Although the concept of the Internet of Things (IoT) promises more convenience and productivity, a report warns that as devices become even more interconnected, they become much more difficult to secure against cyber threats.
A policy study recently published by the R Street Institute, entitled Aligning Cybersecurity Incentives in an Interconnected World, explored how cybersecurity policies should tackle the shared vulnerabilities IoT networks have.
Learn more about data breach insurance here.
“When devices are connected, one device’s vulnerability becomes a problem for the entire network,” said R Street tech policy fellow Anne Hobson, who authored the paper. “This is not a new threat, as networked devices have been around since the 1960s. However, the scale of interconnection among today’s devices magnifies the consequences of insecurity.”
Digital Journal reported that the IoT is estimated to consist of 50 billion objects – which include appliances, electronics, smartphones, and even wearable devices, among many other things – by the year 2020.
Hobson explained that this expansion of connectivity presents plenty of opportunities for hackers to break into systems, and just as many challenges for those in charge of protecting IoT networks.
Cyber insurers also need to adapt to the challenges brought on by the expansion of the IoT, Hobson wrote. She observed that while the commercial cyber insurance market is growing, not all sectors have recognized the need for such coverage.
“While the [commercial cyber insurance] take-up rate in the retail, health and financial services sectors is around 80%, less than 5% of the manufacturing sector has cyber-insurance coverage,” she said.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
Hobson also stressed that despite the industry’s ability to easily share information across the sector regarding cyberattacks and how to deal with them, “cyber insurance is not a cure-all,” and that “the market has not yet developed to the extent that it can manage all potential risks.”
She noted that although some estimates show that current policies with $50 million limits would be able to cover about 92% of cyber-event claims, another model projects that the likelihood of a major “black swan” cybersecurity threat – one that causes between US$250bn and $1tn worth of damage to critical infrastructure – to be around 10-20%.
It can be difficult to quantify exposure to cyber risks, Hobson admitted, which is a part of why cyber insurance cannot address all issues. Between the varying motives for cyberattacks, multiple means to carry out such digital sabotage, and the difficulties of determining how a single cyberattack can impact business, risk assessment can be a nightmare to accomplish. Worse, risk assessment has trouble measuring exposure when the loss by one company affects the rest of its network – precisely what the IoT is all about.
Hobson concluded that a “robust” private cyber insurance market is needed to help “raise the bar for device security.”
“Taking the steps necessary to ensure that such a market flourishes should be a policy imperative,” she added.
Related stories:
Connected devices not reducing insurance premiums
The ‘Internet of Things’: Disruption or opportunity for insurance?