Revenue in the smart home market is expected to reach $27.24 billion in 2019, according to global analytics firm Statista. Furthermore, Statista projects the global smart home market to show a compound annual growth rate of 13.2% between 2019 and 2023, reaching a market value of $44.8 billion by 2023.
While Internet of Things (IoT)-connected devices bring all sorts of benefits and efficiencies to the home, they’re also introducing homeowners to new risk exposures like cybercrime and extortion, according to Jeremy Barnett, senior vice president of marketing at NAS Insurance.
“Connected devices are increasing the attack surface where cybercriminals look to exploit vulnerabilities,” Barnett told Insurance Business. “Common devices like wireless routers, smart TVs and camera surveillance systems are all connected to the web and can be easily compromised by cybercriminals if they have any security vulnerabilities.
“Likewise, if a personal computer happens to be connected to a network that has been compromised, a cybercriminal will be able to get access to that computer and gain information about the user of the device. Without necessarily having to put malware on the computer, the criminal will be able to see other devices on the network and might be able to gain access to account information, credit card information, credentials for banking information and so on.”
Traditionally, the main cyber threat homeowners have been concerned about is identity theft – the fraudulent acquisition of their private identifying information, usually for a criminal’s financial gain. In today’s interconnected society, homeowners are vulnerable to a much wider spectrum of cybercrime, including theft of data, theft of personal information and phishing campaigns.
As homeowners are bombarded with new cyber and technology threats, insurance companies are looking to enhance their homeowners’ insurance policies to include more robust cyber insurance to cover perils beyond identity theft. These solutions, such as NAS Insurance’s Personal CyberPlus, cover a wider range of risks including: financial fraud, cybercrime, cyber bullying, breach notification costs, and data recovery and system restoration.
“Cybercrime is typically excluded in a standard homeowners’ insurance policy, especially in circumstances where expenses would not be covered by your bank. Oftentimes, if there’s a fraudulent purchase on your credit card, your credit card company or bank will reimburse you for that expense if they can determine it was fraudulent,” Barnett explained. “However, in circumstances where the homeowner actually submitted banking information to a person who they thought was a legitimate service provider but was actually a cybercriminal, the bank or the credit card company is unlikely to reimburse them because they actually conducted the transaction.
“Cybercrime is another extension of theft in the home. It’s not just physical goods that are being stolen or damaged; it’s digital goods that are being stolen or damaged, and homeowners need coverage for that. This is the new frontier of cybercrime. It’s anonymous, wide-scale, and not always high-value. Criminals know they’re going to get away with it because they’re attacking from such a distance that it’s extremely difficult to trace them.”
The tools available to what Barnett described as “hobbyist cybercriminals” are plentiful. The dark web is replete with automated software applications that troll various accounts looking for vulnerabilities and then execute criminal schemes automatically. These applications are not necessarily looking for high-value victims; they’re simply trained to expose vulnerabilities.
“Whereas it used to be the case that organizations were targeted because they were a treasure trove of credit card information or personal health information, now there are automated bots and software distribution beacons looking for vulnerabilities and sending out malware almost randomly,” Barnett added. “You’re not a target unless the bot makes you a target. So, anybody with any vulnerability, whether that’s commercial or personal, could become a target if they have a weak link. That might come down to what websites you’re visiting or what wireless networks you connect to. It’s frightening because it’s really hard to protect against such random criminal activity.”