A robot cleans your house when you’re out, your thermostat adjusts itself based on the movement and number of people in the house, and the little speaker on your counter doesn’t just play music, but also tells you the weather and reminds you to do pick up your dry cleaning. Sounds like a sci-fi movie, doesn’t it?
Well, go on and cue Alcazar (maybe even on that talking speaker on your counter) because nowadays “this is the world we live in.”
It’s estimated that by 2020, over 20 billion “things” will be connected, with 60% of them belonging to consumers, and global spending on IoT will reach nearly $1.29 trillion. The Internet of Things (IoT, as it’s known) refers to any connected or “smart” device, from objects we think of as tech items (e.g., phones, tablets, etc.) to traditionally “low-tech” items, like health devices and kitchen appliances. Even kids’ toys are joining the trend. In the US, the average household has 17 smart devices, while in Europe that number is 14.
IoT is designed to connect different aspects of our lives and make life a lot easier. But there’s a dark side that consumers don’t always think about, too…
Most of us have just one Internet network in our homes, and we connect all our devices to it. When devices are on the same network, they can talk to each other and share data easily. That also means, however, that all devices—and the data they transmit—are centralized in one place, increasing the threat of attacks.
Security is secondary.
With IoT gaining popularity and traction, makers of connected devices have been focused primarily on adding functionality and getting their products out on the market fast. Likewise, individuals and companies have deployed add-on apps for IoT en masse. Through all of this, however, security has remained secondary and has lagged behind, making IoT devices very weak and vulnerable when it comes to cybersecurity. Consumer devices like smart refrigerators, for example, aren’t designed to offer maximum security and rarely include safety updates, nor do they even mention cybersecurity in their warranties. Nevertheless, consumers have been quick and eager to adopt all these smart devices without checking how they fare in terms of security or thinking about the implications on other aspects of their lives.
Interestingly—or perhaps ironically—“security cameras represent 47% of vulnerable devices installed on home networks,” according to a report from ZDNet, followed by smart hubs (15%) and network-attached storage devices (12%). The FBI has also warned parents about the dangers of “smart toys,” explaining that the cameras and recorders could give hackers easy access to a child’s location and identity.
One attack to unravel it all.
When IoT is involved, all it takes is one hack. With just one attack—even of something that seems as innocuous as a smart TV—hackers can gain access to a user’s network and highly valuable and sensitive information, including financial assets, health data, and real-time location. A 2017 story in the Washington Post, for example, describes how an IoT fish tank gave hackers access to an entire casino. Once hackers gain access to a network, there’s no end to the damage they can do; stealing so much that they put a small company out of business, undergoing health procedures under another person’s name (and on their dime), and identity theft are just a few examples. By 2021, cybercrime is estimated to cost the world $6 trillion per year, up from $3 trillion in 2015, and more than the cost incurred by natural disasters.
Regulation is lagging.
As in many other areas, especially those involving high-tech, regulation has only occurred on an ad-hoc basis and has been slow to catch up with the speeding IoT trends. The US Federal Trade Commission (FTC), for example, has gone after specific IoT device makers for putting consumers at risk, but hasn’t issued any general widespread regulation. The UK’s National Cyber Security Centre released a report called “Secure by Default” that advocates for security that is built into devices, rather than putting the responsibility on consumers, but for now, the document’s points are just recommendations, not legislation.
IoT devices—and cybersecurity in general—represent a whole new area in which consumers and individuals need protection. With IoT trends moving forward full throttle and regulation crawling behind, protection will likely need to come from other sources. So far, insurance coverage for cybersecurity matters has been limited to corporate giants and large organizations, such as financial institutions, credit card companies, and healthcare providers. But as cybersecurity threats trickle down into small businesses, along with consumers’ personal devices and homes, individuals themselves are likely to seek out protective coverage.
Individual cybersecurity insurance plans remain a rarity on the market, though some companies do offer coverage, with most plans designed primarily for wealthy individuals and families. For example, AIG launched Family CyberEdge, a not-cheap supplement to existing homeowners insurance that covers cyber extortion, data restoration, crisis management, and cyber bullying. Another US company, Rubica, offers similar services for “high-profile individuals” who “have greater-than-average financial assets and are a prime target for financial cyber crime, or are involved in frequent online transactions, like active investing.” UK-based Hiscox and Munich Re’s subsidiary Hartford Steam Boiler offer cyber insurance for small and mid-sized businesses, as well.
As more and more aspects of our lives become connected and find their way online, cybersecurity is expected to become a more pressing concern, which will likely need to be addressed by insurance companies and out-of-the-box insurtech startups. And if trends move in the directions predicted by experts, within the next decade, hacking and cybersecurity coverage will become standard for every homeowner.