Risk Insider: Kevin Kalinich

Risky Things

By: | August 27, 2015

Kevin Kalinich is the global cyber risk practice leader for Aon Risk Solutions, focusing on identifying exposures and developing insurance solutions. He can be reached at [email protected].

Some of us are old enough to remember when our stand-alone computers first became networked with other computers. Who over 40 years old doesn’t recall sending and receiving that first email?

That profound technological development – networked computing – brought enormous advantages but also set the stage for security concerns, like viruses and malware, which can be an Achilles heel of computer technology.

With the rise of the Internet of Things (IoT), we find that it is more than just our computers that are connected. Our homes, possessions and even our physical bodies are becoming connected.

Many IoT products can actually reduce exposures.

Arrays of smart, sensor-equipped, connected devices that collect and digitize a wide variety of data are already being used, with exponentially more in development.

Literally tens of billions of “things” containing sensors – cars, homes, medical devices – will be connected in the next several years. A range of twenty to 50 billion of these “things” are estimated to be installed by 2020, with a vast amount more to follow.

An example is car manufacturers’ strategies to sell “tires as a service.” The car manufacturers use embedded technology to detect tire wear and under-inflation, which improves service and increases safety.

The IoT phenomenon is unfolding faster than developers can address the accompanying security vulnerabilities and risk management concerns. We are living in a new world in which our “things” can tattle on us, compromise our privacy or even harm us.

While telematics in vehicles or home appliances may seem helpful when we need roadside assistance or to diagnose maintenance issues, they can also report our speed or our diet, which to some may seem invasive.

Drones, hidden cameras and driverless cars once seemed like fantasy objects in a futuristic world, but suddenly that future is here, and it is unclear how liability would be assigned when one of these “things” misbehaves or is used to harm another.

On the contrary, not all IoT innovations are necessarily harmful. Many IoT products can actually reduce exposures. Home automation startups being incubated by Microsoft Ventures carry a number of safety benefits, such as turning off your stove or protecting your home from water damage.

IBM just announced a $3 billion investment in IoT and is launching a multitude of services that will help make us safer, such as alerting car insurance policyholders of storms to help prevent damage. So it’s important to remember that IoT exposures are not necessarily negative, just different.

With the increased use of internet-connected devices, however, new types of exposures have arisen to increase the possibility of certain damages. This creates an enterprise risk management challenge as businesses seek to harness the exciting potential of this evolving technology while managing the related cyber threats.

The data gathered by IoT is often quite vulnerable. According to a study by HP, it’s estimated that 70 percent of the most commonly used devices contain serious vulnerabilities. Potential concerns include a dangerous hacker disabling a life-sustaining medical device, the brakes in an automobile, or aviation systems from Wi-Fi or power grids.

As it has repeatedly done throughout history, our ability to create new technology is opening up worlds of opportunity. It’s also creating new types of risk.

Plaintiffs’ attorneys will look to those involved in the design, production, delivery and servicing of the IoT device that allegedly causes economic loss, bodily injury or tangible property damage.

While it is impossible to predict the exact impact of the IoT on the insurance industry, this much is clear: future IoT evolution will force the insurance industry to better clarify where coverage starts and stops under each type of policy.

More from Risk & Insurance