Cyber Risk and Insuring the Internet of Things (IoT)

The Internet of Things (IoT) refers to networks of objects that communicate with one another and with computers through the Internet. ‘Things’ may include virtually any object for which remote communication, data collection, or control might be useful.

According to the Technology research firm Gartner, approximately 25 billion objects will be in use by 2020 meaning there will be twice as many IoT devices talking to each other as there will be smartphones, tablets and PCs. Many companies, including insurers, see the value in the application of IoT and the market for IoT devices is estimated to be worth approx. $1.46 trillion by 2020.

When discussing insurance and IoT, the focus tends to be on its application within the insurance industry and how insurance companies, e.g. AIG and StateFarm, are using sensors to gain insight into customer’s lives to improve their insurance offering. Whilst this is no doubt a future example of how insurance and connected devices relate, it is also important to understand the cybersecurity challenges the IoT industry faces.

IoT and other new technologies create a variety of new security risks especially when connected to the internet. Cyber criminals can exploit these vulnerabilities in many ways to harm customers including: misuse of personal information; facilitating attacks on other systems and; the creation of safety risks. Recently the hacking of a connected car proved that a bad actor could gain access to a car’s internal computer network without physically touching the car. By hacking the built-in telematics unit, the hacker was able to control the vehicle’s engine and braking. The customer will naturally blame the car’s manufacturer, but ultimately the responsibility will fall onto the software and hardware provider. A cyber-attack that ultimately led to an extensive product  recall clearly illustrates the cost implications as a result of hacking and the IoT.

The IoT also presents a number of privacy risks. The sheer volume of data that even a small number of devices can generate is vast. A recent study ‘indicated that fewer than 10,000 households using a company’s IoT home automation product generated 150 million discrete data points per day’. While a lot of this granular data will be meaningless, the collection of this data could lead to the monitoring of behavioural patterns and invasion of one’s own private space.

The connection of these devices to the internet allows hackers to leverage the IoT to instigate DDoS attacks which can result in widespread disruption. A DDoS cyber attack on 21st October 2016 caused major websites and online retail operations significant downtime, highlighting the financial consequences of business interruption caused by directing bogus traffic through IoT devices. Last year Fitbit was also penetrated by hackers who gained access to Fitbit users GPS history. This new type of risk could lead to business interruption and class actions by affected businesses and consumers.

Cyber, Technology E&O alongside General Liability and Product Recall are insurance products that all IoT companies should be considering, especially when software and hardware is combined. Safeonline is an experienced broker when it comes to placing insurance for emerging technology businesses and has developed cutting edge products to meet the demands of the brokers with whom we work and the markets in which we operate. For more information please contact henry.sanderson@safeonline.com

 References

https://www.gartner.com/newsroom/id/3165317

https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

https://www.cnbc.com/2016/01/08/theres-a-hack-for-that-fitbit-user-accounts-attacked.html

Share on : Twitter/ LinkedIn

Leave a reply