Creating Market Incentives for Secure Industrial IoT

Industrial IoT will be one of the largest drivers of economic growth in the coming decade. Without adequate security measures, it could also unleash catastrophic harm. Key influencers from all sectors have aligned on a possible solution to address liability concerns, while still enabling specific markets to be targeted, and elevating the security of critical infrastructure. 

The challenge

Industrial IoT is expected to transform manufacturing, energy, agriculture, transport and other industrial sectors of the economy, which together account for nearly two-thirds of the global gross domestic product. Unfortunately, many of these companies are unprepared for the potential risk and liability brought on by these new technologies. These include new threats to public safety, physical harm and catastrophic systemic attacks on shared public infrastructure. As today’s economy continues to prioritize time-to-market and the profitability of solutions over security, the threat of serious physical, financial and institutional harm grows. Moreover, cybersecurity poses a unique challenge for government regulation of businesses as the process for certifying and enforcing good security practices can be too labour-intensive and costly for governments to address on their own.

The Opportunity 

Market forces could play a critical role in helping establish and catalyse new norms and best practices for the security of industrial IoT devices and systems. Lower insurance premiums, for example, prompted millions of businesses and consumers to install fire and security systems. Similarly, good driver discount programmes have created tangible financial incentives for safer and more careful behaviour. Through this project, the same incentive structure that ties minimum safety standards and practices to the sale and pricing of insurance policies will be applied to industrial IoT. This approach will be applied to government stimulus funding and financing programmes for industry. Lastly, through certification, companies have the prospect to differentiate themselves within an increasingly competitive industrial IoT marketplace.  

Impact 

Over the course of the last year, more than two dozen companies, governments, organizations and universities have collaborated with the Centre to co-design the Industrial IoT Safety and Security Protocol. This first ever framework generates an understanding of how insurance can facilitate the improvement of industrial IoT security design, implementation and maintenance. It also harmonizes security best practices that should be incorporated in all industrial IoT deployments. The next step is to pilot these incentive structures with insurance companies, governments and the private-sector. Subsequently the underlying operating models can be refined, and then outcomes shared so that trans-national adoption can be applied across all sectors. 

 

Key Dates 

Fall-Winter 2018: Release first IoT risk analysis for the electricity industry. Co-design new cyber-insurance, governmental stimulus funding and certification frameworks. 

Spring-Winter 2019: Roll-out and evaluate pilots; Publicize and expand the model based on outcomes. 

October 2018: Workshop with insurance industry in London, United Kingdom.  

October 16-18 2018: Industrial IoT World Congress in Barcelona, Spain. 

January 22-25 2019: Announcement of insurance pilot at Annual Meeting 2019 in Davos-Klosters.  

How to Engage 

Project Community: Nominate experts, policy-makers or senior executives to help guide individual Centre projects by providing regular input as projects develop. 

 

Fellow: Nominate an individual from your company to work full- or part-time at the Centre to play an integral role in shaping this initiative.  

 

Global IoT Council: Nominate a global chief executive or c-suite leader to shape global governance of IoT and provide strategic guidance to the Centre’s work on IoT. One in-person meeting and one conference call per year.