Is that soda really sending me hate-mail? Did the cheesecake just wink at you? A simple visit to the refrigerator will never be the same again after news this week that common home appliances have been hijacked to participate in malicious cyber attacks…
Hackers broke into more than 100,000 TVs, multimedia centers and other devices, including at least one refrigerator, and used the appliances to send out more than 750,000 malicious emails, according to a report titled “Proofpoint Uncovers Internet of Things (IoT) Cyber attack” from security firm Proofpoint.
Last week in this blog we discussed the product liability implications of things malfunctioning in the “Internet of Things” – the vast network of devices implanted with computerized sensors. If a device malfunctions and causes damage, even if the cause is an algorithm running remotely, there is a good chance that traditional product liability coverage will respond, according to Hunton & Williams attorneys Lon Berk and Paul Moura, in a recent Law360 article “Coverage Risks in the Age of the ‘Internet of Things’“.
But who is responsible if your smart refrigerator sends out malicious emails? Which, if any, insurance policies would respond if a lawsuit were filed?
More ominously, what happens if hackers traverse the Internet of Things to sabotage industrial machinery, aircraft navigation systems or medical devices?
It is a real enough threat that former vice president Dick Chaney had the wireless features of his pacemaker disabled to thwart any potential cyber assassination attempt.
Cyber insurance policies do not cover bodily injury, according to attorney Rick Bortnick of Christie Pabarue & Young, though a few new policies may offer coverage for property damage. In most cases, insureds would look to their general liability policies for protection. Increasingly, however, general liability policies have a cyber exclusion.
A company could find that it simply had no coverage at all.
We suspect that risk managers are only now waking up to the potential liabilities posed by the Internet of Things. Many probably don’t even know where in their organizations the exposures lie. Given the seriousness of the potential outcomes, we encourage companies to assess their exposures and to work with their broker to assure they are covered.