The problem with the ‘internet of things’ | Risk info please do not approve | Large | Business | Zurich Insurance

The problem with the ‘internet of things’ – cyber risks and how best to mitigate them

Man using tablet banner

Ofcom defines the Internet of Things (“IoT”) as “The interconnection of multiple machine to machine applications, often enabling the exchange of data across multiple industry sectors. It will enable large numbers of previously unconnected devices to communicate, with potential benefits in sectors such as healthcare, transport and energy.” Radio frequency identification technology has enabled an era of connectivity - it is estimated that by 2020 there will be over 26 billion connected devices which may include wearable/implantable devices (such as pedometers), mobile devices (including tablets, ipads, phones) and a range of domestic appliances (including washing machines, smart tvs, coffee makers and smart fridges) which will have the capacity to communicate with each other.

Cyber risks arising from human error or from hackers seeking to access and use personal data unlawfully (where entry can be gained through “attack surfaces” in systems) are familiar risks. Systemic failure due to the introduction of viruses and the consequential business interruption also poses a threat. The increased reliance on technology in the home (for example in running heating and lighting) and business (for example in controlling supply chains and stock for retailers or planning new towns, structures, construction projects and environmental issues for developers) will lead to an increase in the number of failures and claims arising as a result of those failures.

There is potential for issues of defect arising from the legacy of low quality equipment vulnerable to cyber attack. The satisfactory quality and fitness for purpose of “smart” devices may therefore be in issue. There is potential for physical damage to property where domestic or commercial connecting devices fail or malfunction. Such claims may target manufactures, service companies, designers, retailers etc. For a detailed appraisal of cyber risks and how best to mitigate them, please refer to BLM’s technology, media and telecoms team: www.blmlaw.com.

Three examples of potential claims are:

  • Data breach – a third party infiltrates a company’s computer security system, steals customer information and uses it for fraudulent purposes to access bank accounts.

  • Design/servicing – claims against IT suppliers in respect of the design, implementation and maintenance of computer equipment (this could include, for example, claims against those who advise on the use of technology to control energy use in homes, offices or industrial premises).

  • Contract/tort – claims against individual companies, cloud service providers and web hosting companies in respect of losses suffered by customers and business partners arising from flaws in their cyber security.

The interconnection of multiple machine to machine applications, often, enabling the exchange of data across multiple industry sectors. It will enable large numbers of previously unconnected devices to communicate, with potential benefits in sectors such as healthcare, transport and energy.