Kirstin Simonson, 2VP of Travelers Global Technology, talks with Manufacturing Business Technology on how companies should protect themsevles while incorporating IoT technologies.
Manufacturing Business Technology: Can you provide an overview of the types of wearable/IoT technology that manufacturers are starting to integrate into their daily operations?
Kirstin Simonson: The use of wearables and The Internet of Things (IoT) technology varies based on a particular business’s needs. Increasingly, manufacturers are adopting technologies that contribute to productivity and safety, and the integration of data from sensors on the plant floor continues to be on the rise.
From a wearables perspective, this includes smart glasses, head-mounted cameras and sensor-infused gloves. Consider employees who operate heavy industrial equipment that requires both hands to operate safely. Wearable devices can help employees concentrate on the task at hand (e.g., operating the vehicle) while the technology captures and records important data.
From the operations perspective, IoT has the potential to radically transform the manufacturing industry as more of the factory/manufacturing operations move online. As more and more assets on the plant floor become connected, the business will gain greater visibility across the supply chain and their operations. By gaining greater insight into the manufacturing environment, this has the potential to translate into greater analytics capabilities: better planning, greater knowledge of supply chain, better asset management and improved operational efficiency.
MBT: How will the manufacturing wearables/IoT market evolve in the near future? Do you see adoption becoming more widespread?
Simonson: As businesses look to gain a competitive edge, the market for wearables and IoT devices is expected to increase. SNS Research projects market growth at a compound annual rate of 40 percent through 2021. Factors that can help support this adoption include:
- Establishment of governance programs: Employers will need to update their policies to address proper use of wearables in the workplace. Additionally, they will need to consider the shift from offline to machine-to-machine communication and the impact this may have as more systems become vulnerable to hacking, destructive malware or other cyber-related risks.
- Adoption of training resources: Employees will need to receive training on how the use of wearable devices that are connected to the employers’ systems can create exposures, and they will need to understand how to minimize risks such as data breaches and injuries.
- Development of insurance policies: There are diverse risks associated with wearable technologies and IoT. Insurance policies will continue to evolve to help businesses mitigate these risks; however, it is important that manufacturing companies take a holistic approach to risk management and talk with their agent or broker.
MBT: What concerns might impede smaller manufacturers from adopting wearable/IoT technology? (Expenses, liabilities, qualifications, industry regulations, etc.)
Simonson: Primary challenges to IoT adoption include threat of a cyber attack or cyber event, difficulty integrating the technology, difficulty determining the ROI, and an overall reluctance to implement automation that may result in job loss.
As with any new technology, there is an adjustment period. While cost is an up-front concern, most employers understand that the increase in productivity will lower costs in the long run. Moving from the relatively closed environment to an environment where plant networking moves out into the world requires a serious assessment of need versus risk. What should be connected, what systems should not be connected to other systems, and how will system integrity be managed?
As manufacturers move beyond IoT solutions to track assets or gain analytics functionality, we can expect to see more-complex technologies taking hold, such as autonomous robotics.
As smaller manufacturers adopt wearable and IoT technology, they face concerns over various risks, including security of employee and employer data, worker distraction and accidents, and compliance with national and industry regulations. Adopting governance programs and establishing clear communication with employees can help mitigate these risks.
MBT: What safeguards can manufacturers establish when developing a risk mitigation program for the use of wearables/IoT devices in daily operations?
Simonson: With the ongoing integration of technology into operations, a best practice is to conduct a comprehensive risk assessment that analyzes the business’s ability to adopt new technology, engaging all stakeholders who will be affected, including IT, board members, human resources, legal, vendors and customers.
A comprehensive risk assessment will help identify areas that may pose a threat to business resiliency that need to be addressed. Once the risk assessment has been completed, a comprehensive business continuity/incident response plan should be developed and tested.
Vendor management is an integral part of a risk mitigation program, making sure vendors understand and comply with the standards set by the manufacturer.
Companies can also minimize their exposure to cyber risk by requesting security features in their wearable devices, such as:
- Remote erase: Wearable users can erase or disable their device if it is ever lost or stolen.
- Bluetooth encryption: Bluetooth technology offers an encrypted application program interface when exchanging data between a device and a data store, but few companies take advantage of this standard because it decreases battery life.
- Cloud security: Because data is often transmitted from a wearable device to a cloud data-store, it is vital to ensure the cloud is protected by assessing vulnerability and limiting access to select personnel.
MBT: What are some hypothetical risk scenarios relating to the integration of wearables/IoT devices that might render a manufacturing business liable for damages?
Simonson: Companies integrating wearables/IoT devices face three main categories of risk:
- Cyber risk: An organization’s failure to secure data or its network may lead the risk of financial loss, business interruption or reputational damage. Concerns most companies face today include a cyber criminal’s attack, ineffective IT governance, security software failure or even a disgruntled employee.
- Technology errors and omission risk: As the manufacturers of wearable components or IoT devices, a company can be held liable for economic loss if its device fails to work as intended because of an error, omission or negligence. Wearable device failures can affect business continuity and reputation.
- Bodily injury risk: For wearable devices to deliver on quality-of-life benefits, they must be used as intended and function properly at all times. Should the device fail, the vendor and manufacturer could be liable for damages from bodily injury, illness or the death of a user.
MBT: What insurance products should business owners consider purchasing to cover their enterprise wearable/IoT technology?
Simonson: Manufacturers should discuss a comprehensive insurance solution for their operations with an agent or broker. It is important to consider how each insurance product they purchase may or may not respond to a cyber event. A sampling of products to consider to help cover their exposures to enterprise wearable/IoT technology include:
- Information security coverage: Provides coverage for critical cyber risks. Coverage options vary, but most include network and information security liability, and communications and media liability. Companies can also opt for many first-party expense reimbursement coverages, including data restoration, business interruption, computer and funds transfer fraud, crisis management and security.
- Product liability coverage: Provides coverage for loss arising from bodily injury risk. Available options cover fitness tracking devices as well as doctor-prescribed medical wearables.
- Errors & Omissions (E&O) liability coverage: Protects against damages that a medical device manufacturer must pay because of economic loss resulting from its products or its work and caused by an error, omission or negligent act.
Kirstin Simonson is 2VP of Travelers Global Technology.