Hacking the Connected World

Eavesdropping Barbie dolls and other (downright scary) implications for insurers

by Mark Breading

Mr. Breading is a Partner with Strategy Meets Action, a firm dedicated to helping the insurance industry modernize, optimize, and innovate to effectively support today’s needs and position for the business demands of the future. Visit Reprinted with permission.

Many exciting TV shows and movies include hacking as standard fare – overriding security systems, changing traffic lights, causing explosions, even committing untraceable murders. It makes for interesting entertainment. But the frightening part? It’s all possible.

Does you dog have an embedded chip?

The digital connections in our world are multiplying faster than we realize. It is difficult to even think of anything that cannot be connected. Connected cars and connected homes are advancing by leaps and bounds. Livestock such as cattle and sheep are tracked electronically, and your dog or cat probably has an embedded chip. Even bees are being outfitted with tiny RFID backpacks.

Roads, buildings, and transportation systems are beaming real-time information to servers in the cloud. The rapid rise of wearables, hearables, implantables, and personal medical devices means that an increasingly large segment of people are connected. The increasingly connected world provides terrific opportunities to improve life on earth. But with opportunity often comes threat – in this case the threat of hacking. And the facts are scarier than the fiction.

The word hacking conjures up images of millions of credit cards being stolen from banks or retailers, or perhaps the stealing of corporate secrets or even cyber-espionage between countries. Insurers have been at the forefront of this battle, designing cyber risk coverages and policies to help individuals or businesses address the financial exposure of hacking. But the connected world increases the hacking potential in incalculable ways. Here are just a few examples of other existing vulnerabilities:

  • Connected Cars
    WIRED magazine hired two hackers to demonstrate how a Jeep Cherokee could be hacked. The hackers showed that they could take over simple tasks like locking or unlocking doors, but could also take over the steering wheel and drive the car over an embankment.
    The new Hello Barbie Doll is connected to the Internet and can be hacked so that a hacker can listen into the conversations in your home
  • Toys
    The new Hello Barbie Doll is connected to the Internet and can be hacked so that a hacker can listen into the conversations in your home.
  • Laptops and Smart TVs
    Bad guys can remotely take over the camera and audio for these devices to spy on the laptop user or anyone viewing their Smart TV.
  • Medical Devices
    Insulin pumps and other medical devices can be hacked to alter their treatment. For example, the insulin dosage can be changed resulting in insulin shock and even death.
  • Wearables
    Connected watches, shoes, and health monitoring devices are notoriously exposed, especially since they often collect very private, personal information.

Fortunately many of these incidents were the work of white hat hackers hired to expose weaknesses. Unfortunately, most of the exposures still exist, and every new chip, sensor, and connected device becomes a target. There are several key implications for insurers and individuals:

  • Cyber risk insurance must greatly expand. The industry has done a yeoman’s job thus far in helping to address financial exposures. But now, whole new classes of cyber threats must be evaluated and addressed.
  • Loss control must increasingly consider cyber safety. Individuals and businesses need advice on how to protect their valuable digital information, related to both traditional and new sources.
  • Insurers must consider their own growing cyber vulnerabilities. As companies employ drones, IoT devices, and wearables for employees, they must understand and address the potential exposures from theft of the related information.
  • The industry must actively participate in cyber initiatives. New technology defenses, law enforcement approaches, and regulation will all play a role in thwarting hackers. Insurers should provide expertise, investment, and support to advance important initiatives.

It’s an exciting time to be alive. And it’s an exciting time to be in the insurance industry. Technology, with all of its benefits, is advancing fast – but faster than we can regulate and manage it. New risks and threats from connected devices definitely exist. But connected devices also provide great opportunities for the insurance industry to play to its strength – protecting valuable assets, promoting safety, and providing peace of mind to individuals and businesses alike.