Back to news
5G will radically transform the cyber risk landscape

The article below, by Jonathan Franke, Tech, Media and Cyber Broker at New Dawn Risk, was originally published in Insurance Day in January 2021.

The market must be more proactive in terms of understanding and reviewing policy wordings, to accommodate the new exposures relating to 5G-enabled products and technologies…

The next 12 months will see the scaling up of the worldwide roll-out of 5G networks, with North America, Europe and East Asia leading the way.

The importance of 5G has grown since the onset of the pan­demic. With much of the world switching to remote working and with the prospect of home offices becoming the new norm, businesses and individuals are requiring faster, more reliable data speeds. Companies are also adapting to network management across multiple locations to con­tinue operating efficiently.

When it comes to data trans­mission and storage, the majority of the developed world will soon swing towards 5G, as we contin­ue to transition to a progressive­ly cloud-based economy, and that change brings with it a brand new cyber threat landscape – one that is yet to be clearly understood.

Before considering the insur­ance challenges 5G brings, it is important to understand exactly what 5G is. It builds on the evo­lution and development of its predecessors, 3G and 4G, allow­ing societies to smoothly transi­tion into the increased usage of smart devices and offering faster wireless browsing and streaming. According to Ofcom, 5G is “much faster than previous generations and also offers greater capacity, allowing thousands of devices in a small area to be connected at the same time”.

The 5G roll-out will continue to enhance the expansion of the in­ternet of things (IoT) in almost all industry sectors and many homes, as more and more smart devices connected to the internet become essential equipment. While this technology explosion is welcome, not all manufacturers of IoT devic­es have made cyber security a priority within their business plans.

Globally, there are now billions of interconnected devices, all communicating with each other; these devices have wide-ranging and differing security controls, leading to an unimaginable num­ber of potential vulnerabilities for criminals to exploit. A lack of shared security standards for IoT devices means network breaches and hacking have the potential to travel widely and loopholes oc­curring between two unmatched systems could easily be exploited by organised criminals.

All this means criminals have already recognised an opportu­nity to access seemingly secure networks almost undetected. Consumer and individual data could be compromised simply by having a domestic smart meter to measure electricity and gas usage. However, even more significantly for business insurers, 5G is being used in various industry sectors, from farming to manufacturing.

Investment in monitoring

Pre-5G networks have fewer “traf­fic points” and this means security monitoring and scanning is sim­pler, less time-intensive, and less expensive for businesses. Howev­er, 5G’s dynamic software-based systems have led to a huge increase in traffic points, and to take account of this, both business-to-business and business-to-consumer com­panies must prepare to invest in more sophisticated and increased levels of monitoring of their net­works, controls and technology.

Companies will need to place more and more reliance on IT experts to ensure adequate pro­tection is in place, in spite of a wid­ening IT skills gap. And they will have to do so at speed – planning for the increased risks associated with 5G should already be well developed. Those who have taken their eye off the ball, perhaps dis­tracted by adjusting their opera­tions to cope with Covid-19, run the risk of increased vulnerability.

The same applies to cyber and technology insurers. They have a responsibility to be 5G-ready too, in terms of making sure their cy­ber insurance offerings are up to speed and they are providing their clients with adequate protec­tion. It is also a responsibility for insurers to ensure their breach response providers are well in­formed about the developments and roll-out of 5G, as well as being able to respond even quicker to incident notifications and to start negotiations in the case of com­plex ransomware demands.

In 2021, we will see cyber insurers and buyers scrambling to be ready for the roll-out of 5G; word­ings are likely to change, and cov­erage could be challenged. Some better-informed and more proac­tive insureds may start to enquire into manuscript wording to cover the threats relating to 5G-enabled products and technology; it is up to insurers to understand these threats and to learn how to re­spond to these questions before clients come knocking.

This could make 2021 an even tougher year for this already challenged class.  A new and unexplored threat is likely to unsettle insurers and it also poses the questions of how new or changed risks should be rated on a premium basis.  Given an increasingly litigious and claims-active cyber sector, we would expect rates to increase and possibly capacity to constrict for new business in the year ahead and 2021 could be a difficult year for cyber insurers and buyers alike.

The original article can be viewed here