Here's How AIG Is Meeting the Challenges Presented by IoT and Cyber Risk
The Internet of Things is not going anywhere anytime soon. The ever-expanding network of connected devices is only set to continue as we move through the 21st century. From coffee makers to doorbells, there is seemingly no type of product which can't be made better through digital connectivity.
However, this increase in connectivity brings with it new risks. Every device connected to the internet creates a potential new entry point for cybercriminals to gain access to a network and cause havoc - whether through fraud, theft, terrorism, or something else.
AIG and other insurance companies must take this increased risk into account when designing their policies.
Autonomous Vehicles
One of the more exciting (or concerning, depending on your perspective) developments in the world of connected devices relates to autonomous vehicles and other similar machines. With news reports of fatal collisions involving driverless cars already causing apprehension, they clearly pose a concern for insurance companies when calculating risk.
However, when it comes to assessing liability for accidents involving driverless vehicles, the waters get a little muddied.
If a driverless car strikes and kills a pedestrian, for example, who is liable? Is the owner of the car at fault as would be the case in a collision involving a regular car? Is it the manufacturer of the car? Is the manufacturer of the sensors installed in the car to blame? Or is it the mapping software provider?
With driverless vehicles being such a new concept, it's hard to come up with concrete answers to these questions. As is often the case, it can take laws and legislation a long time to catch up with the breakneck pace at which technology is developing.
"The future isn't coming, it's here now and everyone has to acknowledge the rate of change will only intensify," said Global Leader of Auto Liability for AIG, Harry Storck.
AIG already has a team of stakeholders brainstorming new product ideas to meet the challenges presented by driverless vehicles. It's presently developing a new type of insurance which moves away from traditional auto liability and wraps policies up in a more generalized product liability category. By viewing the driverless car as a complete product, rather than the sum of its parts, it allows responsibility to be divided between the owner and all manufacturers involved in the vehicle's development.
IoT for Industry
While commercial and consumer-level driverless cars are certainly a concern for tech-savvy insurers, IoT technology is being implemented in many other corners of the insurance industry as well.
"We have autonomous machines with software that updates overnight that may no longer be a consumer product when they are always connected to the factory," said CEO of North America General Insurance at AIG, Lex Baugh. "Similarly, risk shifts when gas turbines are sensored to the point where we can actually create a digital twin of that gas turbine and we can remotely control it from an industrial control platform."
This naturally creates opportunities for cybercrime.
For example, many IoT products ship with generic passwords, which are the same on all versions. Most people don't bother changing the default password on these devices, meaning there are thousands, if not millions, of products out there which all have the same, easily-acquired password. Now, imagine the risk should one of these IoT devices find its way into the home of a high-level government employee or a nuclear power plant.
"Airplanes pilot themselves," said Baugh. "By the way, they're doing a pretty good job of it. The last mile delivery has been optimized. Fleets run simply on telematics. Supply chain is automated. Buildings and homes tell us when there is a flood. Travelers rely on digital wallets. University students interpret ethics as machine learning interns. And temp staff agencies use wearables to prevent worker injuries. Cyber risk is abound."
To at least attempt to cope with it all, insurance companies are having to add extra clauses to their policies. Many policies now require the holder to have an established and comprehensive cybersecurity response plan in place which details the actions to be taken should an incident occur. Companies which fail to establish such a plan are likely to have difficulty finding competitive liability insurance in the future.
Final Thoughts
The world of cybersecurity is changing because of IoT technology, and the insurance industry must evolve along with it. Making sure policies have adequate cover for breaches in place to make intrusions less likely will better protect both holders and insurers simultaneously.
The challenges presented by cyber risk and the IoT are set to be a hot topic at Digital Insurance Summit 2019, taking place in July at the Westin Chicago River North.
Download the agenda today for more information and insights.