Smart home cyber ‘evolution’ raises concerns for new property market risks

The National Cyber Security Centre (NCSC) issued a public advisory last week (7 April 2026) noting that Russian cyber criminals had compromised commonly used routers – with these threat actors secretly rerouting users’ internet traffic through their own hostile servers.

The advisory warned that Russian state-linked group APT28 has been exploiting vulnerable internet routers to hijack traffic, allowing them to intercept data and steal login details such as passwords and access tokens from personal online accounts.

Speaking on the router attacks, Paul Chichester, director of operations at NCSC, said: “This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors.”

However, this activity is not the first time cyber security organisations have called for greater protection of edge devices – internet routers that connect users to the cloud – after sophisticated threat actor behaviour.

Also sitting inside this network of connected devices are smart home appliances and gadgets, as well as wireless connected technologies like alarm systems and CCTV, which are commonly installed for home security.

And, while these security systems can be beneficial for both home owners and their insurers, an increasingly connected system does present new cyber risks – with sophisticated enough criminals able to hack into and disable security systems remotely. 

Ken Munro, partner at cyber security consultation firm Pen Test Partners, told Insurance Times that his firm had carried out extensive testing on house alarm systems and discovered that many were “poorly secured”.

He explained that these systems often rely on radio signals to connect sirens and sensors, making them vulnerable to interference.

As a result, it is “really easy to jam or override the house alarm” to prevent the system from triggering when an individual trespasses on the property.

This vulnerability is beginning to be recognised in the property insurance market. Matt Deaville, partner for high value claims at law firm Kennedy’s, noted a higher number of insurers seeing an “increase in the number of break-ins” over the past “four to six months”.

Insurers have reported that these break-ins have been made possible because “the alarm system’s not being triggered”, Deaville explained.

This is also not the first time that wireless interception has been used to facilitate theft, with impacts for personal lines insurance. For example, Jaguar Land Rover owners became a victim of its own keyless technology, which was exploited by criminals to unlock and steal vehicles without a physical key.

And for those in homes with more valuable items protected by this sort of interconnected security system, such as high net worth (HNW) customers, sophisticated cyber criminals could make them prime targets.

With these threat actors growing their capabilities constantly, the concern is that cyber attacks are starting to become a property risk.

A cautious market

Describing his firm as ethical hackers, Munro extensively researches smart home security with the aim of identifying vulnerabilities in devices.

Upon finding bugs in smart home devices, such as alarm systems, he explained that one of the challenges was encouraging manufacturers to fix the vulnerabilities, with it commonly unaddressed.

This is a problem that he believes is not being treated with the appropriate severity by vendors, adding that it is “easy for criminals” to exploit data breach sets where email addresses and passwords had been exposed and then reuse those passcodes across other systems.

From hacking these accounts, he added that individual’s online and cloud platforms can be compromised, enabling criminals to hack smart devices such as doorbells and alarm systems.

Despite this emerging risk, Munro said that many cyber insurance policies actually “explicitly limit any claim that relates to cyber” incidents.

He explained that this approach was common across other lines like cargo, where cyber risks are often written out of standard cover, and that he is “seeing similar exclusions in some home policies”.

Munro continued: “The reason being is that they’ve all been burned over the years through cyber claims in business – insurers are getting quite careful around cyber and domestic policies”.

Insurance Times approached multiple cyber and HNW property specialty insurers for comment on the risks associated with smart devices in homes, but all declined to comment.

Richard Hodson, founder and consultant at RCH Insurance Services, said that ultra-HNW properties are more likely to have IT security systems “almost on par with a small business”.

However, for typical HNW homes, policyholder cyber hygiene remains an exposure that is hard to ignore, he added, especially with less digitally native customers thar are less aware of these risks.

Ironically, while “a lot of cyber crime is happening to individuals”, he said, the reality is that “it’s easier to protect a business than it is to protect a household.”

Munro added that, with smart home devices in particular, “one of the biggest problems is people don’t appreciate that they need to keep them up to date” to remain secure.

He explained that homeowners need to think “more carefully” about their own personal cyber hygiene as it is “not reasonable for an insurance company to pick up the tab for the cyber equivalent of you leaving your keys in the front door”.

‘Blood on the streets’

While a lack of awareness and cyber hygiene still plagues the cyber insurance market and its willingness to cover risk, Deaville said he believes that there is a role insurers should play in mitigating this emerging threat.

Rather than making such measures a strict policy requirement, he noted that it would be an “open goal” for a broker, especially in the HNW property space, to recommend appropriate safeguards and help improve the protection of client home systems.

Educating clients on cyber hygiene, however, can only go so far, as Munro stressed that artificial intelligence (AI) is also lowering the barrier to entry for hackers to carry out more complex attacks.

He said: “Previously you’d have to have some quite serious tech skills to make this work.

“But now you can get AI tools to do the heavy lifting for you instead of having to spend hours going out and researching the home you want to attack. We’re seeing attacks start to scale up with the use of AI.”

The solution could be that there “needs to be some blood on the streets”, Munro warned.

He said that the industry may only properly address cyber risks in home insurance after enough people suffer uncovered losses that it becomes a visible, public problem.

“It’s an evolution,” he concluded.

“Criminals will follow the money, so if they can find a path to extort or steal or ransom whatever an individual who has means, they will use whatever is available.”