As businesses look to manage their cybersecurity risk, many have turned to insurance to cover the financial implications of a successful breach.
However, insurers naturally want to limit their own exposure to risk and the small print of the policy may limit some claims. In particular this can apply to IoT devices which represent a major unprotected attack surface in corporate networks.
We spoke to John Gallagher, VP of Viakoo Labs at security platform Viakoo, to find out more about IoT risks and how organizations can ensure that their security policy is acceptable to insurers.
BN: Why do IoT devices present such a major risk?
JG: IoT/OT devices in particular present an increasing risk to most organizations because of how challenging they’ve been to keep patched and secured, combined with their sprawl and scale in the organizations that use them (there are often 10x or more the number of IoT devices than IT devices, and they can literally be anywhere and not just in data centers). Despite being network connected like IT devices, IoT/OT devices are usually managed outside of the IT organization, such as in manufacturing, facilities, and physical…
