Today, a wide range of smart devices provide internet connectivity. Whereas this opens the door to new possibilities for businesses, it also leads to new cyber exposures. Brokers can help their clients by raising awareness of the risks, promoting cyber safety for smart devices, and offering insurance coverage for cyber exposures.

The Growth of the Internet of Things

The Internet of things (IoT) refers to internet-connected devices, often called smart devices. These are everything from smart refrigerators to internet-enabled drones and are used for both personal and commercial purposes.

IoT Analytics estimates there were 16.7 billion IoT endpoints (or devices) in 2023. This represents a 16% increase from 2022, when there were 14.3 billion endpoints. By 2027, there will likely be at least 29 billion endpoints.

Fortune Business Insights says IoT technology will likely create new revenue streams, drive business efficiencies, and enable new business models. In 2022, the IoT market was valued at $544.38 billion. By 2023, it could reach $3,352.97 billion. According to TechTarget, examples of IoT devices in business include securing systems, environmental monitoring systems and sensors, telematics, GPS, and analytics to track vehicles. However, these are just a few possibilities – there are countless other ways to leverage IoT devices.

IoT Devices Create Easy Access for Hackers

By now, most people understand the importance of securing computers with strong passwords, antivirus software, and up-to-date systems. However, it’s easy to overlook the ever-growing number of IoT devices.

Another issue is there is no regulation of IoT devices, making it possible for some manufacturers to get away with lax security. However, the UK has addressed this with the Product Security and Telecommunications Infrastructure Act of 2022, which creates new cybersecurity requirements for connected devices. This may help going forward, but many devices already in use may have poor cybersecurity.

Reuters says hackers regularly scan the internet for low-security devices to recruit to their botnet to launch distributed denial of service (DDoS) attacks. Hackers also use botnets to access other devices on the same network and steal data or carry out other malicious activities. IoT Solutions World Congress names several high-profile attacks that leveraged IoT vulnerabilities. One involved security cameras that allowed people to look through devices and sometimes even capture audio, as long as they had the IP address. Another was a massive DDoS attack that temporarily took down large sections of the internet in 2016 by targeting a DNS service provider.

The threat is growing. In 2022, Tech Monitor warned that hacking groups were increasingly targeting IoT devices. A report from SonicWall indicated that malware targeting IoT devices had increased by 98% in the final quarter of the year.

How Businesses Can Control Their IoT Exposures

Although IoT devices are vulnerable to hacking, business leaders can reduce their risks by taking IoT cybersecurity seriously.

  • When purchasing IoT devices, make cybersecurity a top priority. Although stricter cybersecurity requirements should help, some devices – such as those available in regions with laxer standards or before standards went into effect – may have poor security.
  • Keep an inventory of IoT devices and actively monitor them for security threats. If you are no longer using devices or features, disable them.
  • Employ good cybersecurity practices for IoT devices, just as you would for computer systems. For example, select a strong password instead of relying on the default password and apply multifactor authentication. You should also use encryption and IoT network firewalls.
  • Keep the network and router that IoT devices use secure. When possible, use a separate network for IoT devices or apply network segmentation. This can prevent hackers that compromise one device from accessing computers on the same network.
  • Apply updates for devices as they become available. Consider whether you will be able to keep IoT devices secure if the provider stops supporting them with updates.

Securing Cyber Insurance

Cyber insurance can help with cyber incident response costs, reputational harm, system damage, and business interruption as well as losses stemming from botnetting, cryptojacking, ransomware, and other cybercrimes. Coverage is also available for technology errors and omissions, media liability, and network security and privacy liability.

This article is brought to you by Costero Brokers

 

New product liability regulations are coming to Europe. The European Union has reached an agreement on a revision to its old product liability directive, and the updated directive will mean significant changes to modernise product liability. Meanwhile, the UK recently published new proposals for changes to its product safety regime. With new product liability rules on the horizon, businesses may need to reassess their exposures and insurance coverage.

The EU’s New Product Liability Agreement

In December 2023, the Council of the European Union announced an agreement between the Council and the European Parliament to establish new liability rules. The text still needs to go through the approval and formal adoption process.

The proposed directive includes several significant changes, including the following:

  • Product liability laws will extend to digital products. One of the most critical revisions involves a new definition of what constitutes a product. Many modern products only exist in digital form. Under the new directive, products will include digital manufacturing files and software. However, products will not include free and open-source software developed or supplied outside of commercial activity. Under the directive, damage or irreversible corruption of data is a type of damage that can lead to compensation.
  • Companies that modify products will face liability. The new directive addresses product liability complications created by the circular economy, in which products are often reused after repairs or other modifications. Under the new directive, individuals or companies that make substantial modifications to products shall be held liable as the manufacturer.
  • Individuals who suffer damage will be entitled to compensation. The new directive states that any natural person who suffers damage caused by a defective product will have a right to compensation. Damage includes death, personal injury, damage to psychological health, damage or destruction of property, and damage or irreversible corruption of data.
  • Importers will be liable for defective products. The Council states that consumers in the EU are buying products from manufacturers located outside the EU more frequently and deserve the same level of protection. To achieve this, the directive calls for holding importers or authorised representatives of manufacturers of defective products or components liable. If it is not possible to hold an importer or authorised representative liable, the fulfilment service provider may face liability.
  • Claimants may only need to prove the likelihood of a defect or causal link. The Council states that injured consumers may face excessive difficulties proving that a product is defective or that the defective product is the cause of damage. In such cases, the court may decide that the claimant only needs to prove the likelihood of the claim.

The UK’s Product Safety Proposals

In October 2023, the UK Department for Business & Trade published its UK Product Safety Review. Back in 2021, the UK issued a Product Safety Review Call for Evidence. The recent publication indicates that respondents identified challenges and opportunities in product safety regulations connected to changing business models, new technologies, and shifts in how products are made, supplied, and used.

According to Cooley, key changes in the proposals include mandatory incident reporting, voluntary e-labelling, an increase in the information provided in online listings for consumers, and direct penalty powers for enforcement authorities without prosecution. The proposals also call for a review of the UK product liability regime and a shift away from the existing product safety framework derived from EU rules in favor of a new cross-cutting and hazard-based approach. Additionally, the proposal calls for newly-defined roles and specific duties for online marketplaces.

New Liabilities and Insurance Needs

Under the proposed changes, businesses may face new liability exposures. While business leaders wait for the finalisation of new rules, brokers can seize the opportunity to review product liability insurance coverage with their clients.

  • Do they have product liability coverage in place? Changes in regulations may create additional liability for software developers, online marketplaces, importers, and fulfilment service providers. Organizations that forwent coverage in the past may wish to secure coverage moving forward.
  • What types of claims does the policy cover? In addition to claims of physical bodily injury and property damage, the EU directive may cover claims of psychological injury and data loss. Review the various types of injuries policies cover and identify exclusions or coverage gaps.
  • How much coverage is available? Reassess both the per occurrence and aggregate limits in light of increased liability exposures.

This article is brought to you by Costero Brokers

You want some things to last forever, but dangerous chemicals aren’t one of them. Per- and polyfluoroalkyl substances (PFAS) are often called forever chemicals. Watchdogs are raising the alarm about the potentially harmful effects of forever chemicals, which could result in manufacturers facing mounting liability. Brokers and their commercial clients need to keep an eye on this emerging issue.

What Are Forever Chemicals?

The UN Environment Programme describes PFAS as toxic, manmade, hazardous chemicals with dangerous effects on the environment and human health. Scientifically speaking, chemicals in the PFAS family are synthetic organic chemicals with completely or partially fluorinated carbon chains. Thousands of different chemicals are classified as PFAS. They all have a stable structure that is resistant to heat, fire, stains, water, grease, and friction, making them useful in multiple industries. Many common goods use PFAS, including water-repellent clothing, non-stick cookware, stain-resistant carpet, and cleaning agents.

According to the European Environment Agency, PFAS are extremely persistent in bodies and the environment, hence the nickname “forever chemicals.” PFAS have been linked to various health problems, including liver damage, thyroid disease, obesity, cancer, and fertility issues.

Forever Chemicals Are Everywhere

The European Environment Agency says it’s impossible to conduct an in-depth risk assessment of PFAS due to the sheer diversity of chemicals in use. However, monitoring activities have shown that PFAS are prevalent in the environment. The production and use of PFAS have led to the contamination of water supplies in European countries, and PFAS have been detected in the blood of European citizens.

Proposed PFAS Bans

Amid growing concerns over the long-term effects of PFAS chemicals, some governments have considered banning the chemicals.

The European Chemical Agency says one group of PFAS chemicals – perfluorooctane sulfonic acid and its derivatives (PFOS) – have been restricted in the European Union for more than a decade under the Persistent Organic Pollutants Regulation. PFOS chemicals are also included for elimination in the international Stockholm Convention.

Bloomberg Law says the EU has proposed a PFAS ban on approximately 10,000 substances. This ban would be phased in through the late 2030s. Since it would impact thousands of products, pushback was inevitable. For example, Reuters says the pharma lobby has warned that the ban would negatively impact drug production. According to The Guardian, the ban was not included in recently leaked policy proposals, leading the newspaper to say the EU has abandoned its promise of a ban.

Nevertheless, stricter rules may be coming in Europe and abroad. In the United States, California is leading the trend, with bans on PFAS in textiles and cosmetics, according to Safer States. Washington and New York are considering similar bans.

Litigation Over Forever Chemicals

Although regulatory change may be slow, litigation surrounding “forever chemicals” has already occurred. TIME predicts that PFAS litigation could eclipse settlements over tobacco, whereas the EUobserver says investors think forever chemicals could be the “new asbestos.”

In the US, Safer States says 27 attorneys general have already filed lawsuits over forever chemicals, including 13 that filed lawsuits in 2023. According to AP News, 3M will pay a minimum of $10.3 billion and possibly as much as $12.5 billion to settle lawsuits claiming that forever chemicals used in firefighting foam and other products have contaminated public drinking water systems.

3M may also face massive costs in the Netherlands, where the government has said it will hold the organization liable for polluting the Western Scheldt River, according to Reuters. In addition, Insurance Day says PFAS-related claims have increased in the EU and a similar rise in litigation could be coming to the UK.

Insurance Coverage for PFAS Exposures

Businesses may seek coverage for PFAS liability under environmental and pollution liability policies. However, Bloomberg Law notes that insurers have argued they are not liable for PFAS-related claims.

As litigation risks grow, PFAS exclusions may become more common. Indeed, the Independent Insurance Agency & Brokers of America says the ISO has introduced forms that exclude coverage for PFAS. The Lloyd’s Market Association has also published exclusion clauses for PFAS. According to Lexology, these clauses were recently updated to include common examples of PFAS substances. The new clauses are LMA5595A and LMA5596A.

Helping Your Clients Navigate PFAS Risks

For businesses involved in the manufacturing of PFAS products, the recent rise in litigation and regulatory activity may be alarming. As business leaders assess their risks, they will likely be looking for insurance coverage. However, coverage may not be readily available. Brokers should be aware of these PFAS exclusions and make sure their clients understand their coverage.

This Article is brought to you by Costero Brokers