2017 RIMS

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.
By: | April 25, 2017
Topics: Cyber Risks | RIMS

The Internet of Things (IoT) is changing the risk landscape. ­

Because of that, risk managers must change how they think about and analyze risk on the horizon, said Brent Rieth, SVP, team leader of professional risk at Aon Risk Solutions.

IoT essentially makes everyday devices “smart” by connecting them to the internet. Around the home, it could include coffee machines, washing machines, lighting and garage door openers.

In business, it can used for warehouse equipment, oil rig drills and airplane engines. A rule of thumb is that if a device has an “on and off” switch, it can become part of the IoT.

“We all need to be mindful of how information security is used in each device.”- Brent Rieth, SVP, team leader of professional risk, Aon Risk Solutions

There were 10 billion devices connected to other devices in 2015. Forecasts predict 34 billion devices will be connected by 2020. To get there, business will invest about $6 trillion in IoT solutions.

While IoT can improve operations, especially by enabling more data analysis, it can also significantly impact governments, businesses, and the property and casualty insurance industry, Rieth said during a presentation at the RIMS 2017 conference.

“The Internet of Things is a powerful tool for business to think about,” Rieth said. “It can help you to create a synchronized environment that allows you access to information.”

Now is the time for risk managers to create a plan to leverage IoT and to mitigate existing risks, said Lora Figgat, risk manager at Avaya, Inc., who also spoke at the RIMS session.

From cyber breaches to property coverage and product liability, think about risks and enterprise risk management in a new way, she said.

“Data collection can be powerful when thinking about risks you manage,” Rieth said. “We all need to be mindful of how information security is used in each device.”

That’s because IoT can potentially create data-privacy concerns.

For example, human resource departments may issue fitness tracking devices as part of an employee wellness program. Those devices collect and store private information on employees that may lead to privacy risks for the business.

Privacy Concerns

“Information will be collected on us on a daily basis, potentially infringing on us where we no longer have privacy,” Rieth said. “You need to be mindful you are actually tracking information on people.”

Risk managers may ask, “Should we really be collecting all that data on our employees?”  he said.

Risk managers must figure out how to balance needs of company departments, so that when an idea seems great to the human resources team, it doesn’t raise red flags for the legal and compliance team at the same time.

Risk managers need to help develop IOT security best practices.

Introducing IoT to your business has consequences, Figgat said, and risk managers need be part of any conversation to ask what is the value of data and what is the criticality of the function.

There are other risks to consider. IoT product failures can also introduce new risk if there is a malfunction and raise product liability concerns.

“The most profound technologies are those that disappear,” Reith said. The IoT will become so ubiquitous, businesses may forget it is working behind the scenes gathering information.

IOT drives the need for ERM, Figgat said. “Integrated risk philosophy is no longer optional.”

That may include a comprehensive incident response plan, she said.

Risk managers need to help develop IOT security best practices. Discover and classify IOT devices the instant they connect to the network. Also, enforce security updates and end-of-life plans, require security standards for vendors, and recognize IoT as a long-term strategy worth investing in.

“We need to put the carrot on the end of the stick to incentivize companies to think about including security and not just invest in the lowest cost option,”Rieth said.

While IoT introduces new concerns for the risk manager, it also creates some helpful tools, including new metrics to assess their IoT risks, he said.

Now that it’s here, risk managers should always be asking how to leverage IOT to mitigate risk and how can IoT reduce the cost of risk transfer, Rieth said.

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.


Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.

Juliann Walsh is a former staff writer at Risk & Insurance. Comments or questions about this article can be addressed to [email protected].

More from Risk & Insurance