The insurance industry is not ready to deal with the massive risks that the Internet of Things; or IoT is creating. Even though much of the IoT is already around us; few insurers are researching it, or tailoring coverage for the risks it creates.
The concept behind the Internet of Things is a simple one; just connect every electronic device to the web via WiFi or broadband. Yet it is an inherently disruptive development that will create vast risks, many of which are poorly understood.
Some examples of the IoT include:
- The use of wireless technology to track freight, warehouse and retail inventories, cargo containers, railcars and trucks.
- The installation of wireless devices in vehicles to track them or monitor driving patterns or mileage.
- Appliances, air conditioners, furnaces and other devices in the home that can be controlled or monitored over the internet.
- Automatic ordering of supplies or materials by devices. Amazon is experimenting with wireless devices that allow customers to automatically order new supplies of products like laundry detergent at the touch of a button.
- Security cameras and sensors that allow for the long distance monitoring of properties, or vehicles.
The IoT is growing faster than you might think, it is expected to connect 200 billion devices by 2020, Insurance Business America reported. Despite that the insurance industry is largely ignoring the risks the IoT is creating.
Most insurers are simply ignoring IoT or resisting it, Brian Murdock; AIG’s managing director for the American states of Georgia, Tennessee and Alabama, said in a July speech. Murdock expects the IoT to completely disrupt the insurance industry – although he gave few specifics.
IoT greatly increases the danger from hacking
The greatest and most obvious risk created by the IoT is from hacking. Security researchers have demonstrated that IoT-connected devices can be easily hacked.
Back in 2013, researchers; from a company named Trustwave, made headlines by hacking into a “smart toilet,” Forbes reported. The same hackers were also able to turn the lights in a house; equipped with a home automation system, on and off via remote control.
It would be possible to disrupt a city’s power grid by hacking air conditioners if they were plugged into the IoT. In February 2016, security experts Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems demonstrated that it would be possible to turn air conditioners on and off or raise or lower temperatures in a building via online commands. Such an attack can disrupt the grid by raising electricity usage to levels power plants cannot deal with, Wired reported.
An even greater risk was exposed in July 2015 when two American security researchers shut down a moving vehicle via hacking. Charlie Miller and Chris Valasek were able to take over a Jeep Cherokee; an SUV manufactured by Fiat-Chrysler, by Wi-Fi hacking or “wardriving,” Wired reported.
Once in control the two turned the windshield wipers on and off, changed stations on the radio and turned on the air conditioning, Wired writer Andy Greenberg reported. Most disturbingly, the two were able to shut the vehicle’s engine off; as it was cruising down the road at 70 miles per hour.
The risks are greater than you think
Sabotage is just the beginning of the risks that hacking of the IoT presents to insurers. Other potential dangers include data theft, illegal surveillance, industrial espionage and enabling of other kinds of crimes.
Thieves could hack home or building automation systems; and command them to open doors or turn off security systems for example. Robbers might be able to track shipments equipped with Wi-Fi devices, and plot the best place to intercept them.
Another potential danger is that hackers will use IoT devices to get access to other systems. For example, a crook might hack a bank’s air conditioner in an attempt to gain access to a database containing account numbers.
Liability and the Internet of Things
All of this exposes the greatest dilemma that the IoT poses for insurers: liability. If a self-driving car connected to the IoT gets hacked and crashed who is liable?
Would it be the auto manufacturer, the manufacturer of the WiFi system, the Wi-Fi provider, or the maker of the software that controls the vehicle? All of those companies will need specialized insurance products to protect them from that liability.
Such questions abound in the Internet of Things. An interesting hypothesis is would the manufacturer of a furnace be liable; if it were hacked and used to damage a home? For example if the furnace were turned off on a day when temperatures outside dropped below freezing, causing pipes to freeze and burst. Would homeowner’s insurance cover that situation; or would the manufacturer or programmers of a home automation system?
A problem for commercial insurers is would the manufacturer of a tracking device be liable if a shipment disappeared? Is the creator of such a tracking device taking responsibility for loss prevention?
The IoT obviously poses interesting dilemmas and great risks for insurance but it also creates some intriguing opportunities. These include new kinds of coverage for IoT connected devices; and vast amounts of data that can be used for actuarial purposes, or risk management.
Insurers had better start paying close attention to the IoT, because it is already creating great risks and tremendous opportunities. Understanding the Internet of Things and the risks it creates, has become a necessary part of underwriting and risk management.
