5 key attributes for cyberliability insurers to consider when insuring the IoT
October 29, 2015
By Vinny Sakore, Senior Consultant

The number of Internet-connected devices on the planet is projected to reach 25 billion by 2020, according to a 2014 report by Gartner. This goes beyond mobile phones to include household appliances, medical devices, automobiles, accessories and more.  

The connectivity and mobility the Internet of Things (IoT) technologies enable will fundamentally change the way consumers and businesses operate. While the benefits of mobility are clear, adding Internet connectivity to everyday devices introduces an unprecedented layer of complexity and risk.

In an earlier, less connected world, the average consumer product had a fairly contained amount of risk. Manufacturing defects were typically the largest potential issue for most products, and insurers built their risk models around them. However, Internet connectivity is turning an average device into a potential hacking target.

This phenomenon is giving rise to the need of cyberliability insurance to address the risk management of emerging connected devices. Cyberliability insurance, once a niche practice in the insurance industry that began a decade-or-so ago, will likely become a standard insurance provision on everything from baby monitors to insulin pumps.

How can insurers begin to grapple with the proliferation of IoT devices and align themselves with the future?

Below I’ve outlined five key attributes that insurance companies need to look out for ask when providing cyberinsurance to product manufacturers.

  • Security by Design – Whether it’s appliances, software, toys or electronics, the manufacturer should integrate security into the design process. When considering coverage, it is important that security is implemented into the design of each product throughout the product’s lifecycle.
  • Encryption is Essential – Manufacturers should have a strong policy that utilizes encryption. If a data breach happens, but the data is encrypted, a number of “safe harbor” type provisions will be in effect. For example if the data is encrypted, then its loss is generally not considered a breach.
  • Built-In Risk Analysis Program – How often does the manufacturer they’re underwriting conduct risk analysis and are they standard in the product’s development lifecycle? It is important to gauge the maturity of a manufacturer’s information security program.
  • Authorize Connected Devices - Devices that are connected to the Internet should require some type of authorization such as authentication via digital certificates that confirm its identity as well as its access. If a hacker gains access to a small part of a system, it can gain access to all of it. Authentication can help contain these types of breaches.
  • Independently Tested and Certified Products - All product manufacturers should have their security independently tested and certified by a third-party provider.  This adds a layer of protection as the products go through rigorous testing, and adhere to security standards.

Given current trends, nearly every device in the world will go from being a standalone device to being an Internet-connected device. A refrigerator will no longer be just a refrigerator, but rather an IoT object that has the potential to be hacked. This new risk profile for manufacturers has big implications for the insurance industry, where a complete understanding of all potential liabilities lies at the core of its business.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.