The number of growing smart devices connected in Internet of Things (IoT) era are more exposed to Cyber-attacks due to weak or no cyber security. There are many industries which are using IoT product or devices for improving performance, quality and to achieve automation. This includes from Smart home devices, Self-Driving car to some of public services such as power grid, military defense and critical national infrastructure. This Blog examines the potential Cyber Risk due to IoT technology and how this impacts the Insurers and their customer.
Why the IoT devices are threat to Cyber Risk?
The usage of IoT technology in future will attract more potential for cyberattacks and fraud. Here are some of the reasons which makes IoT devices vulnerable to Cyber Risk:
- With IoT technology, there will be more offline objects (e.g. homes, transports, manufacturing units etc.) connect to online and will become vulnerable to e-Threats
- Because of the networked nature of IoT ( i.e., that each connected object uses data from other connected objects ) there is also the risk that a malfunction could lead to catastrophic system failure
- IoT solution is being implemented by some of the Technology, Media and Telecommunication companies on top of existing systems or collaborating with their customer or partner system. These standalone legacy systems which were earlier unconnected are vulnerable targets for hacking
- Many organizations do not continuously update IoT devices after installing them
- Some IoT devices do not have the ability to receive patches to update security settings
- Most of IoT platform comes with default ID and password
Cyber threat landscape
There can be multiple implementation of IoT technology in different industries which are vulnerable to Cyber-threat.
Some of the examples of IoT technology usage and major implications during Cyber attracts are:
- Maritime shipping: There are multiple usage of IoT technology in Maritime shipping as the shipping companies have equipped their fleets with a variety of sensors to monitor critical vessel systems, weather and sea conditions, and cargo .The Marine industry can be impacted Cyber-attack on Terminal Computer System, navigation system and Point of sale system. Possible consequences are Business interruption, damage to data, theft of property though alternation of shipping contacts, Bodily Injury and Property damage etc.
- Aviation: There are several usage of IoT in both Commercial and Military Aviation. Connecting IoT to aviation will help to access real-time data for engine performance improvement, accurate weather forecast and pilot monitoring etc. The Cyber risk in Aviation may allow Hackers to gain access to some sensitive data such as the location of troops or detailed mission plans for IoT connected military planes. There could be remote terrorism acts where the hacker could gain access to an aircraft’s control system and weaponry, similar to drone hacks, and use it against the enemy.
- Smart City: A Smart City can be equipped with IoT platform has multiple usage such as smart parking, public safety, traffic balancing etc. Smart Grid is one of the example which is implemented in Smart City to realize great cost savings and efficient trouble shooting. If there is no effective Cyber security maintained, Hacker can gain access to such public infrastructure from his computer to shut down an entire city’s electrical supply.
- Critical infrastructure: Because of the networked nature of IoT – i.e., that each connected object uses data from other connected objects – there is also the risk that a malfunction could lead to catastrophic system failure. The critical infrastructure like dams, bridges embedded with censors to monitor structural integrity as well as environmental conditions are vulnerable to Cyber threats. Malfunctioning of these sensors may bring risk of a catastrophe if those objects fail and could lead to massive property damage or even loss of life.
What are the IoT Cyber Risk opportunities and the challenges for insurers?
The new security risks that the IoT technology creates will increase the need for insurance, and creates new business opportunity for insurers. There will have more security challenges due to growth of IoT and customers will look for insurers to define and analyze the risk they face. Here are some opportunities and challenges for IoT Cyber Risk.
- Opportunity for Insurers:
- As the IoT plays an increasing role in all industries, this will also have a big revenue opportunity for Insurers to provide insurance against identity and data theft, business interruption and other consequences of cyber-attacks.
- IoT Cyber risk also presents an opportunity to introduce an entirely new range of products and services that could drive growth and strengthen their relationships with customers
- Challenges for Insurers:
- Insurers may need to do innovation in existing Product and process which will help make cyber risks more insurable and extend available cover to a wider set of policyholders. This includes common standards for capturing, sharing and reporting data about cyber incidents, and greater use of smart analytics to improve threat detection and risk assessment.
- With dynamics of the IoT is an open systems world, there can be multiple devices connect to each other. There will be challenges for carriers to write the Policy for determining the responsibility when a claim occurs due to IoT Cyber Risk
- There may be some uncertainty and ambiguity in defining the scope of coverage for IoT specific cyber-attacks due the nature of multiple connected devices
- Risk Management strategy for Insurers:
- Develop contextualized threat models that identify links between business goals and security operations. These models can help in prioritizing potential IoT security threats and uncover blind spots that traditional controls-focused approaches are not equipped to handle
- Insurers can take to enhance their security by using analytics and pattern-detection software that identifies malware the moment it’s deployed
- Insurance carriers can partner with IT security firms to draw on their vulnerability and risk assessment expertise, or share some of their customers’ financial liability in case of a major attack
- Insurers also need to be aware of the liability they incur by offering IoT-related services, and should ensure they account for it in their underwriting and pricing