The Internet of Things gives rise to many risks and exposures that companies and their insurers were not thinking about as recently as a couple years ago, and probably aren’t fully cognizant of today.
The DDoS attack late last week on internet infrastructure company Dyn should act as a wake-up call. It shows how large and disruptive a cyber attack can become because of all the seemingly benign “things” connected to the internet. And it should cause companies to think about what their risks really are and whether their current risk management approaches address them.
Just one example from this latest attack – I’m reading that one or more of the manufacturers of the devices that were used as bots in this attack must recall a very large number of products because the passwords (which were easily cracked) cannot be changed by the user. The software that runs those products came ready installed on components bought from China, and it is this software that contains the vulnerability. Now that the passwords are known, the devices can no longer be considered secure. Maybe the manufacturers have product recall insurance or maybe they don’t. But they likely never thought they would have to conduct a product recall under these circumstances and whether such a recall might be covered under their current insurance program.
Protect your company by:
Understanding your company’s IoT exposures.
Using your company’s broker and coverage counsel to review all insurance policies with IoT exposures in mind and negotiate favorable policy terms.
Revisiting the policies annually at renewal time because of quickly changing risks and policy terms.