to verify each service provider’s information security controls, and each vendor completes a cyber questionnaire that also addresses their resiliency in the event of an intrusion to their systems. We proactively communicate with suppliers to understand mitigation steps taken when major cyber exposures are identified. We are executing on a multi-year roadmap to, among other things, further improve our ability to defend against, respond to, and recover from ransomware and other cyber events; enhance application cybersecurity capabilities, including defenses against fraud attacks; and to ensure security capabilities are built into new cloud-based platforms that we adopt. We are also required to maintain strong cyber defense protocols in the states where we are authorized or licensed to write business. A number of states where our insurance companies are domiciled, including Connecticut, have adopted the NAIC Insurance Data Security Model Law. Our legal team monitors the status of new cybersecurity regulations, including notification requirements. To the best knowledge of Management, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. For further discussion of the Company's risks related to cybersecurity, see Part I, Item 1A, — Risk Factors for the risk factor \"Our businesses may suffer and we may incur substantial costs if we are unable to access our systems and safeguard the security of our data in the event of a disaster, cyber breach or other information security incident.\" From a governance perspective, senior members of our Enterprise Risk Management, Information Protection and Internal Audit functions provide detailed, regular reports on cybersecurity matters to the Board, primarily through the Audit Committee, which oversees controls for the Company's major risk exposures and has principal responsibility for oversight of cybersecurity risk, and the Finance, Investment and Risk Management Committee (\"FIRMCo\"), which oversees business risk related to cyber insurance products. The topics covered by these updates include the Company's activities, policies and procedures to prevent, detect and respond to cybersecurity incidents, as well as lessons learned from cybersecurity incidents and internal and external testing of our cyber defenses.The Audit Committee is provided with updates on technology and cybersecurity risks at least four times annually, including annual reviews of the Company's cybersecurity program and technology risks and controls, and bi-annual updates on operational risks (in spring and fall). Given its importance, the full Board is invited to attend the annual cybersecurity program and time is reserved at each Audit Committee meeting for cybersecurity technology matters that warrant discussion between the standing sessions. In addition, our Enterprise Risk Management team provides FIRMCo with an assessment of cybersecurity insurance risk once per year. The Audit Committee, FIRMCo and the full Board are apprised of developments in the external environment and business strategies that present additional potential cyber risk exposure to the Company, such as modifications to on-line platforms and expanded use of cloud-based applications, on an ongoing, as-needed basis. As a result, cybersecurity and cyber risk are typically discussed more frequently than the annual minimum requirements.The Company has established an Executive Privacy & Security Council (\"EPSC\") that meets semi-annually. Formed in 2003, the EPSC consists of a cross-functional senior leaders, including the Chief Information Officer (\"CIO\"), the Chief Information Security Officer (\"CISO\"), the Chief Risk Officer (\"CRO\") and General Counsel among others. The EPSC receives a monthly written executive briefing on topics, and with metrics related to cybersecurity, including incident prevention, detection, mitigation and remediation. Quarterly, the IT Risk Council, made up of senior IT leaders, is also provided with an update of cybersecurity risks and preparedness. Various other meetings are held on cybersecurity topics periodically, including monthly business operating reviews, and meetings of the Enterprise Risk and Capital Committee (\"ERCC\") and executive leadership team. To the best knowledge of Management, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. For further discussion of the Company's risks related to cybersecurity, see Part I, Item 1A, — Risk Factors for the risk factor \"Our businesses may suffer and we may incur substantial costs if we are unable to access our systems and safeguard the security of our data in the event of a disaster, cyber breach or other information security incident.\" From a governance perspective, senior members of our Enterprise Risk Management, Information Protection and Internal Audit functions provide detailed, regular reports on cybersecurity matters to the Board, primarily through the Audit Committee, which oversees controls for the Company's major risk exposures and has principal responsibility for oversight of cybersecurity risk, and the Finance, Investment and Risk Management Committee (\"FIRMCo\"), which oversees business risk related to cyber insurance products. The topics covered by these updates include the Company's activities, policies and procedures to prevent, detect and respond to cybersecurity incidents, as well as lessons learned from cybersecurity incidents and internal and external testing of our cyber defenses. The Audit Committee is provided with updates on technology and cybersecurity risks at least four times annually, including annual reviews of the Company's cybersecurity program and technology risks and controls, and bi-annual updates on operational risks (in spring and fall). Given its importance, the full Board is invited to attend the annual cybersecurity program and time is reserved at each Audit Committee meeting for cybersecurity technology matters that warrant discussion between the standing sessions. In addition, our Enterprise Risk Management team provides FIRMCo with an assessment of cybersecurity insurance risk once per year. The Audit Committee, FIRMCo and the full Board are apprised of developments in the external environment and business strategies that present additional potential cyber risk exposure to the Company, such as modifications to on-line platforms and expanded use of cloud-based applications, on an ongoing, as-needed basis. As a result, cybersecurity and cyber risk are typically discussed more frequently than the annual minimum requirements. The Company has established an Executive Privacy & Security Council (\"EPSC\") that meets semi-annually. Formed in 2003, the EPSC consists of a cross-functional senior leaders, including the Chief Information Officer (\"CIO\"), the Chief Information Security Officer (\"CISO\"), the Chief Risk Officer (\"CRO\") and General Counsel among others. The EPSC receives a monthly written executive briefing on topics, and with metrics related to cybersecurity, including incident prevention, detection, mitigation and remediation. Quarterly, the IT Risk Council, made up of senior IT leaders, is also provided with an update of cybersecurity risks and preparedness. Various other meetings are held on cybersecurity topics periodically, including monthly business operating reviews, and meetings of the Enterprise Risk and Capital Committee (\"ERCC\") and executive leadership team. 36 36 36"
    },
    {
      "status": "ADDED",
      "current_title": "Part I - Item 1C. Cybersecurity",
      "prior_title": null,
      "current_body": "Both the CIO and the CISO have expertise assessing and managing cybersecurity risks. The CIO has served in her current role since 2019 and served in similar technology leadership roles before her current role. She has eighteen years of executive leadership experience in the financial services industry and twenty-eight years of overall technology experience, during which time she has led large scale business transformation, delivered innovative technology strategies and has overseen and modernized complex technology portfolios. The CISO has held several senior-level information technology roles in his twenty-five-year tenure with the Company and has served in his current role since 2021. In his various roles, he has been responsible for providing senior leadership in the areas of information security, IT governance risk & compliance, business continuity, and disaster recovery. Both the CIO and the CISO have expertise assessing and managing cybersecurity risks. The CIO has served in her current role since 2019 and served in similar technology leadership roles before her current role. She has eighteen years of executive leadership experience in the financial services industry and twenty-eight years of overall technology experience, during which time she has led large scale business transformation, delivered innovative technology strategies and has overseen and modernized complex technology portfolios. Both the CIO and the CISO have expertise assessing and managing cybersecurity risks. The CIO has served in her current role since 2019 and served in similar technology leadership roles before her current role. She has eighteen years of executive leadership experience in the financial services industry and twenty-eight years of overall technology experience, during which time she has led large scale business transformation, delivered innovative technology strategies and has overseen and modernized complex technology portfolios. The CISO has held several senior-level information technology roles in his twenty-five-year tenure with the Company and has served in his current role since 2021. In his various roles, he has been responsible for providing senior leadership in the areas of information security, IT governance risk & compliance, business continuity, and disaster recovery. The CISO has held several senior-level information technology roles in his twenty-five-year tenure with the Company and has served in his current role since 2021. In his various roles, he has been responsible for providing senior leadership in the areas of information security, IT governance risk & compliance, business continuity, and disaster recovery."
    },
    {
      "status": "MODIFIED",
      "current_title": "Insurance Industry and Product Related Risks",
      "prior_title": "Insurance Industry and Product Related Risks",
      "similarity_score": 0.618,
      "confidence": "medium",
      "key_changes": [
        "Reworded sentence: \"Estimating the ultimate gross reserves needed for unpaid losses and related expenses for A&E claims is particularly difficult for insurers and reinsurers.\"",
        "Reworded sentence: \"We remain directly liable to claimants and if the reinsurer does not fulfill its obligations under the agreement or if future adverse development exceeds the $1.5 billion 25 25 25\""
      ],
      "current_body": "Unfavorable loss development may adversely affect our business, financial condition, results of operations or liquidity. We establish property and casualty and group benefits loss reserves to cover our estimated liability for the payment of all unpaid losses and loss expenses incurred with respect to premiums earned on our policies. Loss reserves are estimates of what we expect the ultimate settlement and administration of claims will cost, less what has been paid to date. These estimates are based upon actuarial projections and on our assessment of currently available data, as well as estimates of claims severity and frequency, legal theories of liability and other factors. For risks due to evolving changes in social, economic and environmental conditions, see the Risk Factor, “Unexpected and unintended claim and coverage issues under our insurance contracts may adversely impact our financial performance.” Loss reserve estimates are refined periodically as experience develops and claims are reported and settled, potentially resulting in increases to our reserves. Increases in reserves would be recognized as an expense during the periods in which these determinations are made, thereby adversely affecting our results of operations for those periods. In addition, since reserve estimates of aggregate loss costs for prior years are used in pricing our insurance products, inaccurate reserves can lead to our products not being priced adequately to cover actual losses and related loss expenses in order to generate a profit. In property and casualty, we continue to receive A&E claims, the vast majority of which relate to policies written before 1986. Estimating the ultimate gross reserves needed for unpaid losses and related expenses for A&E claims is particularly difficult for insurers and reinsurers. The actuarial tools and other techniques used to estimate the ultimate cost of more traditional insurance exposures tend to be less precise when used to estimate reserves for some A&E exposures. Moreover, the assumptions used to estimate gross reserves for A&E claims, such as claim frequency over time, average severity, and how various policy provisions will be interpreted, are subject to significant uncertainty. It is also not possible to predict changes in the legal and legislative environment and their effect on the future development of A&E claims. These factors, among others, make the variability of gross reserves estimates for these longer-tailed exposures significantly greater than for other more traditional exposures. Effective December 31, 2016, the Company entered into an agreement with National Indemnity Company (“NICO”), a subsidiary of Berkshire Hathaway Inc. (“Berkshire”) whereby the Company is reinsured for subsequent adverse development on substantially all of its net A&E reserves up to an aggregate net limit of $1.5 billion. We remain directly liable to claimants and if the reinsurer does not fulfill its obligations under the agreement or if future adverse development exceeds the $1.5 billion 25 25 25",
      "prior_body": "Unfavorable loss development may adversely affect our business, financial condition, results of operations or liquidity. We establish property and casualty and group benefits loss reserves to cover our estimated liability for the payment of all unpaid losses and loss expenses incurred with respect to premiums earned on our policies. Loss reserves are estimates of what we expect the ultimate settlement and administration of claims will cost, less what has been paid to date. These estimates are based upon actuarial projections and on our assessment of currently available data, as well as estimates of claims severity and frequency, legal theories of liability and other factors. For risks due to evolving changes in social, economic and environmental conditions, see the Risk Factor, “Unexpected and unintended claim and coverage issues under our insurance contracts may adversely impact our financial performance.” Loss reserve estimates are refined periodically as experience develops and claims are reported and settled, potentially resulting in increases to our reserves. Increases in reserves would be recognized as an expense during the periods in which these determinations are made, thereby adversely affecting our results of operations for those periods. In addition, since reserve estimates of aggregate loss costs for prior years are used in pricing our insurance products, inaccurate reserves can lead to our products not being priced adequately to cover actual losses and related loss expenses in order to generate a profit. In property and casualty, we continue to receive A&E claims, the vast majority of which relate to policies written before 1986. Estimating the ultimate gross reserves needed for unpaid losses and related expenses for asbestos and environmental claims is particularly difficult for insurers and reinsurers. The actuarial tools and other techniques used to estimate the ultimate cost of more traditional insurance exposures tend to be less precise when used to estimate reserves for some A&E exposures. Moreover, the assumptions used to estimate gross reserves for A&E claims, such as claim frequency over time, average severity, and how various policy provisions will be interpreted, are subject to significant uncertainty. It is also not possible to predict changes in the legal and legislative environment and their effect on the future development of A&E claims. These factors, among others, make the variability of gross reserves estimates for these longer-tailed exposures significantly greater than for other more traditional exposures. Effective December 31, 2016, the Company entered into an agreement with National Indemnity Company (“NICO”), a subsidiary of Berkshire Hathaway Inc. (“Berkshire”) whereby the Company is reinsured for subsequent adverse development on substantially all of its net A&E reserves up to an aggregate net limit of $1.5 billion. We remain directly liable to claimants and if the reinsurer does not fulfill its obligations under the agreement or if future adverse development exceeds the $1.5 billion aggregate limit, we may need to increase our recorded net reserves which could have a material adverse effect on our financial condition, results of operations or liquidity. For additional information related to risks associated with the adverse development cover, see Note 11 - Reserve for Unpaid Losses and Loss Adjustment Expenses of Notes to Consolidated Financial Statements.We are vulnerable to losses from catastrophes, both natural and man-made.Our insurance operations expose us to claims arising out of catastrophes. Catastrophes can be caused by various unpredictable natural events, including, among others, earthquakes, hurricanes, hailstorms, severe winter weather, wind storms, fires, tornadoes, and pandemics. Catastrophes can also be man-made, such as terrorist attacks, civil unrest, cyber-attacks, explosions or infrastructure failures. For international events, catastrophes may include some events designated as major losses by Lloyd's of London and, accordingly, includes incurred losses arising from exposures in Ukraine and Russia as a result of Russia's invasion of Ukraine.The geographic distribution of our business subjects us to catastrophe exposure for events occurring in a number of areas, including, but not limited to: hurricanes in Florida, the Gulf Coast, the Northeast and the Atlantic coast regions of the United States; tornadoes and hail in the Midwest and Southeast; earthquakes in geographical regions exposed to seismic activity; wildfires in the West; and the spread of disease, which can occur throughout multiple geographic locations. We are also exposed to catastrophe losses in other parts of the world through our global specialty business. Any increases in the values and concentrations of insureds and property in these areas would increase the severity of catastrophic events in the future. In addition, changes in climate and/or weather patterns may increase the frequency and/or intensity of severe weather and natural catastrophe events potentially leading to increased insured losses. Potential examples include, but are not limited to:•an increase in the frequency or intensity of wind and thunderstorm and tornado/hailstorm events due to increased convection in the atmosphere, •more frequent and larger wildfires in certain geographies,•higher incidence of deluge flooding, and •the potential for an increase in frequency and severity of hurricane events.Insufficient incorporation of climatic trends into widely used catastrophe models and internal tools to assess risk from natural catastrophe perils could lead to ineffective evaluation and management of catastrophe risk. For a further discussion of climate-related risks, see the above-referenced Risk Factor, “Changing climate and weather patterns may adversely affect our business, financial condition and results of operation.”Our businesses also have exposure to global or nationally occurring pandemics caused by highly infectious and potentially fatal diseases spread through human, animal or plant populations.In the event of one or more catastrophes, policyholders may be unable to meet their obligations to pay premiums on our insurance policies. Further, our liquidity could be constrained by a catastrophe, or multiple catastrophes. In addition, in part because accounting rules do not permit insurers to reserve for additional information related to risks associated with the adverse development cover, see Note 11 - Reserve for Unpaid Losses and Loss Adjustment Expenses of Notes to Consolidated Financial Statements. We are vulnerable to losses from catastrophes, both natural and man-made. Our insurance operations expose us to claims arising out of catastrophes. Catastrophes can be caused by various unpredictable natural events, including, among others, earthquakes, hurricanes, hailstorms, severe winter weather, wind storms, fires, tornadoes, and pandemics. Catastrophes can also be man-made, such as terrorist attacks, civil unrest, cyber-attacks, explosions or infrastructure failures. For international events, catastrophes may include some events designated as major losses by Lloyd's of London and, accordingly, includes incurred losses arising from exposures in Ukraine and Russia as a result of Russia's invasion of Ukraine. The geographic distribution of our business subjects us to catastrophe exposure for events occurring in a number of areas, including, but not limited to: hurricanes in Florida, the Gulf Coast, the Northeast and the Atlantic coast regions of the United States; tornadoes and hail in the Midwest and Southeast; earthquakes in geographical regions exposed to seismic activity; wildfires in the West; and the spread of disease, which can occur throughout multiple geographic locations. We are also exposed to catastrophe losses in other parts of the world through our global specialty business. Any increases in the values and concentrations of insureds and property in these areas would increase the severity of catastrophic events in the future. In addition, changes in climate and/or weather patterns may increase the frequency and/or intensity of severe weather and natural catastrophe events potentially leading to increased insured losses. Potential examples include, but are not limited to: •an increase in the frequency or intensity of wind and thunderstorm and tornado/hailstorm events due to increased convection in the atmosphere, •more frequent and larger wildfires in certain geographies, •higher incidence of deluge flooding, and •the potential for an increase in frequency and severity of hurricane events. Insufficient incorporation of climatic trends into widely used catastrophe models and internal tools to assess risk from natural catastrophe perils could lead to ineffective evaluation and management of catastrophe risk. For a further discussion of climate-related risks, see the above-referenced Risk Factor, “Changing climate and weather patterns may adversely affect our business, financial condition and results of operation.” Our businesses also have exposure to global or nationally occurring pandemics caused by highly infectious and potentially fatal diseases spread through human, animal or plant populations. In the event of one or more catastrophes, policyholders may be unable to meet their obligations to pay premiums on our insurance policies. Further, our liquidity could be constrained by a catastrophe, or multiple catastrophes. In addition, in part because accounting rules do not permit insurers to reserve for 24 24 24"
    },
    {
      "status": "UNCHANGED",
      "current_title": "Risks Relating to Estimates, Assumptions and Valuations",
      "prior_title": "Risks Relating to Estimates, Assumptions and Valuations",
      "current_body": "Actual results could materially differ from the analytical models we use to assist our decision making in key areas such as underwriting, pricing, capital management, reserving, investments, reinsurance and catastrophe risks. We use models to help make decisions related to, among other things, underwriting, pricing, capital allocation, reserving, investments, reinsurance, and catastrophe risk. Both proprietary and third party models we use incorporate numerous assumptions and forecasts about the future level and variability of interest rates, capital requirements, loss frequency and severity, currency exchange rates, policyholder behavior, equity markets and inflation, among others. The models are subject to the inherent limitations of any statistical analysis as the historical internal and industry data and assumptions used in the models may not be indicative of what will happen in the future. Consequently, actual results may differ materially from our modeled results. The profitability and financial condition of the Company substantially depends on the extent to which our actual experience is consistent with assumptions we use in our models and ultimate model outputs. If, based upon these models or other factors, we misprice our products or our estimates of the risks we are exposed to prove to be materially inaccurate, our business, financial condition, results of operations or liquidity may be adversely affected. The valuation of our securities and investments and the determination of allowances and credit losses are highly subjective and based on methodologies, estimations and assumptions that are subject to differing interpretations and market conditions. Estimated fair values of the Company’s investments are based on available market information and judgments about financial instruments, including estimates of the timing and amounts of expected future cash flows and the credit standing of the issuer or counterparty. During periods of market disruption, it may be difficult to value certain of our securities if trading becomes less frequent and/or market data becomes less observable. There may be certain asset classes that were in active markets with significant observable data that become illiquid due to the financial environment. In addition, there may be certain securities whose fair value is based on one or more unobservable inputs, even during normal market conditions. As a result, the determination of the fair values of these securities may include inputs and assumptions that require more estimation and management judgment and the use of complex valuation methodologies. These fair values may differ materially from the value at which the investments may be ultimately sold. Further, rapidly changing or unprecedented credit and equity market conditions could materially impact the valuation of securities and the period-to-period changes in value could vary significantly. Decreases in value could have a material adverse effect on our business, results of operations, financial condition or liquidity.Similarly, management’s decision on whether to record an allowance for credit losses (\"ACL\") is subject to significant judgments and assumptions regarding changes in general economic conditions, the issuer's financial condition or future recovery prospects, estimated future cash flows, the expected recovery period and the accuracy of third party information used in internal assessments. As a result, management’s evaluations and assessments are highly judgmental and its projections of future cash flows over the life of certain securities may ultimately prove incorrect as facts and circumstances change.If our businesses do not perform well, we may be required to recognize an impairment of our goodwill.Goodwill represents the excess of the amounts we paid to acquire subsidiaries and other businesses over the fair value of their net assets at the date of acquisition. We test goodwill at least annually for impairment. Impairment testing is performed based upon estimates of the fair value of the “reporting unit” to which the goodwill relates. The reporting unit is the operating segment or a business one level below an operating segment if discrete financial information is prepared and regularly reviewed by management at that level. The fair value of the reporting unit could decrease if new business, customer retention, profitability or other drivers of performance differ from expectations. If it is determined that the goodwill has been impaired, the Company must write down the goodwill by the amount of the impairment, with a corresponding charge to net income (loss). These write downs could have a material adverse effect on our results of operations or financial condition.Strategic and Operational RisksOur businesses may suffer and we may incur substantial costs if we are unable to access our systems and safeguard the security of our data in the event of a disaster, cyber breach or other information security incident.We use technology to process, store, retrieve, evaluate and analyze customer and company data and information. Our information technology and telecommunications systems, in turn, interface with and rely upon third-party systems. We and our third party vendors must be able to access our systems to provide insurance quotes, process premium payments, make changes to existing policies, file and pay claims, administer mutual funds, provide customer support, manage our investment portfolios, report on financial results and perform other necessary business functions.Systems failures or outages could compromise our ability to perform these business functions in a timely manner, which could harm our ability to conduct business and hurt our relationships with our business partners and customers. In the market conditions could materially impact the valuation of securities and the period-to-period changes in value could vary significantly. Decreases in value could have a material adverse effect on our business, results of operations, financial condition or liquidity. Similarly, management’s decision on whether to record an allowance for credit losses (\"ACL\") is subject to significant judgments and assumptions regarding changes in general economic conditions, the issuer's financial condition or future recovery prospects, estimated future cash flows, the expected recovery period and the accuracy of third party information used in internal assessments. As a result, management’s evaluations and assessments are highly judgmental and its projections of future cash flows over the life of certain securities may ultimately prove incorrect as facts and circumstances change. If our businesses do not perform well, we may be required to recognize an impairment of our goodwill. Goodwill represents the excess of the amounts we paid to acquire subsidiaries and other businesses over the fair value of their net assets at the date of acquisition. We test goodwill at least annually for impairment. Impairment testing is performed based upon estimates of the fair value of the “reporting unit” to which the goodwill relates. The reporting unit is the operating segment or a business one level below an operating segment if discrete financial information is prepared and regularly reviewed by management at that level. The fair value of the reporting unit could decrease if new business, customer retention, profitability or other drivers of performance differ from expectations. If it is determined that the goodwill has been impaired, the Company must write down the goodwill by the amount of the impairment, with a corresponding charge to net income (loss). These write downs could have a material adverse effect on our results of operations or financial condition."
    },
    {
      "status": "UNCHANGED",
      "current_title": "Regulatory and Legal Risks",
      "prior_title": "Regulatory and Legal Risks",
      "current_body": "Regulatory and legislative developments could have a material adverse impact on our business, financial condition, results of operations or liquidity. We are subject to extensive laws and regulations that are complex, subject to change and often conflict in their approach or intended outcomes. Compliance with these laws and regulations can increase cost, affect our strategy, and constrain our ability to adequately price our products. In the U.S., regulatory initiatives and legislative developments may significantly affect our operations and prospects in ways that we cannot predict. For example, federal and state legislative efforts on Paid Family and Medical Leave, data privacy and cyber security, risk-based pricing, sustainability, and environmental, social and governance (\"ESG\") practices could have unanticipated consequences for the Company and its businesses. It is unclear whether and to what extent Congress, the current Administration or individual states will continue to pursue these types of proposals, and how those changes might impact the Company, its business, financial conditions, results of operations or liquidity. Our U.S. insurance subsidiaries are regulated by the insurance departments of the states in which they are domiciled, licensed or authorized to conduct business. State regulations generally seek to protect the interests of policyholders rather than an insurer or the insurer’s stockholders and other investors. U.S. state laws grant insurance regulatory authorities broad administrative powers with respect to, among other things, licensing and authorizing lines of business, approving policy forms and premium rates, setting statutory capital and reserve requirements, limiting the types and amounts of certain investments and restricting underwriting practices. State insurance departments also set constraints on domestic insurer transactions with affiliates and dividends and, in many cases, must approve affiliate transactions and extraordinary dividends as well as strategic transactions such as acquisitions and divestitures. Our international insurance subsidiaries are subject to the laws and regulations of the relevant jurisdictions in which they operate, including the requirements of the PRA and the FCA in the U.K, the Bermuda Monetary Authority in Bermuda and the Insurance Authority in Hong Kong. Our Lloyd’s Syndicate is also subject to management and supervision by the Council of 33 33 33"
    },
    {
      "status": "UNCHANGED",
      "current_title": "Financial Strength, Credit and Counterparty Risks",
      "prior_title": "Financial Strength, Credit and Counterparty Risks",
      "current_body": "Downgrades in our financial strength or credit ratings may make our products less attractive, increase our cost of capital and inhibit our ability to refinance our debt. Financial strength and credit ratings are important in establishing the competitive position of insurance companies. Rating agencies assign ratings based upon several factors. While most of the factors relate to the rated company, others relate to the views of the rating agency (including its assessment of the strategic importance of the rated company to the insurance group), general economic conditions, and circumstances outside the rated company's control. In addition, rating agencies may employ different models and formulas to assess the financial strength of a rated company, and from time to time rating agencies have altered these models. Changes to the models or factors used by the rating agencies to assign ratings could adversely impact a rating agency's judgment of its internal rating and the publicly issued rating it assigns us. Our financial strength ratings, which are intended to measure our ability to meet policyholder obligations, are an important factor affecting public confidence in most of our products and, as a result, our competitiveness. A downgrade or a potential downgrade in the rating of our financial strength or of one of our principal insurance subsidiaries could affect our competitive position and reduce future sales of our products. Our credit ratings also affect our cost of capital. A downgrade or a potential downgrade of our credit ratings could make it more difficult or costly to refinance maturing debt obligations, to support business growth at our insurance subsidiaries and to maintain or improve the financial strength ratings of our principal insurance subsidiaries. These events could materially adversely affect our business, financial condition, results of operations or liquidity. For a further discussion of potential impacts of ratings downgrades on derivative instruments, including potential collateral calls, see Part II, Item 7, MD&A - Capital Resources and Liquidity - Derivative Commitments.The amount of capital that we must hold to maintain our financial strength and credit ratings and meet other requirements can vary significantly from time to time and is sensitive to a number of factors outside of our control. We conduct the vast majority of our business through licensed insurance company subsidiaries. In the United States, statutory accounting standards and statutory capital and reserve requirements for these entities are prescribed by the applicable insurance regulators and the NAIC. The minimum capital we must hold is based on risk-based capital (“RBC”) formulas for both life and property and casualty companies. The RBC formula for life companies is applicable to our group benefits business and establishes capital requirements relating to insurance, business, asset, credit, interest rate and off-balance sheet risks. The RBC formula for property and casualty companies sets required statutory surplus levels based on underwriting, asset, credit, and off-balance sheet risks.Countries in which our international insurance subsidiaries are incorporated or deemed commercially domiciled are subject to minimum capital requirements as defined by the applicable regulatory regime, including a phased program of changes to the prudential and solvency regime in the UK following the UK's departure from the European Union. In addition, our Lloyd’s member company must maintain required Funds at Lloyd's (\"FAL\") to meet the capital requirements of its syndicate. The FAL is determined based on the syndicate’s Solvency Capital Requirement (“SCR”) under the Solvency II capital adequacy model plus an economic capital assessment determined by the Lloyd’s Franchise Board (which is responsible for the day-to-day management of the Lloyd's market).In any particular year, statutory surplus amounts, RBC ratios, FAL and SCR may increase or decrease depending on a variety of factors, some of which are outside the Company's control, including: •the amount of statutory income or losses generated by our insurance subsidiaries; •the amount of additional capital our insurance subsidiaries must hold to support business growth; •the amount of dividends or distributions paid to the holding company; •the value of certain fixed maturities, equity securities, and limited partnership and other alternative investments in our investment portfolio;•changes in interest rates; •admissibility of deferred tax assets; •changes to the regulatory capital formulas; and•regulatory changes to accounting guidance for determining capital adequacy. affect our business, financial condition, results of operations or liquidity. For a further discussion of potential impacts of ratings downgrades on derivative instruments, including potential collateral calls, see Part II, Item 7, MD&A - Capital Resources and Liquidity - Derivative Commitments. The amount of capital that we must hold to maintain our financial strength and credit ratings and meet other requirements can vary significantly from time to time and is sensitive to a number of factors outside of our control. We conduct the vast majority of our business through licensed insurance company subsidiaries. In the United States, statutory accounting standards and statutory capital and reserve requirements for these entities are prescribed by the applicable insurance regulators and the NAIC. The minimum capital we must hold is based on risk-based capital (“RBC”) formulas for both life and property and casualty companies. The RBC formula for life companies is applicable to our group benefits business and establishes capital requirements relating to insurance, business, asset, credit, interest rate and off-balance sheet risks. The RBC formula for property and casualty companies sets required statutory surplus levels based on underwriting, asset, credit, and off-balance sheet risks. Countries in which our international insurance subsidiaries are incorporated or deemed commercially domiciled are subject to minimum capital requirements as defined by the applicable regulatory regime, including a phased program of changes to the prudential and solvency regime in the UK following the UK's departure from the European Union. In addition, our Lloyd’s member company must maintain required Funds at Lloyd's (\"FAL\") to meet the capital requirements of its syndicate. The FAL is determined based on the syndicate’s Solvency Capital Requirement (“SCR”) under the Solvency II capital adequacy model plus an economic capital assessment determined by the Lloyd’s Franchise Board (which is responsible for the day-to-day management of the Lloyd's market). In any particular year, statutory surplus amounts, RBC ratios, FAL and SCR may increase or decrease depending on a variety of factors, some of which are outside the Company's control, including: •the amount of statutory income or losses generated by our insurance subsidiaries; •the amount of additional capital our insurance subsidiaries must hold to support business growth; •the amount of dividends or distributions paid to the holding company; •the value of certain fixed maturities, equity securities, and limited partnership and other alternative investments in our investment portfolio; •changes in interest rates; •admissibility of deferred tax assets; •changes to the regulatory capital formulas; and •regulatory changes to accounting guidance for determining capital adequacy. 29 29 29"
    },
    {
      "status": "UNCHANGED",
      "current_title": "Strategic and Operational Risks",
      "prior_title": "Strategic and Operational Risks",
      "current_body": "Our businesses may suffer and we may incur substantial costs if we are unable to access our systems and safeguard the security of our data in the event of a disaster, cyber breach or other information security incident. We use technology to process, store, retrieve, evaluate and analyze customer and company data and information. Our information technology and telecommunications systems, in turn, interface with and rely upon third-party systems. We and our third party vendors must be able to access our systems to provide insurance quotes, process premium payments, make changes to existing policies, file and pay claims, administer mutual funds, provide customer support, manage our investment portfolios, report on financial results and perform other necessary business functions. Systems failures or outages could compromise our ability to perform these business functions in a timely manner, which could harm our ability to conduct business and hurt our relationships with our business partners and customers. In the 31 31 31"
    },
    {
      "status": "UNCHANGED",
      "current_title": "Risks Relating to Economic, Political and Global Market Conditions",
      "prior_title": "Risks Relating to Economic, Political and Global Market Conditions",
      "current_body": "Unfavorable economic, political and global market conditions may adversely impact our business and results of operations. The Company’s investment portfolio, Hartford Funds business, and insurance businesses are sensitive to changes in economic, political and global capital market conditions, such as the effect of a weak economy, including labor supply shortages, and changes in credit spreads, equity prices, interest rates, inflation, foreign currency exchange rates, and shifts in demand and supply of U.S. dollars. Weak economic conditions, such as high unemployment, low labor force participation, lower family income, a weak real estate market, lower business investment and lower consumer spending may adversely affect the demand for insurance and financial products and lower the Company’s profitability in some cases. In addition, political instability, politically motivated violence or civil unrest, may increase the frequency and severity of insured losses. In addition, a deterioration in global economic conditions and/or geopolitical conditions, including due to military action, trade wars, tariffs or other actions with respect to international trade agreements or policies, has the potential to, among other things, reduce demand for our products, reduce exposures we insure, drive higher inflation that could increase the Company’s loss costs and result in increased incidence of claims, particularly for workers’ compensation and disability claims. If the conflict between Russia and Ukraine, and/or the conflict between Israel and Hamas, were to expand to other countries, the insurance losses and adverse economic impacts could be much more severe than what is currently foreseeable. The Company’s investment portfolio includes limited partnerships and other alternative investments and equity securities for which changes in value are reported in earnings. These investments may be adversely impacted by economic volatility, including real estate market deterioration, which could impact our net investment returns and result in an adverse impact on operating results. In an economic downturn, the Company could experience credit losses on various asset balances, including receivables and the principal amount of various invested assets, including fixed maturities and mortgage loans. In addition to credit losses on invested assets, The Company could experience declines in the value of available for sale debt securities if credit spreads were to widen significantly, which would reduce stockholders’ equity. In addition, disruption in equity markets could result in net realized or unrealized losses on our equity securities carried at fair value or reduce net investment income in future periods from our non-fixed income investment portfolio, including from limited partnerships and other alternative investments. The Company could also experience higher reinsurance costs and/or more limited availability of reinsurance coverage.Below are several key factors impacted by changes in economic, political, and global market conditions and their potential effect on the Company’s business and results of operations:•Credit Spread Risk - Credit spread exposure is reflected in the market prices of fixed income instruments where lower rated securities generally trade at a higher credit spread. If issuer credit spreads increase or widen, the market value of our investment portfolio may decline. If the credit spread widening is significant and occurs over an extended period of time, the Company may recognize credit losses, resulting in decreased earnings. If credit spreads tighten significantly, the Company’s net investment income associated with new purchases of fixed maturities may be reduced. In addition, the value of credit derivatives under which the Company assumes exposure or purchases protection are impacted by changes in credit spreads, with losses occurring when credit spreads widen for assumed exposure or when credit spreads tighten if credit protection has been purchased.•Equity Markets Risk - A decline in equity markets may result in net realized losses on sales of equity securities, unrealized losses on equity securities held at fair value, reduce net investment income in future periods from our non-fixed income investment portfolio, including from limited partnerships and other alternative investments, or lower earnings from Hartford Funds where fee income is earned based upon the fair value of the assets under management. Equity markets are unpredictable. In the past few years, equity markets have been volatile, which could be indicative of a greater risk of a decline. For additional information on equity market sensitivity, see Part II, Item 7, MD&A - Enterprise Risk Management, Financial Risk- Equity Risk. •Interest Rate Risk - Increases in interest rates or persistently high interest rates could lead to recession or The Company’s investment portfolio includes limited partnerships and other alternative investments and equity securities for which changes in value are reported in earnings. These investments may be adversely impacted by economic volatility, including real estate market deterioration, which could impact our net investment returns and result in an adverse impact on operating results. In an economic downturn, the Company could experience credit losses on various asset balances, including receivables and the principal amount of various invested assets, including fixed maturities and mortgage loans. In addition to credit losses on invested assets, The Company could experience declines in the value of available for sale debt securities if credit spreads were to widen significantly, which would reduce stockholders’ equity. In addition, disruption in equity markets could result in net realized or unrealized losses on our equity securities carried at fair value or reduce net investment income in future periods from our non-fixed income investment portfolio, including from limited partnerships and other alternative investments. The Company could also experience higher reinsurance costs and/or more limited availability of reinsurance coverage. Below are several key factors impacted by changes in economic, political, and global market conditions and their potential effect on the Company’s business and results of operations: •Credit Spread Risk - Credit spread exposure is reflected in the market prices of fixed income instruments where lower rated securities generally trade at a higher credit spread. If issuer credit spreads increase or widen, the market value of our investment portfolio may decline. If the credit spread widening is significant and occurs over an extended period of time, the Company may recognize credit losses, resulting in decreased earnings. If credit spreads tighten significantly, the Company’s net investment income associated with new purchases of fixed maturities may be reduced. In addition, the value of credit derivatives under which the Company assumes exposure or purchases protection are impacted by changes in credit spreads, with losses occurring when credit spreads widen for assumed exposure or when credit spreads tighten if credit protection has been purchased. •Equity Markets Risk - A decline in equity markets may result in net realized losses on sales of equity securities, unrealized losses on equity securities held at fair value, reduce net investment income in future periods from our non-fixed income investment portfolio, including from limited partnerships and other alternative investments, or lower earnings from Hartford Funds where fee income is earned based upon the fair value of the assets under management. Equity markets are unpredictable. In the past few years, equity markets have been volatile, which could be indicative of a greater risk of a decline. For additional information on equity market sensitivity, see Part II, Item 7, MD&A - Enterprise Risk Management, Financial Risk- Equity Risk. •Interest Rate Risk - Increases in interest rates or persistently high interest rates could lead to recession or 23 23 23"
    }
  ]
}