Internet of Things Exposures & Enterprise Risk

► Privacy and security regulations (such as FDA IT security guidelines for medical devices)
► Varying country regulations
► Chain of liability
► Ownership of data
► Availability of bandwidth and ‘net neutrality’
► Intellectual Property
► Automated contracts (between two connected machines)

Taking a step back from the doomsday implications of IoT, it should be noted that many IoT products can actually reduce exposures. Research firm IDC predicts IoT will become a $1.46 trillion international market by 2020, up from $700 billion last year. Google paid $3.2 billion for smart thermostat maker Nest. Home automation startups being incubated by Microsoft Ventures carry a number of safety benefits, such as turning off your stove or protecting from water damage. IBM recently announced a $3 billion investment in IoT and is launching a multitude of services with its Watson “smart” products that will make us safer, such as alerting car insurance policyholders of storms before damage occurs.



Analyze Enterprise Risk

While IoT innovations aim to increase efficiency and facilitate data analytics, they also increase organizational risk. From a liability standpoint, there is exposure for organizations involved in the design, production, delivery and servicing of the IoT device that allegedly causes economic loss, bodily injury or tangible property damage. From an organizational expense standpoint, smart offices, factories, and computer-based logistics systems face new business interruption risks. Organizations must review their involvement with IoT and identify related exposures and methods to mitigate the risk. An insurance gap analysis should be conducted to determine coverage under existing policies and the need for enhancements under current policies and/ or standalone cyber insurance:

► What coverage is there under existing property, general liability, crime, Errors and Omissions/Professional Liability insurance policies?
► What gaps are there in current policies?
► Is a cyber insurance policy required?

Develop Risk Solutions

While it is impossible to predict the exact impact of the IoT, it is incumbent upon every organization to understand the risks associated with the IoT, their potential impact, and appropriate risk solutions to address those exposures.

Organizations that choose not to address their cyber risk exposures do so at their own peril. Cyber risk flows through an entire organization, and to not adequately address those risks could result in management being faced with allegations of breach of fiduciary duty, implicating the board of directors. The IoT is a boardroom issue, as cyber risk has the ability to directly impact an organization’s balance sheet.

From a risk transfer perspective, the IoT revolution will force the insurance industry to better clarify where coverage starts and stops under each type of insurance policy. Property and general liability insurers are inconsistent and/or hesitant to cover cyber exposures. Likewise, the cyber insurance market has been slow to embrace affirmative property or general liability coverage for losses arising from a network security breach. The market need is for a combined all-risk insurance policy that combines the actuarial data of property losses with cyber insurance technical expertise, in order to appropriately address the potential breadth, frequency and severity of losses.

As we enter this time of revolutionary change and interconnectivity, the IoT will provide us with the unprecedented ability to connect people and machines. The benefits are enormous, but so are the risks. Organizations must be mindful of both as they integrate smart technology into the workplace and beyond.