Insuring the security of connected products is hard for a simple reason: they are too new, and too little is known about the economic losses or personal injury they might cause. What the industry needs is data, and analytics to translate statistics on losses into policy standards and consistent pricing. Only then can emerging industries like self-driving cars and network-connected medical devices really take off, says software security expert Josh Corman.
Efforts to build a strong insurance industry in this area are expected to begin bearing fruit in early 2016, experts say. A number of groups have begun setting standards for protecting cybersecurity in Internet-of-things devices, and the hope is that they will standardize insurance practice and begin establishing the legal standards for handling data, helping to determine who’s responsible for what losses when things go wrong, says George Washington University Law School lecturer Paul Rosenzweig.
Makers of next-generation connected devices—and services—need insurance against malfunctions from bad software as well as any damage hackers might cause. Many connected devices and the systems connecting them use freely available open-source software that has security flaws well known to the industry, says Corman.
But even highly customized software can pose problems. Tesla’s release last summer of an autonomous-steering upgrade illustrated the possible risk, though no injuries were reported. Hackers also demonstrated that they could remotely take over a Jeep through its onboard computers. The potential for cars to cause accidents shows how computer-security problems can cause trouble distinct from the harm done in traditional cybercrimes like theft of credit card data. As Internet business, once centered on retailing, becomes a hub for manufacturers, health care, and services, its insurance needs get more complicated.
Carriers have sold limited amounts of cyberinsurance for years, but little is known about the market, says Eric Nordman, director of regulatory services at the National Association of Insurance Commissioners, a group of state regulators. Almost all the insurance written now is believed to cover the costs of losing customers’ personal information to hackers. State laws require disclosure of those breaches, so carriers know how common the incidents really are, and how much they cost to fix. Loss of intellectual property or personal injury, such as injuries that might occur if Tesla’s steering system were hacked, are often simply not insurable, Rosenzweig says.
The gene-edited pig heart given to a dying patient was infected with a pig virus
The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.
Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging
The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.
Yann LeCun has a bold new vision for the future of AI
One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.
The dark secret behind those cute AI-generated animal images
Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.