As Accenture notes in its report, Security Call to Action—Preparing for the Internet of Things, the IoT is becoming an attractive target for cyber attackers. Insurers need to consider how to manage that risk. Will they incorporate it into existing insurance products, exclude them or develop new IoT cyber security coverages for their customers?
The number of intelligent connected devices—excluding smartphones, personal computers and tablets—will reach an estimated 26 billion units by 2020, according to information technology consultant Gartner. We already are seeing an explosion in the use of the Internet of Things (IoT) in manufacturing, retail and transportation, as well as in consumer health and home appliance and security applications. The resulting operating efficiencies for business and convenience for consumers tells us that we are just beginning to see how the IoT will change our lives—professionally and personally. Surely, this will drive significant changes with insurance.
Consider, for example:
- Unmanned aerial vehicles (UAVs). These increasingly sophisticated drones can survey farmland and inspect industrial complexes. In addition, commercial enterprises are studying how to use UAVs to cut costs and improve efficiencies. However, the ability to equip drones with high-resolution cameras and fly them covertly has introduced new privacy concerns. Increased payload capabilities, which would allow arming UAVs, also enable new security threats. Even an unarmed drone could be hijacked and used as a missile or stolen, if its command and control system is not carefully engineered for security. Will these drones be insured under existing policies? Or are new products needed to cover all of the risks that drones pose? In either case, have insurers properly estimated their potential losses?
- The vulnerability of industrial control systems (ICS). To destroy more than 1,000 uranium enrichment centrifuges in Iran between 2007 and 2010, attackers used the Stuxnet worm to alter control settings and sensor values. Stuxnet provides hackers with a rich reference guide on how to develop increasingly sophisticated mechanisms for launching attacks against an ICS that can damage or destroy equipment, potentially leading to loss of life. Is the workers compensation aspect of this situation adequately underwritten and priced? Would a security breach risk a potential business interruption loss? Would that loss be exacerbated by a customer’s security patchwork protocols?
- The autonomous vehicle. Who would be responsible if the vehicle is hacked? Would that be a no-fault loss? Or would liability fall on the automaker? Perhaps the onus would be on the computer chip supplier or the software developer. And what product would cover a loss resulting from a security breach? Traditional auto insurance? A new product? Or existing or new liability coverage written for the automaker or one of its suppliers?
At the same time, insurers also are potential users of the IoT. So they, too, will have to manage the security risks created by any IoT-based products and services they bring to market.
Next time: Seizing on opportunities.