How Device Certification is Giving Insurers the Confidence to Underwrite the IoT with Cybersecurity Insurance

Skip to content

The internet has always been a network connecting people, but the rise of the Internet of Things (IoT) has shifted that balance drastically.

Around 5 billion people use the internet today; the number of web connected devices all talking to each other automatically is estimated to be 14 billion – more than that by the time you finish this sentence.  

These IoT devices are critical sensors for delivering new services and greater efficiencies across a range of industries, from engineering to banking and healthcare.

But there’s a problem: each of these sensors represents a point of failure, something that needs to be insured for at scale. How can you as insurers model for this, when the impact and likelihood of failure is unknown?

We’re developing an approach that solves for this, combining technology and business assurance.

The Missing Link: IoT and Risk

Stimulating the IoT revolution relies on managing connected devices at scale with surety, confidence and assurance. 

But each device, be it a thermostat or a car security camera, poses a security risk. That’s a challenge, not just for those in cyber-security, but for those looking to insure this burgeoning industry.

As a result, security concerns at all levels and the risk and liability associated with them have held back the growth of the IoT industry until now. The global IoT insurance market was estimated to be worth $13.3 billion in 2021, but is expected to reach $150.7 billion by 2026.

To get there, we need a game-changer. IoT insurance is a fast-growing, lucrative and largely untapped market for cybersecurity cover. But to capitalise on the enormous commercial promise of the IoT, insurers need a more effective way of measuring and modelling the risks posed by connected devices.

For too long, it’s been impossible to accurately model risk. Estimating the likelihood of security failures is challenging; assessing the impact of such failures in an extremely complex IoT supply chain even moreso.

This means that while brokers have customers eager to purchase cover, their ability to assign liability and underwrite risk is limited. And without reinsurance capital, cover can’t be offered. This stalemate blocks commercial growth for the insurance industry and stalls the path to digital transformation for every sector.

The Need for PSA Certified: An Ecosystem to Build a Secure Solution and an Insurance Product

Enter PSA Certified. It’s not a service we sell, but an independent assurance framework and certification scheme for the IoT. We provide the guarantee and grow the community looking into how we can all insure IoT.

By creating the means for insurers to ‘see inside’ devices to understand and validate their security readiness, we’re helping to bring visibility and measure to the risk profile of IoT applications.

PSA Certified provides lab-tested, industry-recognised validation that components, software and devices – the measures required to quantify risk – are built on security best practice. Offering an independent indicator of security, it creates a chain of trust across the supply chain and minimises the technical probability and impact of hacks. Not only does this enable insurers to more accurately model and measure risks, but in turn to build viable, profitable insurance products that unlock the value chain for all.

Having trusted components within an organization or system helps insurers to compartmentalize risk and reduce the cost of inaction. With more trusted components, comes greater business resiliency and more understanding of supply chains, that keeps the cost of failure to a minimum.

Tim Davy, Cyber Security Specialist, Munich Re

PSA Certified matches or exceeds security requirements from regional regulators, such as NIST and ETSI, providing a globally applicable standard. Certification is performed by leading independent third-party security testing labs. So far we’ve certified 80% of the world’s leading microcontroller silicon vendors, with a growing number of system software providers and device manufacturers turning to our certification to help ensure security-by-design.

Giving Insurers the Confidence to Cover

Helping insurers join the IoT ecosystem supports the collective goal of building trust in the IoT. And it’s a goal we’re already beginning to realise. By collaborating with leading insurer Munich Re over the past two years we’ve established models for compartmentalising risk, reducing the cost of inaction and building greater resilience into business supply chains.

These initiatives will help the industry take off. As rapid IoT adoption and digital transformation drive further demand for cyber-insurance, it’s only by properly understanding the risks and liability that insurers can begin to unlock commercial opportunity.

The potential is huge. Analysts estimate the IoT will drive services valued between $5-12 trillion by 2030, and more than 41 billion IoT devices are expected to be installed by 2027.

The need is urgent for a secure, trusted IoT, in which insurers can obtain visibility into risk across the supply chain and build viable insurance products that can help to unlock the value of IoT for all. With PSA Certified, this need is now being met.

We’re allowing insurers to enter the IoT ecosystem without specialist knowledge and giving them the confidence to cover.