In my last post, I outlined the various challenges that cyber security threats surrounding the Internet of Things (IoT) pose for insurers. Those same threats—which Accenture discusses further in its report, Security Call to Action—Preparing for the Internet of Things—also create opportunities for insurers.
A host of questions, as I pointed out last time, arise for insurers around their customers’ use of unmanned aerial vehicles and industrial control systems, as well as with the development of autonomous vehicles. Those are just a few examples of the many industrial and consumer applications of the IoT already in place and yet to come. But for every risk- and insuring-related question, there is a business opportunity for insurers.
The new security risks that the IoT will create increases the need for insurance, which creates a premium growth opportunity for insurers.
Insurers that move early into this market space potentially could claim a large market share of this new premium. Granted, these carriers would take on a greater risk of unknown or underestimated losses than if they were market followers on this risk. But for the savvy, analytics-driven, market-leading underwriter, the upside is significant.
There undoubtedly also will be greater customer demand for assistance in mitigating IoT security risk. Insurers can play a meaningful role here and develop a new, substantial revenue stream, since they will be in a position to develop a large data pool on the risks and types of security losses the IoT poses. On approach insurers could take is to develop the in-house expertise needed to provide cyber security risk-mitigation services. Alternatively, they could broaden their ecosystem of business relationships and partner with cyber security firms that can deliver this service.
But insurance leaders will have to adapt their thinking on IoT security to reflect current realities. Accenture believes that the key to IoT security will be resilient and agile solutions embedded into products and processes to both monitor them for threats and trigger appropriate responses before cyber attacks can cause damage.
Among other things, we suggest that carriers:
- Adopt an operational mindset that perfect cyber security is not possible. Instead, insurers need to engage in continuous monitoring of the IoT’s operational and security health. This is a big data challenge that requires a big data solution. Moreover, since an IoT system might include pieces of other such systems, all organizations—including insurers, which will face their own IoT security risks—need to design to survive failure. This process can start with establishing anomaly detection capabilities enabled by machine learning and effective responses.
- Develop contextualized threat models that identify links between business goals and security operations. These models can help in prioritizing potential IoT security threats and uncover blind spots that traditional controls-focused approaches are not equipped to handle.
- Apply mobile and cyber-physical system (CPS) security lessons—the growing pains endured by these precursors to the IoT.
- Track and make use of emerging standards from collaborative organizations.
- Continue to educate system users about increasingly sophisticated phishing and social engineering attacks.
The IoT exposes insurers to a new level and dimension of risk. But it also presents an opportunity to introduce an entirely new range of products and services that could drive growth and strengthen their relationships with customers. The potential is huge, but a systematic approach to the risk is needed to ensure the vision is realized.