Advanced machinery – what are the risks? Technology and the ‘internet of things’ does create an interesting question on liability, and who is ultimately responsible if a machine that’s been programmed to do something and it does something wrong.
Who is held liable when it comes to advanced machinery?
Whether it’s a driverless vehicle or a remotely operated machine, the question of liability can be complex. Was it the programmer? The manufacturer of the machine or even its software? What about the business that owns the machine, or whoever is operating it?
Typically, the business (the client, or insured) cops the first notification because they own and operate the machine, but if something goes wrong, who is at fault? If a Tesla crashes into the back of the car when it had its systems on, who is at fault? And if it’s still the owner/operator, why buy a driverless car if you need to still be 100% accountable for the operation?
What are the insurance and risk implications of introducing advanced machinery?
Tresidders Associate Director Luke Chrzanowski notes: “Insurance might not have to change for this, just be mindful that there’s going to be questions that we won’t know answers to yet, and scenarios where we’re going to be tested. We need to be prepared for the fact that insurers and the liability that flows from incidents will be tested in this automated or driverless space. Insurance is hundreds of years old and liability is based on what someone does, so when it’s a machine that does it it’s not as clear who is liable.
“We had asked our cyber expert about some of the risks he sees with hacking and damage to machinery – he doesn’t see a lot of times where machinery is damaged, but they try and cripple machinery as a distraction.
Someone was hacking in and they put up a ransom and were messing around with the system, and while they were doing that, they were mining all the data. It can be a diversion.”
What kind of clients are at risk?
Anyone with either automated machinery or machinery that has remote access/control (such as for diagnostic purposes) is at risk.
“There’s a fair few at risk in agriculture, with new remote machinery that’s being deployed, a number in the mining space depending whether they operate driverless vehicles, and manufacturing, large scale with autoCAD. They’d have a risk there with damage to the hardware through a hack whether it was deliberately targeted to damage the machinery or a by-product of being hacked and compromised,” adds Chrzanowski.
“One of the bigger claims that we see, is where a client has had a physical theft, but the thief has stolen your license key for your software. A lot of equipment people own or buy can be upwards of $30,000-$50,000 for the machinery, but it can actually be nearly as expensive for the software, too.
“There was a claim where they stole a machine AND the license key, which cost the same. If you have this type of risk in your business, you need to be sure that your cyber policy covers this exposure. There is cover available for machines in regards to physical damage as a result of the hack, but it’s not a standard cyber policy across all insurers so you need to check.
“With property insurance, it’s been around for a long time and it’s evolved, if you insure for fire it will be covered for fire. But because cyber is so new, if you buy a cyber policy, insurers have a wide range of definitions, exclusions and what’s covered, i.e. physical damage to the machinery. For most businesses with this kind of risk you should really get a customised and tailored solution to make sure it covers your specific risks.”
What kind of risk mitigation can help?
For most businesses, if you can’t afford to have an in-house IT expert, you probably have a bigger risk exposure than you realise. These experts are paid to know what’s going on and keep up in a rapidly changing environment.
Chrzanowski says “Some of the best things we’ve done for clients is penetration tests – you pay for a ‘hacker’ who is licensed, qualified and insured (legitimate) to try and get into your business, access it and compromise it. We can sit here and say you need to insure your buildings for fire and people know it can happen but they don’t think cyber can happen to them. We show them where their vulnerabilities are so they can invest in closing those gaps and holes, before they even begin to look at the insurance safety net.
“That can range from sending phishing or spam emails, give freebie fake USBs to staff loaded with a virus or malware. They’ll get creative about getting access to show that whether it’s a targeted or untargeted attack, these are where your vulnerabilities are. It’s been really valuable – every client that’s done this is surprised at how exposed they were and what they can do about it. Some of the gaps can take months or years to close so they needed a cyber policy in place ASAP. Most clients should get these tests every year or two and change who they get to do the test every three or so years.
Questions about your advanced machinery risks?
That’s what we’re here for. If you have any questions or would like to talk about your insurance solution, please contact us.
The information in this article is general only, it doesn’t take into account your business or situation. You should speak to your insurance broker about your needs before making any changes or decision.