Anytime a new flashy household device is released on the market, internet connectivity is promoted as one of its main features. Just look at the latest fridges, dishwashers, vacuum cleaners, air conditioners, and now – thanks to devices such as Google Home – LED lights, as examples.
It is estimated there will be 311 million connected devices in Australian households by 2021.
This growing trend of the Internet of Things (IoT) gives businesses a great opportunity to use the user information collected by these devices to get to know and engage with their customers, and make more accurate decisions that will ultimately deliver efficient experiences for end-users.
However, in the haste to adopt IoT technology – as no individual or company wants to be left behind – many consumers and businesses are quick to forget the inherent security risks involved with connecting devices to the internet.
Once critical customer information is collected, the risk no longer just sits with the device – it resides in the network, the platform that controls it, the security management protocols and with the people who have access to the device and the information. If data leaves, you need to know about it and where it is headed. You also need to know who has access to it and who does access it. All of these represent potential weaknesses in the business which heighten the risk of valuable information falling into the wrong hands.
Unlike traditional computers, IoT devices are built around different computing hardware and cannot simply run anti-virus programs for security or require explicit user permission to greenlight processes.
Reports surfaced last month of a security flaw – dubbed HomeHack – in LG’s IoT software, which left its home appliances including dishwashers, washing machines, air conditioners and robot vacuum cleaners accessible to hackers.
In a separate case, Kromtech Security Center discovered that Ai.Type, a Tel-Aviv based start-up that designs and develops personalised keyboards for mobile devices, accidentally leaked the information of more than 31 million users and made it publicly available online. The leaked information included full names, information associated with social media profiles, emails, birthdates, and countries of residence.
And while we may still be a few years off seeing autonomous vehicles roll through our streets, it’s projected that a fully-automated vehicle may produce up to 1 petabyte of data – equivalent to one trillion books – which means entirely new data networks will need to be built from scratch to manage it and fibre density will expand significantly. This in turn raises questions around the potential security parameters required to manage the data.
Verizon’s 2017 Data Breach Investigation report (DBIR) revealed that more than half of the recorded cybercrimes involved breaches that featured hacking and malware, and that hacking-related breaches leveraged either stolen or weak passwords.
In Australia, there is now even greater pressure on organisations to prepare their existing personal and private data practices and procedures ahead of the new security obligations they will need to meet when the Notifiable Data Breaches scheme (NDB) comes into effect in 2018.
So how do you turn these risks into an opportunity, and unlock the value in the cyber insurance market place
We know from our experience elsewhere that as pressure mounts for businesses to adhere to new legislations, we will see a significant rise in the cyber insurance market and PCI DSS compliance activities.
In fact, the relationship between the insurance industry and technology has never been closer. This is mainly because, as Verizon’s State of the Market Internet of Things 2017 points out, the risk of deploying IoT devices can impact a brand’s reputation and relationships with its business and supply chain partners. Moreover, a breach can be financially devastating.
The cyber insurance market is forecast to reach $14 billion globally by 2022. This represents a 28 per cent compound annual growth rate over the next five years, which highlights a clear opportunity for the insurance industry to develop a robust cyber risk product.
Fitch Ratings predicted in the US alone that the value of underwriting for cyber security policies in 2016 was US$1.3 billion. This figure is likely understated, due to the difficultly of breaking out cyber related premiums from other multi-type policies. The results also showed the three most dominant companies in the cyber insurance market were Chubb, American International Group and XL Group, which held a combined 40 per cent market share.
Given the cyber risk for businesses is not going away, we believe cyber insurance will soon – if it has not already – become part of day-to-day business.
Robert Le Busque is the managing director of Verizon Enterprise Solutions Australia, New Zealand and India.