Connected technology has been transforming the transportation industry at a brisk speed. Micro-sensors on board trains capture trip data to drive operational efficiency, self-driving cars have shifted from science fiction to city streets, and navigation systems featuring real-time traffic data inform our routes.
Internet of Things (IoT) transportation applications can lead to improved convenience, safety and quality of life, if the devices and communication mechanisms function properly. In the event that the technology fails or even goes temporarily offline, it could lead to property damage and to serious injuries for passengers and bystanders. IoT manufacturers and software companies could be held liable.
Every firm throughout the IoT ecosystem should be aware of the ways they could find themselves liable and take actions to minimize those risks. Here are four key risk categories that technology-centric companies should understand as they develop IoT applications for the transportation industry.
- Property Damage. If an IoT device has a defect or fails to function as intended, it could lead to property damage. These risks can include a loss of use of, or physical damage to, personal property, such as a laptop, or real property, such as an office space. For example, an IoT sensor designed to capture data from a locomotive to inform predictive maintenance could fail to accurately read the locomotive’s performance. That could lead to the vehicle going without timely maintenance, resulting in potentially hundreds of thousands of dollars of preventable damage if the failed maintenance causes the locomotive to collide with other property. The device maker could be sued for its device sending inaccurate information.
- Bodily Injury. If a device fails at any time to function as advertised, a device developer could be held liable for any injuries that result. IoT manufacturers and software companies could face bodily injury risks that could render them liable in the event of a malfunction. For example, a self-driving truck produced as a joint venture between an autonomous vehicle manufacturer and an IoT software development firm could have a software bug. If that bug results in an accident with oncoming traffic, then the injured drivers and passengers could sue the software developer for the resulting medical expenses.
- Cyber Risk. Cyber risks can be the result of a cyber criminal’s attack, ineffective cloud security policy, IT security software failure, or damage from disgruntled employees. If data is improperly secured within information systems, it can lead to potential financial loss, reputational damage or identity theft. Companies are responsible for making sure that their IoT storage and communications functions follow sound data practices, but software device manufacturers may still be held liable if their devices fail to work as advertised. For example, if cyber thieves intercept unsecured machine-to-machine (M2M) communications between a logistics firm’s sensor and cloud, the thieves could then sell the data to a competitor. The device maker could be sued for failure to secure M2M communication.
- Consider appropriate quality and risk management systems to help ensure that products consistently meet requirements and specifications.
- Build cyber security into the devices, including physical security for server rooms and data centers and 24/7 monitoring for cloud data stores.
- Evaluate company contract practices and explore contractual risk transfer and defense/indemnification provisions, which can shift risk to other parties.
Minimizing IoT RisksAs technology companies develop, manufacture and commercialize new devices for the transportation industry, they can also expose themselves to significant new risks. There are several steps that manufacturers producing IoT devices with transportation applications can take to consider and minimize their exposure to these risks.
It can also be helpful to discuss relevant insurance coverage with an agent or broker. Property, auto liability, auto physical damage, general liability, technology errors and omissions (E&O) liability, and cyber-related first-party coverages can help protect against potential liability.