In her opening speech at the DVS conference, Seraina Maag, president and chief executive officer, AIG EMEA, warns of the challenges ahead

Cyber world

The internet of things (IoT) will revolutionise business and exacerbate cyber risks for businesses and consumers.

In her opening speech at the DVS symposium in Munich today, Seraina Maag, president and chief executive officer, EMEA AIG, will talk about the key risks associated with the new technology.

Speaking to StrategicRISK ahead of her presentation, she says: “IoT is a technological revolution — the biggest since the industrial revolution — and we believe it will have a deep and profound impact on the way every company in every industry does business. There are many applications for virtually every industry: from construction to real estate, from telecom to energy.

“This revolution creates tremendous opportunities but also poses new challenges for risk managers and insurers, including the rapidly changing landscape of cybersecurity.”

She adds: “In a world where machines are increasingly replacing humans as decision makers and where sensors are capturing data, there will be serious questions regarding liability and as well as privacy and the exact impact on the level of litigation and questions around liability remains to be seen.”

Cyber world

Cyber world

IoT risks

Although still in its infancy, IoT could create a cyber risk landscape that is more litigious. Maag says: “There are a number of risks in addition to cyber that are potentially associated with IoT such as liability and privacy.

“For instance, if a sensor fails to detect a potential problem in a machine, who is at fault? If a semi-autonomous truck is involved in an accident and the driver is not the operator, who is responsible? If a wearable healthcare device that is supposed to call your doctor when it senses danger does not connect with the ambulance as intended, what happens? Now that everything can be monitored, could there be a new risk in failures [in monitoring systems as part of IoT?] With so much data collected and shared across a host of machines, how can organizations ensure they are protecting it appropriately, using it transparently and maintaining their clients’ trust?”

Her advice is that risk managers need to engage with research and development departments “like never before so that they can be aware of what is coming and prepare to mitigate and insure the risk appropriately.”

Indeed, IoT will inevitably expand the network of interconnected devices and, as businesses become more reliant on this technology, they are likely to demand uninterrupted connection. Insurers will have a key part to play in helping businesses to prepare for the threats, but how are they innovating to meet business needs?

“The first cyber policies were introduced over 15 years ago to cover the intangible risks that organisations faced as business began shifting to the digital economy,” explains Maag.

“Viruses, denial of service attacks, hackers, and other threats created a new set of risks for firms, and cyber policies responded by covering network interruption losses, third-party liability costs and breach response services. Just as the risk rapidly continues to evolve, so have the solutions insurance carriers provide to help clients mitigate the risk.

“For example, cyber policies may now respond to cover system failure, cloud failure, and regulatory fines/penalties (to the extent insurable). First introduced by AIG last year, CyberEdge PC is actually designed to fill the gaps in cyber coverage for any property/casualty policy depending on the needs of our customers.

“We recognise that many of them have spent years designing their property/casualty programmes, and with CyberEdge PC, it can sit above any policy and provide affirmative cyber coverage where there may be a gap or cyber exclusion in the underlying policies.”

She adds: The cybersecurity landscape is one that is rapidly evolving. And IoT is much bigger than just cyber. It is important that we continue to collaborate, partner, and learn together with our clients, and our strategic partners, to ensure we are providing the most comprehensive risk management solutions to our clients.”

The top five questions

To prepare for the day when IoT becomes a key part in business operation, there are five questions that risk managers should ask:

  1.  Does your company have regular reporting to and representation among the company’s board of directors to ensure a clear understanding of current risk profile?
  2. Does your company monitor the cyber, liability, and privacy risk landscape effectively as risks evolve?
  3. Is your company clear about its internal strategy and culture for data privacy and privacy-by-design?
  4. Are you involving third-party experts enough (as opposed to in house), to ensure adequate risk mitigation?
  5. Do you have the specific cyber coverage for your needs in the event of a claim? Have you reviewed your insurance policies (including D&O) to understand how they might respond to a possible cyber incident?