Cyber Risk in the Transportation Sector
Security and cyber risks inherent to large, interconnected systems are major challenges that the transportation sector faces. This session at the NetDiligence® Cyber Risk Summit explored the unique vulnerabilities that can make underwriting in this sector complicated.
Speakers included:
- John Barrett, Member, Enterprise Risk Manager, Bennett Bricklin & Saltzburg LLC
- John Farley, Vice President & Cyber Risk Consulting Practice Leader, HUB International
- Leigh Tuccio, Underwriting Specialist, Allianz
- Stephen Bergman, General Manager IT and Security Transformation, RSA Security
- David Molitano, SVP, Affiliate Underwriting Manager, Berkley Cyber Risk Solutions
When you think of cyber risk, you think of the financial hit to the bottom line. That is not the primary risk in the transportation sector. This sector has to be more concerned about internet-reliant devices and what happens if they get hacked. In the transportation sector, this can mean loss of life. We have already experienced the first-known fatality due to a self-driving Uber vehicle in Arizona a few months ago. This was technology failure, not an intentional hack, however it shows the extreme outcomes that can result from a hack to autonomous vehicles.
There are two main risks associated with autonomous vehicles – potential physical harm and privacy liability because these cars are tracking where we drive. Technology is advancing quickly and new cars have hundreds of sensors, therefore, open up a variety of privacy concerns. Another concern with technology is how will these cars make decisions? Will the cars decide to swerve and hit a wall or pedestrians when obstructed by both at once?
This goes beyond cars, however. The underwriting side needs to dive deeper into the risk. For instance, there could be business interruption potential if fleets get hacked or systems go down. Also, hackers are gaining access by entering through the info-tainment systems in the vehicle then gaining full control of driving mechanisms. We should also consider that a ransomware attack on a delivery company like FedEx can fully cripple I.T. systems that need to get back up and running. We will be underwriting technology, not just vehicles.
Traditional policies will need to change and the industry will need to become much more proactive. Tesla, in fact, is already providing combined cyber/auto coverage that you can buy when you purchase a vehicle from them. Also, the environment is completely redefining what a car accident is because of the systems involved. Where do we place fault? With rapid technological advances, there are also several risks that have not even occurred yet. Will the industry wait for those to happen before including them in coverage? This is a dangerous approach.