Insurance denied due to a lack of vehicle design security

Vehicle security.jpgThe BBC reported recently, insurance companies denied issuing policies for certain vehicles based upon a lack of security as part of the vehicle features.  Specifically, keyless entry and startup, which are becoming very popular with consumers, are also attracting automobile thieves who can reprogram the fob and steal the vehicle.  The risk is apparently high enough for insurance companies to consider not establishing a policy.

 

There are governmental transportation requirements for safety and security, but this differs as these vehicles are allowed to be owned and operated on the road, but private insurance companies are simply not liking the risk. 

This gets the gears in my head turning.

My first question is around the economics.  Why wouldn’t insurance companies simply increase the rates for those vehicles to compensate for the greater likelihood of theft?  Is the risk so great, a total withdraw is warranted?

Secondly, what will be next?  Cyber-attackers are quickly expanding what they can do to vehicles.  Proof-of-concept attacks already have shown breaches to intra-vehicle networks, overtaking control of steering, braking, electronics, communications, and safety systems.  Will insurance companies in the future require firewalls installed to protect in-car network connections, 2nd factor driver identification, or give discounts for cybersecurity monitoring services for specific new vehicles? 

The increase of customer’s desire for new vehicle features will open new opportunities for attackers.  We want our cars to be smart, to acclimate the interior before we get inside, we want vehicles to apply brakes if a crash is imminent, park themselves in tight spaces, and keep our digital lives connected to the world while we travel.  We are unknowingly creating an attacker’s paradise.  In a strange twist, it may be the insurance companies who are the forcing function to raise security awareness and capabilities for modern vehicles on the road.

Twitter: @Matt_Rosenquist

IT Peer Network: My Previous Posts

LinkedIn: http://linkedin.com/in/matthewrosenquist

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.