Connected Driving and Cybersecurity: Opportunities and Risks

Today's cars are computers on wheels and deliver vast amounts of data. Can traditional insurance companies keep pace with the changes in the digital future? Or will they even have to clear the field for tech companies that are making inroads into insurance? Experts from the insurance industry provide insights into what a networked future means for insurance portfolios.

Data is the key

Data analytics experts at HUK predict that as early as 2025, half of the vehicles insured in Germany will be networked - and the projections for 2035 are as high as over 90 per cent. Networked vehicles are increasingly being referred to as "data centres on wheels." A large number of networked controllers (ECUs) - 100 to 120 per vehicle is common these days - exchange generated data with vehicle manufacturers, the environment or even the Internet via an increasing number of communication interfaces. Vehicles can be connected to the Internet via GSM, LTE or 5G modules. The V2X communication enabled by this also allows the vehicle to communicate with other vehicles or components on the road such as traffic lights.

This data is of interest to insurance companies for a variety of reasons, as Thorsten Gomann, Head of Data Analytics P&C at Generali, explains: In the event of an accident, telemetry data can provide clues as to how the accident occurred, for example, whether the car was moving at the time of the collision and from which angle the impact occurred. This makes it possible to determine who caused the damage. The data can also play a key role in pricing: Based on the measured driving behaviour, the insurer can map a risk profile of the drivers, including accident risk, and align the premium amount accordingly.

Opportunities and risks

Why should policyholders give their insurers insights into their driving behaviour? There is data that not everyone wants to share, such as telephony data while driving or information about how often the seat belt was triggered. Dr. Thomas Körzdörfer, Lead Data Scientist at HUK-Coburg, has found that insureds are quite willing to share this data for consideration: Anyone who ensures their vehicle with one of Germany's largest motor insurers can save up to 30% on their premium by using telematics tariff if they drive safely and with low risk. This is because insurance companies still need to incentivize users to share their data, unlike technology companies or social media. In addition, the car manufacturer must also be willing to release the relevant data.

At the same time, however, the networking of the vehicle also harbours several risks. Connected vehicles have more than 15 different attack vectors, including vulnerabilities in the software of vehicle components (such as the AI for image recognition), the communication paths to and from the vehicle, or even in software components in the manufacturer's backend. And indeed, there has been a dramatic increase in attacks since 2013: in 2020, the number of hacker attacks was around 200; the following year, it was already 500. Such an attack not only affects add-ons, such as navigation systems but in the worst case poses a threat to occupants and other road users. In 2015, hackers remotely stopped a car on a U.S. highway, causing it to end up in a ditch. As a result, the automaker had to recall 1.4 million vehicles, at a cost of more than $150 million.

In summary, telemetry enables insurers to offer new products and attractive pricing models, which can also have a positive impact on policyholders and their customer experience. However, insurers need to cover the risks as much as possible to take full advantage of the benefits. These are possible security gaps, customer scepticism and the question of liability.

Massive change in insurance products

From the insurer's perspective, the most interesting question is who is liable for the damage if such a cyberattack has taken place. Allianz has already addressed the issue and is explicitly dealing with cyberattacks in specially established Centers of Competence. Carsten Wiesenthal, Head of Global CoC Cyber Motor & Retail, emphasizes that the lack of reliable empirical data is two of the major challenges facing insurers in the short term.

Second, cyber risks are currently not explicitly included or excluded in the insurance portfolio in many countries, as they were not perceived as relevant at the time the insurance products were developed. In the future, insurers will have to revise risk identification and apply it to their products to create transparency about whether and how cyber risks are covered in the portfolio. So far, they still have an edge over tech companies because of their expertise. But they will have to adapt their insurance products to the new risks in the shortest possible time before leading IT companies spread out into the insurance market with their own coverage offerings.

Conclusion

• No software is 100% secure. It is important to know the risks and weigh how much you want to spend on protection.

• It is increasingly important for insurers, to know the risks of connected vehicles first and manage them effectively in their portfolio in the next step to not lose the trust of their customers.

• If insurance companies succeed in the latter, they have the chance to adapt their insurance offers and convince customers with new rates.

• Insurers, automakers, and cybersecurity experts need to work more closely together to meet future challenges.

• NTT DATA is also testing and improving modules for automated driving and cybersecurity.