Some estimates calculate that over 23 billion “things” were connected through the internet in 2016. This number is projected to rise to over 50 billion by 2020. The broad category is known as the Internet of Things (IoT), and the new technology connects everything, from household devices to cars to industrial machinery, to the internet via enhanced sensors. The exponential growth in connectivity and new product development carry additional risks for companies investing in IoT technology. We offer some ways to protect your interests.
Consider the following examples:
- Smart phones controlling household items like security alarms
- Wearable devices monitoring fitness or health data
- Toys that interact with users via internet links
- Smart refrigerators, which order food necessities automatically when supplies are low
- Applications on your mobile device that track other’s whereabouts
- Smart TVs
- Smart cars that monitor outside conditions and also automatically control when repairs are needed
- Homes that regulate lighting, temperatures and energy usage
- Industrial applications
What happens if a device malfunctions, resulting in property damage or injury to others? Devices that are linked to the internet can also be hacked. For example, some have speculated that the data breach at Target in 2014, which exposed personal information relating to approximately 70 million customers, was a result of hackers that gained access through inadequate security around the Target HVAC systems.
To the extent there are physical harms, data breaches or privacy issues, liability might affect businesses at any point in the production chain, including manufacturers, network providers and software developers. Careful attention to indemnification language in vendor agreements is one way to help minimize the risks. Another is to closely examine your company’s insurance portfolio to make sure that your insurance policies are as dynamic as your technology.
Even though insurance companies continue to tweak their forms to address new circumstances, the risks posed by Internet of Things technology may not fall neatly into any of your conventional insurance policy buckets. General liability insurance covers property damage and bodily injury but many policies now contain a broad electronic data exclusion. Some of the standard exclusions in general liability insurance policies – like the impaired property exclusion – can also severely limit coverage in situations where one product is used as a component in a larger product that later becomes damaged. There is also a risk that insurers could take a hard line on whether products/completed operations coverage is applicable, if software engineers continue to develop updates for technical issues that users download routinely to their devices. General liability policies are also generally limited to damages that are tangible, and not to electronic or other types of harm that might be deemed intangible by a court.
Cyber insurance can fill in some of the gaps, particularly where there are intangible harms, like those arising from hacking, data security and breach of privacy. This protection is absolutely critical for risks arising from Internet of Things operations. Nevertheless, this does not fill all of the gaps, as cyber policies usually exclude bodily injury and property damage, and so they would not address some of the risks left by the general liability coverage. There might also be limitations on certain types of privacy claims, like the improper collection of confidential information.
The best way to protect against any remaining risks may be through professional liability insurance designed for technical operations, referred to as technology errors and omissions coverage, also known as Tech E&O. This coverage is typically offered on a claims-made basis, and can be tailored in many circumstances to address your unique business profile. The policies can also, for example, include provisions, covering liability assumed by a contract, which could be a critical protection for software developers.
The potential risks and liabilities in this area suggest that the best way to protect your business at this juncture is to maintain all three types of insurance coverage – general liability, cyber liability and Tech E&O – and to tailor such coverage where possible, with the assistance of your broker, to minimize any gaps raised by the risks for your particular business. The insurance industry will hopefully begin to address the complexities in this area, and make hybrid insurance products more commonly available in the near future.