As the UK government stands firm against IoT hacking threats, brokers must prepare for requests for new data and different questions from insurers adapting to accommodate emerging technology risks

By Jon Guy


Jon Guy

This week (29 April 2024) saw the UK government introduce what it described as “world-first laws” to protect the country’s consumers and businesses from hacking and cyber attacks.

The aim of the laws is to increase the security around smart devices that are now part and parcel of homes and workplaces as the threat of cyber attacks increases.

In a press release, the government stated: “Manufacturers will be legally required to protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to games consoles and connected fridges – as the UK becomes the first country in the world to introduce these laws.”

The laws form part of the Product Security and Telecommunications Infrastructure (PSTI) regime.

An investigation conducted by consumer organisation Which? – cited by the government – revealed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.

These are sobering statistics for insurers and brokers, therefore technology, its use, and its risks will undoubtedly be a major discussion topic when the industry gathers in Manchester later this month for the annual Biba Conference (15 and 16 May 2024).

Cyber risks faced by brokers and their clients was the number one risk cited in Biba’s 2024 manifesto – published in January 2024 – and the trade association has said it will be creating a specific and extensive cyber risk hub at the conference this year in an effort to provide brokers with data and support on how to tackle this challenge.

Upcoming conversations

The weeks leading up to the Biba Conference have always been like an election campaign, with brokers and underwriters looking to identify the issues which resonate with their clients and then looking to set the agenda for the meetings which will be held throughout the two-day event.

As the event gets closer, brokers are keen to discuss opportunities to create innovative products around cyber risks.

They also seek assurances from insurers around how committed they are to this class of business in order to gauge the capacity and terms on which cover will be provided.

For insurers, there looks to be a far broader view when it comes to the growing use of technology in homes and workplaces.

While cyber criminals are a concern, the rapid development of new technology is also threatening to fundamentally change the risk landscape. For underwriters, the key driver at present will be to educate the market on these new risks.

Brokers and their clients will need to brace themselves for requests for new data and for different types of questions from insurers, which better reflect the new risks that technology is now creating.

In many cases, however, these new risks are still going unnoticed by end clients and are therefore not part of their risk management processes.

It is not a case of confrontation, but brokers are likely to be asked for greater collaboration if risks such as cyber and the growing use of lithium-ion batteries are to be adequately addressed in the months to come.