The "Internet of Things" & Cyber Insurance
We've recently found a few thought-provoking articles on the Internet of Things which remind us why you should run not walk to ensure your commercial clients have insurance protection against hacking and data breaches.
"The Internet of Things" (or IoT) is the current name for a technology that has been around for awhile but is now reaching critical mass: the use of embedded sensors in daily objects, machines, and even our own bodies to transfer data to a network. This is not new - think heart monitors, baby monitors, sensors in our autos, "smart" home security devices, etc What is new is the rapid proliferation of these technologies, the security implications and the implications for the future of our business.
In this month's Risk Management, Katherine Heires writes about Preparing for the Internet of Things. It's a good look at IoT 101 and some of the inherent opportunities, risks, challenges and unintended consequences. The good news is that these technologies offer the potential for advanced business analytics, automation, operating efficiencies and more. But the challenges are rife:
"Leo Cole, general manager of security solutions at Trustwave, a provider of network and data security solutions, said that IoT's layers of applications and connectivity "open up new attack vectors and new sets of risks on the security side of business."
This, in turn, will open the door to greater risks in several categories, including computer network vulnerabilities and data privacy breaches. Physical dangers could also be a concern as machines increasingly make autonomous decisions at lightning speeds. For example, if network control points are not properly protected from a malicious attack, machines controlling airplanes, high-speed trains, cars or pacemakers could be compromised and cause physical harm."
In Wired magazine, noted security expert Bruce Schneier offers a frightening look at the risks in his article, The Internet of Things Is Wildly Insecure - And Often Unpatchable. He sounds the alarm that we are at a crisis point in terms of the security of embedded systems and explains why. The upshot?
"The result is hundreds of millions of devices that have been sitting on the Internet, unpatched and insecure, for the last five to ten years.
Hackers are starting to notice. Malware DNS Changer attacks home routers as well as computers. In Brazil, 4.5 million DSL routers were compromised for purposes of financial fraud. Last month, Symantec reported on a Linux worm that targets routers, cameras, and other embedded devices.
This is only the beginning. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game.
And the Internet of Things will only make this problem worse, as the Internet -- as well as our homes and bodies -- becomes flooded with new embedded devices that will be equally poorly maintained and unpatchable. But routers and modems pose a particular problem, because they're: (1) between users and the Internet, so turning them off is increasingly not an option; (2) more powerful and more general in function than other embedded devices; (3) the one 24/7 computing device in the house, and are a natural place for lots of new features."
Over the holiday shopping season, we saw large scale data breaches that compromised millions of individuals - Target being the poster child of such attacks, but there were several others. In the wake of this, more companies are seeking insurance protection. Deirdre Fernandes of the Boston Globe reports that one in three companies now has insurance to specifically protect against such losses. Marsh LLC reported an overall 20% jump in such coverage, while Liberty Mutual cited a 30% jump in sales. She notes:
The average cost of a data theft in 2012 was $188 per customer account, according to a recent study by the Ponemon Institute, a Michigan-based independent research center focused on privacy and information security. While the mega-breaches tend to grab headlines, more common data losses involve fewer than 100,000 customer records. But even these smaller breaches can be costly, averaging $5.4 million in 2012.
The Internet of Things is an emerging risk topic that should be high on every agent's radar. In addition, producers need to be aggressive about educating commercial accounts about these exposures and offering coverage.