15.Feb.2017

Connectivity in cars – Developing cyber risks

Additional functions can allow vehicle tracking, speed control and unprecedented access to the enormous amount of information now available about the vehicle and drivers or passengers.



This hyper connectivity creates great opportunity and lucrative new marketplaces. For companies operating or developing connected vehicles, it also carries operational, privacy, and network security risks.



In a competitive environment where small improvements can increase profitability significantly, new technologies will continue to be interwoven into every step of the driving experience. These issues impact many industries including logistics, delivery services, the sharing economy and manufacturing. Businesses must adapt to this changing landscape and ensure that relevant risks are effectively identified, quantified and mitigated.



KEY RISKS FROM VEHICLE CONNECTIVITY



Privacy



Heightened connectivity allows remote monitoring of a number of vehicle systems. Increasingly, this has created data that is transmitted to manufacturers or operators that provides great insight into the user’s personal movements and habits. Sensors in the car can track:

  • The speed of the vehicle
  • Weight on the seats
  • Mileage
  • Alongside installed navigational equipment, detailed logs on the driver’s movements
Consumers may be unable to ‘opt out’ of this tracking because of engrained hardware that cannot be deactivated. Privacy concerns have led to a regulatory response, with United States Congress considering legislation that would develop federal standards for protecting drivers’ privacy.



Security



Connectivity also leads to increased pathways for hackers to access the systems and potentially obtain control of the entire vehicle.



Much of the technology used in modern vehicles was not developed with security in mind. Wireless, SMS and cellular connections—an important part of modern vehicle connections—may not be secure and can provide pathways for hackers to access the vehicle. Successful hacking attempts have led to car recalls and proven that vehicles can be controlled remotely including controlling brakes, transmission and other operating features.



Operational resilience



Companies, exposed to the risks posed by connected vehicles—particularly in the industries mentioned above—must take steps to identify, quantify and mitigate their risks to ensure ongoing balance sheet protection and growth. Cyber risks are no longer limited to data theft; physical damage and bodily injury could easily result from failures to keep systems in vehicles secure, potentially triggering coverage under a number of insurance policies.



Network security and privacy policies (i.e., cyber insurance) can provide coverage for first-party expenses, as well as liability costs to third parties who are affected by a cyber-event. For example:

  • Privacy claims can be brought by consumers whose personally identifiable information is collected and/or disclosed without the appropriate consent.
  • Liability coverage for bodily injury and property damage caused by a system failure (or hacking event) is also generally available.
How and whether each of these policies would respond to claims arising from a cyber-attack involving a connected car would turn on the particular circumstances, as well as the terms and conditions of each of the policies.



The dynamic nature and interconnectivity of cyber risk makes clear that the days of insurance coverage silos are long gone. Heightened awareness of the reputational, physical and financial risks posed by car connectivity is vital for any organization operating in this fast-growing economy, as is an integrated, holistic approach to risk management.