Does Your Vehicle Insurance also provide you Cyber Insurance?

Cyber Security specialists have recently demonstrated how a commercially sold car can be effectively taken control of by a remote “Hacker” leading to disastrous consequences.

This article in Washington Post graphically sketches how a hacker can cut off the engine or disable the brakes or even turn the steering wheel by hacking in to the Jeep Cherokee marketed by Chrysler. What is more alarming is that this is not a “Google Car” meant to be remotely driven but a conventional car with the infotainment connected to the internet and perhaps independent subsystems that are managed by electronic sub systems in the car.

Apparently, the hackers have gained access to the infotainment system through the internet and once into the subsystem within the Car’s electronic system was able to jump across to other subsystems taking control of each one of them.

It is obvious that malicious hackers can exploit similar vulnerabilities and cause death and mayhem on the roads.

While Chrysler in response has reportedly recalled about 1.4  million vehicles and also issued a patch to plug the vulnerability, the risk of cars being vulnerable to hackers is staring all Car manufacturers as well as Car users.

india_insurance_logo_2

The biggest beneficiary of this demonstration is however the info-sec community as it opens up more critical job opportunities for them in the automobile sector. But the automobile users will now remain under constant threat of being exposed not only to risks of mechanical failures but also the technological failures and additionally, the cyber criminals.

In the context of Cyber Insurance that we are discussing through these columns, it now appears that a Car accident can happen due to such hacking incidents and the Insurance companies may have to deal with claims of accidents that cannot be logically attributed either to a driver’s mistake or to any identifiable external reasons. The claimants will have a lot of difficult to explain the cause of an accident as finding evidence will be extremely difficult. Perhaps the damage assessers need to be not only mechanical engineers who check the mechanical failures but also “Cyber Forensic” specialists who will check the log records of all electronic systems in the Car.

The question that arises in settlement of the claim is whether the policy which covers “Mechanical Failures” will also cover “Electronic Failures” and “Cyber Crimes”. Ideally the current policy should cover damages occurring due to malfunction of a mechanical part whether it is because of internal defect or an external hacking, unless the risk is specifically excluded.

The publicity now generated to the hacking event should be sufficient to consider that the Insurance company is aware of such risks and hence if the risk is not specifically excluded, it should be considered as “Included”. In other words, the Insurance companies will have to accept the  uncomfortable truth that  the current Vehicle insurance policies are also “Cyber Insurance Policies”

The problem demonstrated in respect of the Chrysler automobile is also relevant to the managers of Digital India who need to manage an environment which includes “Internet of Things”.  With a similar argument we can say that the current insurance policies that insure damages of white goods or other properties should be also considered as covering risks arising out of electronic component failure either due to natural causes or through hacking.

While the manufacturers of internet exposed devices need to worry about the information security aspects, the Insurers need to worry about how they would cover these risks.

The future of the Cyber Insurance industry appears to be exciting.

Naavi

Related Article:

In USA today

In Cnet.com

If you have not yet responded to the online India Cyber Insurance Survey 2015, please do so now.

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.