The Untapped Market
The proliferation of IoT represents a substantial commercial opportunity for the insurance industry. The promise is enormous. Analysts estimate the IoT will drive services valued between $5-12 trillion by 2030. More than 41 billion IoT devices are expected to be installed by 2027, up from about 8 billion in 2019.
Complex Value Chains Make it Hard to Assess and Underwrite Risk
However, anticipating cybercrime damages will reach $10.5 Trillion by 2025, yet estimating the likelihood of security failures is a highly technical process. Furthermore, supply chains in IoT are complex and opaque, and so liability can be challenging to assign. Ultimately, insurers can’t currently accurately model the risks.
This means that while brokers have customers eager to purchase cover, their ability to underwrite this is limited. And without reinsurance capital, cover can’t be offered. This stalemate is blocking commercial growth for the insurance industry and the path to digital transformation for every sector.
What if You Could “See Inside” Devices in a Supply Chain? PSA Certified Makes it Possible with Free Framework You Can Trust
PSA Certified creates the confidence to cover. It offers an independent, lab-tested, industry-recognized approach for trusted and secure IoT design, building from a Root of Trust and established best practices to bring visibility and measure to the risk profile of IoT applications. Three key benefits:
Increased Confidence and Reduced risk
PSA Certified devices have been independently assessed and offer an indicator of the likelihood and severity of a security failure in certified components and devices, making it quick and easy to calculate risk for cyber insurers.
Increased Visibility Unlocks New Business Opportunities
We create the means to ‘see inside’ devices and applications to understand their security readiness. This gives visibility into risk across the supply chain, establishing whether components, devices and applications are built on best practices based on certifications.
Technical Rigor Built by Independent Experts and Mapped to Worldwide Regulation
PSA Certified matches or exceeds security requirements from regional regulators, such as NIST and ETSI, to provide a globally applicable standard. This is giving insurers a fast-track to understanding which products are already building to upcoming law.
How PSA Certified Helps You Calculate Risk
PSA Certified exists to help grow a secure, trusted IoT. Established in 2017, PSA Certified was spearheaded by Arm, and currently comprises an ecosystem of more than 70 partners. We work across the ecosystem, from silicon designers and manufacturers to OEMs and service providers, to create assurance in the devices powering the IoT.
A Checklist of Best Practice
PSA Certified offers a list of 10 clear, comprehensive and achievable goals to guide the creation of every connected device, establishing secure-by-design requirements for everything from their unique identity and upgrades to cryptographic protocols.
Security Built on a Root of Trust
It is vital to establish a secure Root of Trust in a device, a continual and immutable assurance that a device has not been compromised. With a Root of Trust established, other components can layer over it to form an interconnected, self-checking chain of trust.
Easily-digestible Security Credentials
PSA Certified provides independent, lab-tested validation that components, software and devices have been created by design according to security best practice. Offering a standardized indicator of security with three easy-to-understand levels, PSA Certified establishes a chain of trust across the supply chain.
Collaboration is Key
No single company can solve the challenge of security by themselves, we need to proactive bring together the intersection between technology and business insurance, to understand both markets and establish change. We’ve been collaborating with Munich RE for the last two years to establish the issues, experiment with models and establish a proof of concept on how PSA Certified can help the insurance industry.
PSA Certified represents a clear example of industry best practices for device security that insurers, such as Munich Re, can use to better understand and quantify cyber risk in IoT deployments and deliver business assurances at scale.
How You Can Play Your Part in Securing IoT
By encouraging prospective policy holders to build their businesses on security best practice and PSA Certified trusted components, IoT devices will become more secure – lowering risk and reducing the number of future insurance claims.
Our goal is to collaborate with insurers to help create insurance products to grasp the market opportunity. PSA Certified is ready to use, and ready to reference for insurance vendors free-of-charge.