Other parts of this series:
- Cyber insurance – the third wave is here
- Cyber insurance: three ways to reduce carrier risk
- Cyber threats: the IoT security gap—an opportunity for insurance
- Markets offering the largest cyber security insurance opportunity
- The new shape of cyber security insurance—meeting evolving threats head on
- Cyber security – the threat that insurers face
The IoT is having a massive impact. Gartner estimates that 6.4 billion connected things were in use worldwide in 2016, and that number will reach 20.8 billion by 2020. However, since the insecurity of things is vast, risk grows.
In my previous two blogs in this cyber security series, I discussed the growth and evolution of the cyber threat and how carriers can limit their own risk and liability. In this post, I look at the risk the IoT brings and, alongside it, the opportunity for cyber security insurance.
The Allianz Risk Barometer identifies ‘cyber incident’ as the third biggest global business risk in 2017 behind business interruption and market developments, and the number-one emerging risk for the long-term future of businesses. But the risk is also to people and assets.
Cyber attacks on IoT devices create systemic risks. The potential for loss is huge.
IoT devices often lack stringent security measures, and some attacks are able to exploit vulnerabilities in the underlying operating systems. Many issues stem from how securely vendors implemented mechanisms for authentication and encryption (or not).
Cyber attacks on IoT devices create systemic risks, and the potential for loss is huge:
- Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof-of-concept attack where they took control of the vehicle remotely.
- Millions of homes are vulnerable to cyber attacks. Symantec research found multiple vulnerabilities in 50 commercially available devices, including a ‘smart’ door lock that could be opened remotely online without a password.
- Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps, x-ray systems, CT-scanners, medical refrigerators, and implantable defibrillators.
- According to Symantec research, hundreds of millions of Internet-connected TVs are potentially vulnerable to click fraud, botnets, data theft, and even ransomware.
- Thousands of everyday devices, including routers, webcams, and Internet phones, share the same hard-coded SSH and HTTPS server certificates, leaving millions of other devices to which they are connected vulnerable to interception and unauthorised access.
What is the opportunity for insurers?
The growth in the IoT presents not only new security challenges, but also new opportunities. Customers are looking to insurers to define and analyze the risk they face and it is certainly possible: the wealth of information from IoT systems can provide a better understanding of the new risks and exposure points in the flow of data.
But expect this space to be fiercely competitive.
Insurance carriers, brokers, managing general agents (MGAs) and reinsurance companies sense an opportunity to enter this new market. Startups will also play a critical role in disrupting this market with new technology, offering relevant and effective solutions. For example, GetmeIns, an Israeli insurtech, focuses on fraud detection at the point of sale, using military-grade intelligence to help insurers lower their loss ratio. Getmelns also uses IoT devices to help car insurance providers reduce fraud. Insurers offer users a discount on premiums if they allow their location and other data to be tracked.
The biggest obstacles to writing cyber coverage: a lack of understanding of the exposures and the coverages. – PartnerRe
PartnerRe’s 2016 Survey of cyber insurance market trends identifies four categories that buyers are keen to obtain coverage for: data breach, cyber-related business income, cyber extortion (ransomware), and regulatory fines and penalties. Driving adoption are greater awareness of threats, media reports of losses, third-party demands, and demands from senior management. However, when PartnerRe asked underwriters and producers to identify the biggest obstacles to writing cyber coverage, more than 70 percent cited a lack of understanding of the exposures; 57 percent cited a lack of understanding of the coverages.
Nonetheless, certain sectors and geographies are increasingly in need of cyber insurance. Swiss Re in its research paper Cyber: Getting to grips with a complex risk notes that while cyber risks are complex to understand and calibrate, especially given the significant potential for correlated exposures, better, richer cyber risk models will eventually emerge as understanding of the fundamental risk drivers develops and more data about cyber losses becomes available. This is already the case.
Join me in my next post—Markets offering the largest cyber security insurance opportunity—as I look at the sectors and geographies where cyber security is most in demand globally.
For more on the cyber security conundrum for insurers, and to get detailed insight into Accenture’s research, read this report.