Systemic Cyber Risks And The Internet of Things
Companies’ awareness of “cyber” risks has increased significantly because of large and highly publicized data security breaches, such as Target and Home Depot. Companies are starting to more proactively manage the risk of data security breaches by strengthening their IT defenses and, in many cases, buying cyber insurance. However, many do not realize that data security breaches are just the tip of the cyber-risk iceberg. Because nearly our entire economic system depends on electronic devices, machinery and infrastructure that is connected to the internet (i.e., the “Internet of Things”), the potential exists for much larger scale hacking attacks that could control, damage, destroy or shut down many of the systems on which we rely to conduct business. Some of this risk is covered by cyber insurance, but much of it is not. Proactive and effective “Enterprise Risk Management” will be vital to companies seeking to protect themselves against these growing risks. Businesses should carefully review their unique risk profiles, indemnity contracts and insurance policies (including their non-cyber “traditional” policies) to identify and mitigate their exposures.
We have all heard of the large scale attacks on Target, Home Depot and more recently, Ashley Madison. The news generated by these cyber attacks has contributed to the public’s increasing awareness of the large volumes and types of personal information that companies are holding about their customers. To protect themselves against some of the losses that such data security breaches may cause, many companies have prudently responded by buying “cyber insurance.”
But few realize that data security breaches are just the tip of the cyber-risk iceberg. While the storage of personal information on the internet has grown exponentially, so has the connectivity of pretty much all the electronic consumer products, corporate computing infrastructures and industrial machinery on which our economy relies. The enormous number of devices and machines that are connected to the internet do not just give hackers additional ways of gaining access to computer systems and the data they store – the Target hackers accessed the point-of-sale terminals via the company’s HVAC system. Hackers now have the ability to cause widespread physical and economic harm by shutting down or damaging critical systems.