Cyber insurers could help drive IoT standards

Insurance companies will want companies to use strong protections against data breaches

Cyber insurance premiums could prove a big driver of Internet of Things standards.

Machine-to-machine communication has grown up in separate silos for every industry, but as it expands in the coming years as part of the broader Internet of Things wave, standards could save a lot of cost and effort, speakers at a networking conference said Monday. 

Having a common approach that works can save IoT vendors from having to reinvent the wheel, said Jim Zerbe, head of IoT product at Neustar, a real-time information services and analytics company.

Security is one place that's needed, he said. For a long time, machine-to-machine security has relied on industry-specific technologies and "security through obscurity," resulting in easily hackable systems. Standard, open technologies across industries can attract armies of developers to build strong defenses.

Insurers will help to usher in that approach, said Bruce Gustafson, Ericsson's vice president of government and industry affairs for North America. Cyber insurance is a young business still trying to calculate the risk of a breach, but as it matures, insurers will look for safeguards they can rely on. The idea is that they'll take to data security standards -- the stronger the better -- the same way they've pushed seatbelts and airbags to cut down on auto accident risk.

Enterprises' premiums could go up or down depending on whether they're using security technologies that insurers recognize and endorse. Developers would jump to fill that need.

"That unleashes the market," Gustafson said. "All of a sudden, all the great minds swing over there."

Hardware designs, data formats and data security mechanisms all could benefit from standardization, Gustafson said. He pointed to cellular standards as a model.

"The iPhone wouldn't be here if they weren't able to license a standard," Gustafson said. The 3GPP helped streamline the development of that industry-changing device by agreeing on how cellular systems would work and making that recipe available to anyone. "You don't need to invent that," he said. 

Industrial IoT won't fully pay off until there are common protocols across industries, panelists said. They cited a McKinsey Global Institute report earlier this year that said less than one percent of IoT data is being used, mostly for alarms and real-time control. More numbers from more business sectors have to be crunched to derive big payoffs through optimization and prediction, McKinsey said. 

Data formats should be standard so a range of IoT platforms can ingest common inputs like weather data, Gustafson said. Gathering data across industry verticals also requires standard protocols, of which some are already in use, including MQTT and CoAP (Constrained Application Protocol), Zerbe said.

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place