Supplement dated May 11, 2020, to the
Statement of Additional Information
for your Variable Annuity
Issued by
CONNECTICUT GENERAL LIFE INSURANCE COMPANY
This Supplement should be read in conjunction with the current Statement of Additional Information (SAI) for your Annuity and should be retained for future reference. This Supplement is intended to update certain information in the SAI for the variable annuity you own and is not intended to be a prospectus or offer for any other variable annuity that you do not own. Defined terms used herein and not otherwise defined herein shall have the meanings given to them in the Prospectuses and SAIs.
This Supplement contains information about changes to Cyber Security Risk contained in the SAI.
Effective May 11, 2020, the section in the SAI captioned “Cyber Security Risk” is revised as follows:
CYBER SECURITY AND BUSINESS CONTINUITY RISKS
With the increasing use of technology and computer systems in general and, in particular, the Internet to conduct necessary business functions, the Company is susceptible to operational, information security and related risks. These risks, which are often collectively referred to as “cyber security” risks, may include deliberate or malicious attacks, as well as unintentional events and occurrences. These risks are heightened by our offering of increasingly complex products, such as those that feature automatic asset transfer or reallocation strategies, and by our employment of complex investment, trading and hedging programs. Cyber security is generally defined as the technology, operations and related protocol surrounding and protecting a user’s computer hardware, network, systems and applications and the data transmitted and stored therewith. These measures ensure the reliability of a user’s systems, as well as the security, availability, integrity, and confidentiality of data assets.
Deliberate cyber attacks can include, but are not limited to, gaining unauthorized access (including physical break-ins) to computer systems in order to misappropriate and/or disclose sensitive or confidential information; deleting, corrupting or modifying data; and causing operational disruptions. Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial-of-service attacks on websites (in order to prevent access to computer networks). In addition to deliberate breaches engineered by external actors, cyber security risks can also result from the conduct of malicious, exploited or careless insiders, whose actions may result in the destruction, release or disclosure of confidential or proprietary information stored on an organization’s systems.
The Company is also subject to risks related to disasters and other events, such as storms, earthquakes, fires, outbreaks of infectious diseases (such as COVID-19), utility failures, terrorist acts, political and social developments, and military and governmental actions. These risks are often collectively referred to as “business continuity” risks. These events could adversely affect the Company and our ability to conduct business and process transactions. Although the Company has business continuity plans, it is possible that the plans may not operate as intended or required and that the Company may not be able to provide required services, process transactions, deliver documents or calculate values. It is also possible that service levels may decline as a result of such events.
Cyber security events, disasters and similar events, whether deliberate or unintentional, that could impact the Company and Contract owners could arise not only in connection with our own administration of the Contract, but also with entities operating the Contract’s underlying funds and with third-party service providers. Cyber security and other events affecting any of the entities involved with the offering and administration of the Contract may cause significant disruptions in the business operations related to the Contract. Potential impacts may include, but are not limited to, potential financial losses under the Contract, your inability to conduct transactions under the Contract and/or with respect to an underlying fund, an inability to calculate unit values with respect to the Contract and/or the net asset value (“NAV”) with respect to an underlying fund, and disclosures of your personal or confidential account information.
In addition to direct impacts to you, cyber security and other events described above may result in adverse impacts to the Company, including regulatory inquiries, regulatory proceedings, regulatory and/or legal and litigation costs, and reputational damage. Costs incurred by the Company may include reimbursement and other expenses, including the costs of litigation and litigation settlements and additional compliance costs. Considerable expenses also may be incurred by the Company in enhancing and upgrading computer systems and systems security following a cyber security failure or responding to a disaster or similar event. The rapid proliferation of technologies, as well as the increased sophistication and activities of organized crime, hackers, terrorists, and others continue to pose new and significant cyber security threats. In addition, the global spread of COVID-19 has caused the Company and its service providers to implement business continuity plans, including widespread use of work-from-home arrangements. Although the
Company, our service providers, and the underlying funds offered under the Contract may have established business continuity plans and risk management systems to mitigate risks, there can be no guarantee or assurance that such plans or systems will be effective, or that all risks that exist, or may develop in the future, have been completely anticipated and identified or can be protected against. Furthermore, the Company cannot control or assure the efficacy of the cyber security and business continuity plans and systems implemented by third-party service providers, the underlying funds, and the issuers in which the underlying funds invest.
THIS SUPPLEMENT SHOULD BE READ AND RETAINED FOR FUTURE REFERENCE.