The views in the articles below are not necessarily those of the FIA
The Internet of Things (IoT) is a term with which we are becoming increasingly familiar. It refers to the interconnection of computing devices and sensors embedded in everyday objects, in order to send and receive data. While these have the potential to greatly increase convenience in everyday life, IoT enabled appliances can also betray their owners.
For most of us, this conjures up images of a distant future with self-stocking fridges and toasters that intuitively know when you are hungry. However, first generation IoT objects are very much a part of everyday life, and the risk landscape is already changing as a result.
The first example that comes to mind is the user data published by Strava, an app that connects to smartphones and fitness trackers like Fitbit to show popular running routes in major cities. In November of 2017, Strava made its “heat map” available online, showing the running and cycling routes of literally millions of users.
What the developers of the app did not anticipate, was that the heat map also revealed the locations of several secret military bases. What’s more, the layouts of these bases were clearly mapped out by the jogging routes of military personnel with fitness trackers.
Closer to home, the growing number of IoT enabled devices being introduced into daily life are presenting insurance challenges that your client needs to be aware of. The potential risks are especially relevant to the high-net-worth (HNW) market, since these individuals are generally known for being early adopters of high tech appliances and wearables that can connect to smart devices and online resources. Additionally, HNW individuals often install high-tech security measures that can be monitored remotely, in their luxury homes.
To start, as IoT becomes more widespread, the potential for cyberattacks increase significantly. According to cybersecurity firm, Kaspersky, attacks on IoT devices increased threefold in the first half of 2018 alone. This is because the security on most IoT devices is still considered to be relatively weak in the face of ever-evolving cyber risks.
Ransomware attackers now have one more medium to extort money from victims, with attackers taking to disabling a connected device at crucial moments when they cannot be reset or disconnected. For example, a ransomware attack could shut down a home’s air-conditioning or security system while the owners are away on holiday, unless a ransom is paid.
This is, however, not the most common form of cyberattack on privately owned devices. Taking control of connected IoT devices in order to mine cryptocurrency or to create a network of co-opted devices for illicit purposes, are on the rise. Not only does this shorten the life of the device, but it can also significantly increase energy consumption and connectivity in the client’s home.
Still, individuals face an even bigger risk to their assets, as well as to their personal safety. Wearable tech, sensors in vehicles, and location-based sensors in home appliances and security systems all collect vast amounts of data about the users. Everything from personal preferences to daily and weekly routines is collected and the data is stored on cloud servers or “smart devices” that are connected online. It has also been demonstrated on numerous occasions that connected home security cameras can be hacked with surprisingly little effort.
This means criminals could potentially predict an individual’s movements, zero in on their current location, or analyse their habits in order to identify opportunities. For your clients it could mean that criminals know when (or how) to break in.
On a home contents cover policy, this may even present some significant challenges at claims stage. A theft where criminals may have known how to deactivate security systems and cameras, or knew exactly where to enter the property, may rouse the suspicions of an insurer and could even lead to the claim being repudiated.
For HNW individuals, it could even be used by criminals to find a window of opportunity to stage a kidnapping.
With this in mind, brokers have to start talking to their clients about the risks of IoT devices. While most devices do not have adequate security in place, it is crucial that the client’s home-based routers and networks are equipped and maintained with the right level of security software, and that passwords are regularly updated.
Your clients also need to remain cognisant of the fact that IoT devices are constantly collecting user data. Clients need to become much more selective about the kind of data that is collected about them, as well as when and where their IoT enabled devices are allowed access to the internet.