The BBC reported recently, insurance companies denied issuing policies for certain vehicles based upon a lack of security as part of the vehicle features. Specifically, keyless entry and startup, which are becoming very popular with consumers, are also attracting automobile thieves who can reprogram the fob and steal the vehicle. The risk is apparently high enough for insurance companies to consider not establishing a policy.
There are governmental transportation requirements for safety and security, but this differs as these vehicles are allowed to be owned and operated on the road, but private insurance companies are simply not liking the risk.
This gets the gears in my head turning.
My first question is around the economics. Why wouldn’t insurance companies simply increase the rates for those vehicles to compensate for the greater likelihood of theft? Is the risk so great, a total withdraw is warranted?
Secondly, what will be next? Cyber-attackers are quickly expanding what they can do to vehicles. Proof-of-concept attacks already have shown breaches to intra-vehicle networks, overtaking control of steering, braking, electronics, communications, and safety systems. Will insurance companies in the future require firewalls installed to protect in-car network connections, 2nd factor driver identification, or give discounts for cybersecurity monitoring services for specific new vehicles?
The increase of customer’s desire for new vehicle features will open new opportunities for attackers. We want our cars to be smart, to acclimate the interior before we get inside, we want vehicles to apply brakes if a crash is imminent, park themselves in tight spaces, and keep our digital lives connected to the world while we travel. We are unknowingly creating an attacker’s paradise. In a strange twist, it may be the insurance companies who are the forcing function to raise security awareness and capabilities for modern vehicles on the road.
IT Peer Network: My Previous Posts