The Continuous Evolution of the. Implications (Session Code CRM11/690)

Transcription

1 The Continuous Evolution of the Internet of Things and Insurance Implications (Session Code CRM11/690) Speakers: Denise C. Schlitt, Director, Global Risk Management NCR Corporation Fredrik Motzfeldt - GB Industry Leader, Technology, Media & Telecommunications, Willis Towers Watson

2 Learning Objectives At the end of this session, you will know: How to prepare for the policy implications of specific risks created by IOT. What are some of the specific actions I must take? How to learn from and use other companies loss experiences to shape your ideas for managing your IOT risk How do I effectively scenario plan for an uncertain future? Lessons learned from others? How to keep up-to-date on market development around IOT risks and secure effective risk transfer/financing solutions. Where can I find effective risk transfer/insurance solutions?

3 The Continuous Evolution of the Internet of Things and Insurance Implications Today s Agenda 11:00 am 11:05 am Introduction to Speakers: Denise C. Schlitt, Director, Global Risk Management NCR Corporation ~20 minutes 11:05 am 11:30 am 25 minutes 11:30 am to 11:50 am Fredrik Motzfeldt - GB Industry Leader, Technology, Media & Telecommunications, Willis Towers Watson What is the Internet of Things: IOT An overview and future predictions Latest Trends & Risk impact for critical corporate infrastructure IOT usage Industry Case Studies The circle of risks vs opportunity. Risk Management and Insurance Implications Is Corporate and Risk Management Infrastructure ready for IOT? What are the insurance implications of IOT/connected devices? What are Insurance & Risk Management opportunities from IOT? How and where do I find effective coverage solutions and what should they look like? Future challenges

4 The Continuous Evolution of the Internet of Things and Insurance Implications

5 The IOT spreading its wings

6 The Continuous Evolution of the Internet of Things and Insurance Implications IOT can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. The IOT will help to enable an environment with the flexibility to provide services of all sorts, ranging from home automation to smart retail/logistics, and from smart environmental monitoring to smart city services. In a very short time, the IOT will have sensing, analytics and visualization tools, which can be accessed by anyone, anytime and anywhere in the world on a personal, community or a national level. The potential for it to enable any aspect of our lives is what is encouraging this idea to become established and flourish.

7 Is IOT domination' inevitable? New logic Digital does not respect boundaries! Regardless of the industry, digitisation will uncover inefficiencies and create value Anything that can be connected will be connected, smart and interactive Any resource that can be shared will be shared, rich and abundant Every product is a service waiting to happen!!

8 Is IOT domination' inevitable? New logics

9 Is IOT domination' inevitable? Enabling technologies driving the successful growth of IoT The size and cost of wireless radios has dropped tremendously. Internet Protocol V6 makes it possible to assign a communications address to billions of devices. Electronics companies are building Wi-Fi and cellular wireless connectivity into a wide range of devices (e.g., billions of wireless chips). Mobile data coverage has improved significantly with many networks offering broadband speeds. Battery technology has improved significantly, and solar recharging has been built into numerous devices.

10 The networked society is inevitable

11 Connected via the Cloud

12 IOT Industry case studies Media A First Mover Empowered Lifestyles Remote Surgery The Supply Chain Manufacturing 4.0

13 Media

14 Empowered lifestyles Collaborative culture Prefer services Are in control Always on/connected Always Informed Everything Instant Digital relations & identity FOBO

15 Remote surgery

16 The supply chain Goods tracking Autonomous ships

17 Smart manufacturing Manufacturing 4.0

18 Smart manufacturing. Manufacturing 4.0 Ten years from now, the global manufacturing sector will look nothing like it does today. Advanced manufacturing technology is rapidly transforming the global competitive landscape. The companies and nations that act now to seize its promise will thrive in the 21st century. Those who are devoted to incremental change and fail to engage in smart manufacturing will rapidly fall behind. Sujeet Chand, Chief Technology Officer, Rockwell Automation (Source; The Smart Factory Risk Management Perspectives CRO Forum, 2015

19 Risk impact for critical corporate infrastructure The security of the thing is only as secure as the network in which it operates Knowing thy body... or blind, deaf and defenceless? Disruptive technologies Pace of change is disruptive Unintentional expansion of risk ecosystem Business drivers leading to insecure IOT solutions Execution risks - BETA Activities outside defensive fence FOBO IOT = Increased pressure from external and internal threats Threat/attack vectors multiplying Traditional perils magnified Risk tolerance inaccurate Data key for delivery of critical IOT services and business Privacy and security Device ability outpacing security IOT security and ordinary people Privacy by design Reputational impact Lack of talent quality/access Intellectual property

20 Risk impact for critical corporate infrastructure A recent survey found that nearly 100 percent of today s cars include wireless technologies: May be inadequately secure, and most manufacturers may not be able to easily determine whether their vehicles have been hacked Healthcare cybersecurity is centred on data breaches and threats to patient information. Unfortunately, medical devices also present and expand threat attack surfaces, as these devices can be directly connected or implanted in a patient

21 Circle of risk vs opportunity 0. Prepare 1. Identify Risk 4. Monitor & Control 2. Assess Risk 3. Risk Response RMs to have a voice in the creation of value chain

22 Circle of risk vs opportunity success requirements 1. Know your environment/ecosystem! 2. Continually learn and evolve 3. Confidence incident and crisis response 4. IOT/cyber security as business enabler 5. Security changing to threat intelligence 6. Make sense from data - analyse 7. Establish connected & networked practices 8. Develop new risk platforms 9. Innovate the risk management function

23 Circle of risk vs opportunity - prioritize

24 Infrastructure IOT ready? Corporate Challenges: Disruption of industrial development, production and value chains Capital investments & questionable value Cyber-physical systems Legacy meeting Connected/Smart Is the back door (still) open? Undefined industry standards IOT Risks not constrained by conventional boundaries Extract value from data explosion Supply chain vulnerabilities Insufficient talent pool Risk Management Challenges: Difficulty in determining liabilities for losses Use and secure data flows Changing patterns of loss from frequency to severity Increased vulnerabilities to and severity from cyber attacks leading to technology failures Impact on foreseeable losses from traditional perils Greater potential disruption from business interruption Changing labour requirements and work environments The insider threat

25 IOT insurance implications What is the Role of Insurance in IOT Risk Management Strategy

26 IOT insurance implications Prevention Open source intelligence Technical risk assessment Scenario building and testing Access to risk management platforms Incident response planning exercises Specialist risk engineering IS27001 qualified loss prevention

27 IOT insurance implications Identification Protection Detection Response Quantification Your critical digital assets? (data, infrastructure and applications) Location & who has access to them? How are they protected? Technical controls, training and awareness, human controls, control (internal & external). How will you detect any issues? User notification or IT detection. How will you respond to an incident? Disaster Recovery & Business Continuity Plans. How would you quantify the impact?

28 IOT insurance implications Transfer IOT risk insurance implications: Distinguish between Physical Triggers (e.g. fire, flood, earthquake) Physical Outcomes (e.g. property damage, physical injury Non-Physical Triggers (e.g. hacking, virus infection, Denial of Service Attack) Physical Outcomes (e.g. property damage, physical injury) Non-Physical Triggers (e.g. hacking, virus infection, Denial of Service Attack) Non- Physical Outcomes (e.g. Interruption of IT networks, destruction / corruption of data)

29 IOT insurance implications Property Physical loss or damage to property by an insured peril. Cyber attack exclusion & Electronic Data Exclusion. Terrorism Losses and liabilities that might occur due to terrorist activities. Exclusion Loss of damage by electronic means Bodily Injury Privacy claims by employees Business Interruption Property damage Insurance Regulatory investigations General Liability Third party liability for physical property damage and bodily injury. Focused on physical loss. Regulatory penalties Cyber Extortion Crime Insurance Loss of money, securities and other property arising from the fraud or dishonesty of employees or a third party. Focused on pure financial loss rather than losses to intangible assets. IT/ Computer Insurance Covers loss of physical computer hardware. Business Interruption Loss of revenue plus additional costs. Commonly triggered in conjunction with the property policy Loss of IP Privacy claims by third parties Crisis management costs e.g. PR, IT, Forensics, Credit monitoring, Legal costs D&O Claims against D&O s for alleged wrongful acts in their capacity as Directors & Officers. Theft or loss of data Reputational Damage Errors & Omissions Professional Third party claims and defence costs arising from the insured's provision of services. May be limited to the accidental or negligent acts of the insured rather than malicious acts of third parties (e.g. hackers)

30 IOT insurance implications Response Loss investigation Response strategy implementation Emergency response support IT forensic Specialised legal support PR support Credit monitoring Legal defence cost Earnings smoothing/funding support

31 Insurance & risk management opportunities from IOT? Improved vigilance, safety & security Improved Governance & Data Create an analytics culture Claims trends analysis Change patterns and impact Remote risk monitoring and early alert systems (sensors) Automatic triggering of loss prevention actions ex. flood Predictive maintenance Resilience & Reduced Downtime Prevention Internally & Externally Improved risk dialogue & communication Build organizational resilience as part of IOT cybersecurity solutions to drive competitive advantage Enabling interoperability Extending functionality Big Data and digital channels for better informed premiums Analysis of customer specific risk exposures for bespoke solutions

32 Effective coverage solutions Conclusions Digital Enablement is already here so we re already late Its going to get more complex! What will the new Partnership Model need to look like? Risk Finance/Transfer market will need to evolve to offer solutions reflecting impact that technology/cyber has on existing perils and loss exposures Insurance solutions not reflecting reality of IOT/Technology exposure or creative use of capital markets and need to quantify the increased exposure to resolve Role of insurance & risk leadership in hyperconnected world will need to evolve

33 Effective coverage solutions? General Liability Property Crime Kidnap & Ransom! D&O Technology Professional Indemnity Terrorism Business Interruption

34 Effective coverage solutions Prevention is better than cure Especially when there is no cure! Consider transferring the risks you can t remove Consider the scope and recovery value of insurance not just the cost: The right solution may not be off the shelf or a price buy But that will depend on your particular situation Insurance can support pre, during and post incident (services on tap) Insurance is not an alternative to risk management & should be considered as part of overall cyber risk management strategy General Liability Kidnap & Ransom Technology Professional Indemnity Property Terrorism Crime! D&O Business Interruption

35 Future challenges - Action required!