Visualize: Insights that power innovation

Visualize: Insights that power innovation

The era of vehicle hacking is here. Are insurers ready?

By Andrew Blancher, CPCU  |  July 7, 2020

Picture a day in the hopefully not-too-distant future when we’re all back to our pre-pandemic routines (nice, isn’t it?). You’re back in the groove of your morning commute, looking forward to picking up on your audio book as you hop into the driver’s seat and start your truck.

But rather than the normal hum of the engine turning over, nothing happens. Well, not nothing. Your media console lights up with an ominous message: “This vehicle has been hijacked. To unlock your truck, please forward five CryptoCoins to the following address.”

There goes your day.

A new era of vehicle risk

The above scenario is a fictitious but entirely plausible account of just one of the emerging risks associated with vehicle hacking.1

Think of vehicle hacking as a cyberattack targeting various access points in a connected vehicle (that is, a vehicle that can wirelessly communicate and share data with other devices, platforms, and internal and external networks and systems.). Once a vehicle has been breached, an auto hacker can wreak all manner of havoc.2

Vehicle hacks could include:

  • shutting down the car or truck and demanding a ransom to restart it
  • commandeering the steering, braking, HVAC or other vehicle controls from the driver
  • denial of service attacks that temporarily disable a vehicle

As connected vehicle technology continues to evolve toward greater electronic control and wireless communication, the opportunities for malicious exploits will likely only grow.3 Indeed, by 2023 nearly 70 percent4 of light-duty vehicles and trucks sold globally are expected to feature Internet connectivity, while 76 million connected cars5 are projected to be sold in that same year.

A new endorsement and rating rule to cover certain vehicle hacking risks

While vehicle hacking hasn’t yet become as pervasive a real-world threat as computer hacking, vehicle manufacturers are already on notice. In 2015, one automaker was forced to recall 1.4 million vehicles following the revelation from security researchers that a vehicle series was vulnerable to remote takeover.6 The ubiquitous software updates that desktop and mobile computer owners are so accustomed to are now becoming routine for vehicles as well.7  

Risk transfer options must also keep pace with evolving vehicle technology.

At Verisk, we’ve developed a new, optional Auto Hacking Expense Coverage endorsement and corresponding rating rule to help insurers address insurance needs for vehicles equipped with modern technology.  

The endorsement is generally designed to cover certain expenses for private passenger auto and light/medium trucks associated with diagnosing, restoring, and repairing a vehicle after a hack. The coverage provides for the cost of repairing a vehicle’s computer system, temporary transportation expenses, and even ransom payments, among other related costs. (ISO customers can access ISO Circular LI-CA-2020-229 for the details on the draft coverage language and rule.)

As the road becomes a target-rich environment for hackers, we’re working to provide insurance coverage solutions that can help minimize and mitigate the costs of this emerging risk.  

 

  1. Thomas Roccia, “Today’s Connected Cars Vulnerable to Hacking, Malware,” McAfee, March 27, 2018,
    < https://www.mcafee.com/blogs/other-blogs/mcafee-labs/todays-connected-cars-vulnerable-hacking-malware >, accessed on June 23, 2020.
  2. Ibid.
  3. Autothreat Intelligence Cyber Incident Repository, Upstream, June 9, 2020,
    < https://www.upstream.auto/research/automotive-cybersecurity/?id=null >, accessed on June 23, 2020.
  4. “Share of new light-duty vehicles and trucks sold that are connected to the Internet worldwide and in the United States in 2023,” Statista, November 14, 2019,
    < https://www.statista.com/statistics/275849/number-of-vehicles-connected-to-the-internet/ >, accessed on June 23, 2020.
  5. I. Wagner, “Connected Cars – Statistics and Facts,” Statista, April 6, 2020,
    < https://www.statista.com/topics/1918/connected-cars/ >, accessed on June 23, 2020.
  6. Andy Greenberg, “After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix,” WIRED, July 24, 2015,
    < https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/ >, accessed on June 23, 2020.
  7. Brian Turner, “Does Your Vehicle Need a Software Update?,” Driving, January 5, 2017,
    < https://driving.ca/auto-news/news/does-your-vehicle-need-a-software-update-and-why >, accessed on June 23, 2020.

Andrew Blancher is Director of Commercial Auto and Emerging Issues at ISO. You can contact him at Andrew.Blancher@verisk.com.