Skip to main content
Assessing Cyber risk


The "Internet of Things" at Risk

The "Internet of Things" at Risk

Internet-enabled devices improve productivity and help us achieve greater innovation, but there are three major risks that could unravel it all.

It is estimated that 90 per cent of the world’s data has been generated over the past 2 years. Every second, the data equivalent of 150 million books is created. A large part of this expansion is attributable to the Internet of Things (IoT), the network of “smart” physical devices that collect and exchange data.

When most people think of internet-enabled devices, examples such as Fitbit and Apple watches naturally come to mind. But these products are quickly being outnumbered by others that are less familiar. These new devices capture data from industrial plants, machines and even the human body, then transmit it elsewhere over the internet or another network where it can be stored and analysed to enable better decision making.

There are countless applications for virtually every industry related to construction and real estate, from telecom to energy. Many of these applications are designed not just for convenience, but also for safety. For example, electrical systems can be equipped with sensors that detect wiring failures, warning technicians of fire hazards before the fire can occur.

But while the IoT may herald a period of unprecedented opportunities, it is also one of unprecedented complexity. These devices pose new challenges for managers and risk specialists who need to be connected with their R&D departments as never before. We see three big new IoT dilemmas that society needs to resolve.

Data Confidentiality

The first is confidentiality. Consider the use of smart TVs. Unlike the old-fashioned projectors, they are connected to the internet. They are operating behind the firewall and are plugged into sensitive networks, often without necessary care. What happens when sensitive information is leaked? More fundamentally, all IoT pioneers must grapple with well-known concerns over privacy — how to balance expectations of privacy with the inherent need to collect and analyse data in ways that harness the true power of the IoT.

Personal data is easily shared by various companies and devices creating all sorts of potential privacy concerns. For example, workout data from one device can be connected to insurance company systems to calculate health and life insurance premiums.  

Most insurance companies have already started offering better rates to those who can demonstrate more healthy lifestyles. The IoT means behaviors can actually be tracked and validated with much greater precision. But what about individuals who cannot afford or simply refuse to wear IoT devices based on privacy concerns? This raises key questions for insurance companies, elected officials and regulators.  

Data Connectivity

There have been numerous high-profile cyber-breaches which have caused damage. But the risk takes on a different dimension when so many devices are connected. In fact every node on the internet is a potential access point for someone unscrupulous or malevolent. As a society we are installing billions of connected devices in everything from aeroplanes to flood defence systems.

A connected and automated system can improve the efficiency of a town’s electricity grid. But it also gives a hacker a way to shut down that electricity grid from their own computer.

Even without any malfeasance, this connectivity also creates issues in case of catastrophic outages. If an earthquake massively degrades network capacity in a large area, the use of smart lifts for building evacuation might be impacted. Urgent payments for medical care or intelligent traffic lights could also be crippled.

Data Liability

The biggest risks for the insurance industry during the IoT revolution, however, center on increasingly complex questions about liability and cybersecurity. If a sensor fails to detect a potential problem in a machine, it might be difficult to determine who is at fault? If a semi-autonomous truck is involved in an accident, resolving who is responsible takes on multiple dimensions. This could also depend on the jurisdiction in which the vehicle is driven. With so much data collected and shared across a host of machines, someone needs to be accountable for accuracy and security. Now that everything can be monitored, failing to monitor is an even greater risk.

There is also the ethical conundrum of how connected machines should be programmed to make decisions. We are not used to objects acting on their own and they might act in unexpected ways.

But more than that, so much of the potential of the IoT lies in the seamless transfer of data between devices. This will make it very difficult to associate an individual piece of data with an individual device, and to allocate responsibility for any failure.

The insurance industry has developed over centuries as a means of transferring risk of loss from one entity to another in return for payment. The effective transfer of risk is a fundamental pillar of the modern economy that relies on understanding contingencies. This process is going to become much more complicated in the near future.

Gilles Hilary is an INSEAD Professor of Accounting and Control and The Mubadala Chaired Professor in Corporate Governance and Strategy. He is also a contributing faculty member to the INSEAD Corporate Governance Initiative.

Follow INSEAD Knowledge on Twitter and Facebook

About the author(s)

About the series

Corporate Governance
The INSEAD Corporate Governance Centre harnesses faculty expertise across multiple disciplines to teach and research on the challenges of boards of directors in an international context with the goal of developing high-performing boards.
View Comments

Anonymous User

13/07/2017, 08.16 pm

Thanks for sharing about the three risks of IOT, By going through your post, I have attained a clear knowledge on the IoT at risk concept.I Would want some more information on IOT.


Anonymous User

10/12/2015, 11.59 pm

As IOT is expected to be one of the key tech trends will pervasive impact, and as rightly pointed out the insurance industry is focused on the liability and the risk and one wonders is the risk increasing or decreasing. Well my view is that the probability of a high impact failure is reduced. At the same time use of technology to monitor, track failure, mistake proofing will be increasingly called for.

Leave a Comment
Please log in or sign up to comment.