In this month's newsletter, we outline how Connected Risk will transform Regulation
Security Risks in the Connected World
15 November 2016 | Blog Post
More individuals than ever are connected to the Internet, as new armies of sensors capable of reporting back their data to new service providers make the Internet of Things a new reality.
Cars are connected to our phones and thermostats are connected to our home network. Alexa, Amazon’s virtual assistant, is in more than three million US homes via the Echo speaker. Now it’s available in Britain – but what’s the attraction?
The Echo can control a wide range of connected home devices, such as thermostats and smart lighting. In some cases, this may require you to equip Alexa with a new “skill.” Once you’re set up, simply tell Alexa to “discover devices”. You can then issue commands such as “Alexa, set the Nest temperature to 20 degrees” or “Alexa, brighten the bedroom light”.
But what we may not consider are the vulnerabilities we risk every time we use a connected device. Consumers are concerned as are businesses that fear exposing their customers to Internet criminals without being able to fix the problem. From a business perspective, it is the reputational damage and loss of trust resulting from these break-ins that hurts more than the cost of repairing the damage.
According to PwC’s 2016 Global Economic Crime Survey, executives considered reputational damage the most devastating impact of a cyber breach, followed closely by legal, investment and enforcement costs.
New Electronic, the website for electronic design engineer, reports this is why software vulnerability management is so important. New Electronic reports that most successful cyberattacks use known vulnerabilities to gain access to corporate IT infrastructures or to escalate privileges once inside them.
Once hackers have successfully exploited a vulnerability, they have a base from which to roll out their attack – moving around systems, gathering information and deploying malware to steal or terminate business critical information or cause disruption.
Meanwhile, the Annual Vulnerability Review 2016 published by Flexera, which presents global data on the prevalence of vulnerabilities and the availability of patches, reported that in 2015, 16,081 vulnerabilities were recorded in 2484 products from 263 vendors.
As the report outlines, these findings illustrate the challenge faced daily by security and IT operations teams trying to protect against security breaches.
These statistics should be alarming to insurers and corporate risk managers, which in their own different ways are exposed to a number of counterparties. Insurers are of course exposed to corporates. These same insurers than package these risks and pass on the aggregate risk to their reinsurers.
Corporate risk managers should be equally concerned. Corporates are now increasingly integrated across industrial sectors and geographies, and are operating sophisticated supply chains or delivery systems to end clients and markets. This exposes companies to a network of connected risk as each business becomes more related to the next counter party thus generating systemic risk.