June 1, 2016 by David Pivato, Vice President, Boiler Inspection and Insurance Company of Canada
In a digital world, technology shapes the way people live and work. However, it also introduces new risk.
Equipment keeps getting smaller, faster and smarter, but is also becoming more vulnerable to breakdown with the proliferation of microelectronics and controls. Cyber risk exposure also increases when this equipment is connected to the Internet.
The microcircuitry in today’s equipment is vulnerable to breakdowns and the damage can be difficult or impossible to see. Breakdowns resulting from failures when physical damage is not detectable can involve virtually any electrical and electronic equipment used by a business or commercial organization, as well as most household equipment and systems.
To manage the risk, not only is keeping up with evolving exposures key, it is equally important not to assume failure of microelectronics will be covered by all equipment breakdown insurance.
It is essential to understand how much equipment risks have changed. Think of all the equipment that contains microcircuitry. From computers to elevators, heating and cooling equipment, production machinery, medical equipment and retail systems, if it uses electricity, it probably contains tiny transistors and microprocessors.
How small is small? Thousands of transistors can fit in a space less than the width of a human hair. That means 100 million transistors can fit on the head of a pin.
Insurance claims data from Boiler Inspection and Insurance Company of Canada (BI&I) shows that equipment with microcircuitry is likely to break down in new ways that are difficult to diagnose and repair. Microelectronics also makes equipment more portable, upping the exposure as equipment is used in remote locations.
Consider a television or mobile device that just stops working. There is no obvious damage and no indication of where to start looking for the problem.
Business equipment is no different. Equipment may stop functioning for no known reason, with no apparent physical damage.
The expectation is equipment and systems will continue to grow more complex. Advanced nanotechnology is integrated into computing, communications and other applications. Quantum mechanics may someday be used to create transistors small enough to operate with a single electron. In what seems like science fiction, some researchers want to break through the limits of conventional electronics by integrating biological and nano-electrical systems.
As individuals and businesses become more dependent on microelectronics to power equipment and devices, any breakdown could result in a catastrophic loss. Some problems are not even physical. With cloud computing, for instance, the loss may be virtual.
Estimates for cloud usage – even how “cloud” or “usage” is defined – are all over the map. Although many numbers focus on the United States, Canada is likely similar.
A conservative average is an estimated 75% of businesses use some type of cloud services and cloud service providers rely on equipment to store information at a physical location. That equipment can break down and cut off access to a client’s business data.
The Internet of Things (IoT) is another emerging technology risk. IoT connects business equipment through global networks that expand capabilities, but create new liability, property and equipment exposures.
Consider, for example, if a software download to connected equipment causes that equipment to break down which, in turn, results in damage to the property. Or there could be a cyber attack resulting from a hacker infiltrating equipment connected through IoT.
Cyber insurance coverage might cover parts of these examples, while equipment breakdown might apply to the equipment damage or business interruption. But because equipment is interconnected, a breakdown can affect operations at multiple locations and result in a costly business interruption (BI). And BI losses can add up quickly.
In BI&I’s experience, the average severity of BI claims exceeds that of equipment damage claims in the equipment breakdown losses that have been paid out. The risk of a loss of business income because of equipment breakdown is especially high for retail and other businesses that need to sustain their operations, such as restaurants, stores and manufacturers.
Cisco Systems reports the number of things connected to the Internet exceeded the number of people on earth in 2008, further estimating there will be 50 billion connected devices by 2020.
As the pace of change accelerates, some of the traditional concepts of property insurance, developed over a century ago, may no longer serve businesses as well.
Most property insurance, including many equipment breakdown policies, is triggered by evidence of physical damage. The problem is that microelectronics impairments are often invisible to the human eye.
If a wire one micron wide breaks, the break is almost undetectable. Only time-consuming, costly forensic failure analysis can find the impairment.
In response, some insurers are changing the products they offer. Traditional equipment breakdown insurance still requires proof of damage, but some policies will repair or replace equipment when microelectronics fail, even when there is no evidence of physical damage.
The coverage is triggered when equipment suddenly stops functioning, and replacing the equipment or a part containing electronic circuitry restores it to working condition.
Some other considerations when choosing equipment breakdown coverage are if service interruption coverage includes equipment-related cloud outages and if there are any payouts for lost business income and extra expense.
Commissioned by Hartford Steam Boiler (HSB), the parent company of BI&I, Ponemon Institute surveyed about 900 small businesses (revenues of US$10 million or less) across the U.S. in 2014. The survey found that 48% had experienced an interruption of cloud services and, of those, 56% reported that at least one such interruption prevented their respective company from functioning.
Data restoration services are a critical part of coverage in today’s business environment. Including data restoration in the service interruption coverage could help with recovering or recreating essential information.
The miniaturization of technology has spawned another important trend: equipment is more portable and more frequently used off premises, where its sensitive electronic circuitry is exposed to greater risk of damage.
For those looking to insure equipment, one consideration would be whether or not the policy follows equipment with expanded coverage for mobile equipment used off premises.
In addition, buyers should consider if an equipment breakdown policy offers public relations coverage for services from reputation management professionals, to guard against an equipment-related shutdown or production backlog seriously harming a company’s image.
The risks of today’s technology go beyond equipment failure. Using the connections made possible by microelectronics and Web-based applications, cyber criminals can steal confidential business data, as well as disrupt and corrupt systems and software from anywhere in the world.
BI&I investigated a cyber insurance claim from a manufacturer that noticed a high volume of outgoing Internet traffic on its servers. Criminals were secretly using the system to transmit spam emails and to launch denial-of-service attacks against other computer systems.
Cyber threats like these may increase as hackers target and take control of connected equipment or steal information by attacking IoT devices, which provide multiple entry points.
HSB BI&I’s 2015 Cyber Poll, conducted on site at the RIMS Canada conference last fall, reflects input from 102 risk management professionals representing businesses of different sizes and sectors.
The survey found that 87% of respondents had experienced at least one hacking scare or incident in the past year, while almost half reported more than 10 incidents.
Beyond actual breaches, social media adds to the exposure with negative comments about computer cyber attacks or BIs that can harm a company’s sales and reputation.
It is important for every organization, big and small, to include cyber insurance with coverage and limits appropriate to the business and budget. Although cyber policies so far lack a common form or standard, making it somewhat challenging to choose the right coverage, there are many options in the market and packaged coverage can make the process simpler.
The risks of cyber attacks, equipment breakdown and BI will only increase as technology continues to leap ahead with new forms of equipment, machines and applications – all relying on fragile microelectronics.
With technology evolving so quickly, insurers must predict what new coverages might be important in the future. Brokers and carriers must also be able to help business owners understand these emerging exposures.