Category Archives: Terrorism Risk

It’s Not an “Insurance Crisis” — It’s a Risk Crisis

Ten states – Louisiana, Florida, Idaho, Kentucky, Mississippi, Montana, North Dakota, South Carolina, Texas, and Virginia – as well as additional plaintiffs, are suing the Federal Emergency Management Agency (FEMA) over its new methodology for pricing flood insurance, Risk Rating 2.0. On Sept. 14, a federal hearing lasted six hours as the plaintiffs sought a preliminary injunction to halt the new pricing regime while the lawsuit plays out.

Many residents of these states are understandably upset about seeing their flood insurance premium rates rise under the new approach. There may not be much comfort for them in knowing that the current system is much fairer than the previous one, in which higher-risk homeowners subsidized those with lower risks. Similarly, policyholders who have had their premium rates reduced under Risk Rating 2.0 are unlikely to take to the streets in celebration.

These homeowners aren’t alone in seeing insurance rates rise – or even having to struggle to obtain insurance. And these difficulties aren’t confined to holders of flood insurance policies. Florida and California are two states in which insurers have been forced to rethink their risk appetite – due in part to rising natural catastrophe losses and in part to regulatory and litigation environments that make it increasingly difficult for insurers to profitably write coverage.

Even before the COVID-19 pandemic and Russia’s invasion of Ukraine – and the supply-chain and inflationary pressures they created – the property/casualty insurance market was hardening as insurers adjusted their pricing and their risk appetites to keep pace with conditions that were driving losses up and eroding underwriting profitability – topics Triple-I has written about extensively (see a partial list below).

“Rising insurance rates are not the problem,” says Dale Porfilio, chief insurance officer at Triple-I. “They are a symptom of rising losses related to a range of factors, from climate and population trends to post-pandemic driving behaviors and surging cybercrime to antiquated policies, outdated building codes, fraud, and legal system abuse.”

In short, we are not experiencing an “insurance crisis,” as many media outlets tend to describe the current state of the market; we are experiencing a risk crisis. And even as the states referenced above push back against much-needed flood insurance reform, legislators in several states have been pushing measures that would restrict insurers’ ability to price coverage accurately and fairly – rather than addressing the underlying perils and forces aggravating them.  

Triple-I, its members, and a range of partners are working to educate stakeholders and decisionmakers and promote pre-emptive risk mitigation and investment in resilience. We are using our position as thought leaders and our unique non-lobbying role in the insurance industry to reach across sector boundaries and drive constructive action. You will be hearing more about these efforts over the next few months.

The success of these efforts will require a collective understanding among stakeholders and decisionmakers that for insurance to be available and affordable frequency and severity of risk must be measurably reduced. This will require highly focused, integrated projects and programs – many of them at the community level – in which all stakeholders (co-beneficiaries of these efforts) will share responsibility.

Want to know more about the risk crisis and how insurers are working to address it? Check out Triple-I’s upcoming Town Hall, “Attacking the Risk Crisis,” which will be held Nov. 30 in Washington, D.C.

Learn More:

Shutdown Threat Looms Over U.S. Flood Insurance

FEMA Incentive Program Helps Communities Reduce Flood Insurance Rates for Their Citizens

More Private Insurers Writing Flood Coverage; Consumer Demand Continues to Lag

Shift in Hurricane Season’s Predicted Severity Highlights Need for Prospective Cat Risk Pricing

California Needs to Make Changes to Address Its Climate Risk Crisis

Illinois Bill Highlights Need for Education on Risk-based Pricing of Insurance Coverage

IRC Outlines Florida’s Auto Insurance Affordability Problems

Education Can Overcome Doubts on Credit-Based Insurance Scores, IRC Survey Suggests

Matching Price to Peril Helps Keep Insurance Available & Affordable

Triple-I “State of the Risk” Issues Brief: Flood

Triple-I “State of the Risk” Issues Brief: Hurricanes

Triple-I Issues “Trends and Insights” Brief: Risk-Based Pricing of Insurance

Complex Risks in a Complicated World:Are Federal Government “Backstops” The Answer?

Two U.S. agencies have agreed to explore the potential need for a federal mechanism – analogous to the one put into place for terrorism insurance after the 9/11 attacks – to address the growing cybersecurity threat to critical infrastructure. The perceived need to do so speaks to the growing complexity and interrelatedness of this and other risks facing governments, businesses, and communities today.

The Government Accountability Office (GAO), in a recently published report, recommended that Treasury’s Federal Insurance Office (FIO) and Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) take this action.  It acknowledges that FIO and CISA have “taken steps to understand the financial implications of growing cybersecurity risks” – but those actions have not included the possible need for a federal insurance mechanism.

“Cyber insurance and the Terrorism Risk Insurance Program (TRIP)—the government backstop for losses from terrorism—are both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks,” the GAO report says. “Cyber insurance can offset costs from some of the most common cyber risks, such as data breaches and ransomware. However, private insurers have been taking steps to limit their potential losses from systemic cyber events.”

Insurers are excluding coverage for losses from cyber warfare and infrastructure outages, the report notes, and cyberattacks may not meet TRIP’s criteria to be certified as terrorism.

As we’ve previously reported, some in the national security world have compared U.S. cybersecurity preparedness today to its readiness for terrorist acts prior to the 9/11. Before Sept. 11, 2001, terrorism coverage was included in most commercial property policies as a “silent” peril – not specifically excluded and, therefore, covered. Afterward, insurers began excluding terrorist acts from policies, and the U.S. government established the Terrorism Risk Insurance Act (TRIA) to stabilize the market.  TRIA created TRIP as a temporary system of shared public and private compensation for certain insured losses resulting from a certified act of terrorism.

Treasury administers the program, which has to be periodically reauthorized. TRIP has been renewed four times – in 2005, 2007, 2015, and 2019 – and the backstop has never yet been triggered.

The GAO recommendation that a similar solution be considered for cyber risk highlights the potential insufficiency of traditional risk-transfer products to address increasingly complex and costly threats. Alongside terrorism and cyber, we’ve experienced – and continue to experience – the myriad perils of pandemic, with its assorted impacts on the global supply chain, driving behavior, business interruption and remote work practices, and the economy. Even if those challenges moderate, we will continue to face what is perhaps the most entangled set of risks on the planet: those associated with climate and extreme weather.

One only has to look as far as Florida, where the insurance market is on the brink of failure as writers of homeowners coverage begin to go into receivership and global reinsurers reassess their appetite for providing capacity in that hurricane-prone, fraud- and litigation-plagued state. Or, one could follow the wildfire activity in recent years; or flood loss trends, increasingly creating problems inland, where flood insurance purchase rates tend to be lower than in coastal areas; or insured losses due to severe convective storms, which have been rising in parallel with losses from hurricanes.

Fortunately, many states are taking steps – often with partners, including the insurance industry – to anticipate and mitigate such risks. Much is being done, but much work remains to change behaviors, best practices, and public policies in ways that will reduce risks and improve availability and affordability of coverage.

“Silent” Echoes of 9/11 in Today’s Management of Cyber-Related Risks

“The cyber landscape to me looks a lot like the counterterrorism landscape did before 9/11.”
Garrett Graff , historian and journalist

Before Sept. 11, 2001, terrorism coverage was included in most commercial property policies as a “silent” peril – not specifically excluded, therefore covered. Afterward, insurers began excluding terrorist acts from policies, and the U.S. government established the Terrorism Risk Insurance Act (TRIA) to stabilize the market.

TRIA requires insurers to make terrorism coverage available to commercial policyholders but doesn’t require policyholders to buy it. Originally created as three-year program allowing the federal government to share losses due to terrorist attacks with insurers, it has been renewed four times: in 200520072015, and 2019.  

An evolving risk

Terrorism risk has evolved in complexity and scope, and some in the national security world have compared U.S. cybersecurity preparedness today to its readiness for terrorist acts two decades ago.

“The cyber landscape to me looks a lot like the counterterrorism landscape did before 9/11,” historian and journalist Garrett Graff said during a recent Homeland Security Committee event at which scholars and former 9/11 Commission members urged lawmakers to increase funding for the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies focused on preventing attacks.

Cyber is more complicated, said Amy Zegart, co-director of Stanford University’s Center for International Security and Cooperation, due to the private sector’s role “as both a victim and a threat vector. There are more people in the U.S. protecting our national parks than there are in CISA protecting our critical infrastructure.”  Cyberattacks like the one on the Colonial Pipeline underscore this reality.

When TRIA was reauthorized in 2019, a crucial component was the mandate for the Government Accountability Office (GAO) to make recommendations to Congress on amending the act to address cyberthreats. The trillion-dollar infrastructure bill now being considered in Congress proposes $1.9 billion for cybersecurity, with more than half set aside for state, local, and tribal governments. It would establish a Cyber Response and Recovery Fund for use by CISA.

“Silent cyber”

Like terrorism before 9/11, much cyber risk remains silent. Silent cyber – also called “non-affirmative cyber” – refers to potential losses stemming from policies not designed to cover cyber-related hazards. If silent cyber isn’t addressed, insurer solvency could be affected, ultimately hurting policyholders. 

The United Kingdom’s Prudential Regulation Authority in 2019 sent a letter to all U.K. insurers saying they must have “action plans to reduce the unintended exposure” to non-affirmative cyber. Later that year, Lloyd’s issued a bulletin mandating clarity on all policies as to whether cyber risk is covered. This led many insurers to exclude cyber or include it and price the risk accordingly. 

“Other regulators and the rating agencies have been less vocal about the issue” writes Willis Towers Watson,  “and, until recently, efforts to address silent cyber have been limited.” Some insurers – most notably in the specialty mutual sector – updated their policies in the mid-2010s to provide clarity on cyber. But, until recently, movement elsewhere has been sporadic, Willis writes.

Event-driven action

The recent proliferation of ransomware attacks leading to business interruption has led to cyber insurance – which began as a diversifying, secondary line – becoming a primary insurance-purchasing consideration. Unfortunately, while policies are available, many policyholders still incorrectly expect to be covered under their property and liability policies. Confusion around cyber coverage can lead to unexpected gaps.

“In a best-case scenario, a cyber incident may trigger coverage under multiple policies and increase the available total limit to respond to a covered event,” said Adam Lantrip, CAC Specialty’s cyber practice leader. “In a more common scenario, multiple policies may be triggered but not coordinate with one another, and the policyholder spends more on legal fees than the cost of having purchased standalone cyber insurance in the first place.”

Cyber risk will only grow in significance, complexity, and cost as the world becomes more wired and interdependent. The costs of cyberattacks are potentially massive and need to be mitigated in advance.

From the Triple-I blog

Emerging Cyber Terrorism Threats and the Federal Terrorism Risk Insurance Act

A World Without TRIA:  Formation of a Federal Terrorism Insurance Backstop

Brokers, Policyholders Need Greater Clarity on Cyber Coverage

Cyber Risk Gets Real, Demands New Approaches

Businesses Large and Small Need to Be Cyber Resilient in a COVID-19 World

Victimized Twice? Firms Paying Cyber Ransom Could Face U.S. Penalties

From Risk & Insurance (an affiliate of The Institutes and sister organization to Triple-I)

Silent Cyber Will Sabotage Your Insurance Policy if You Don’t Watch Out. Here’s What Risk Managers Should Keep Top of Mind

Piracy Is Still a Risk; Pandemic Hasn’t Helped

August is International Pirate Month – mainly, I suppose, because it’s fun to say “Arrrg-ust” like a Caribbean swashbuckler from the movies.  But many people outside the maritime and insurance industries don’t realize that piracy remains a costly peril in the 21st century – and, like so many other risks, it may have gotten worse during the COVID-19 pandemic.

Global insurer Zurich estimates the annual cost of piracy to the global economy at $12 billion a year and, according to the International Maritime Bureau’s Piracy Reporting Centre (IMB PRC), global piracy and armed robbery numbers increased 20 percent in 2020. IMB PRC’s latest annual report lists 195 actual and attempted attacks in 2020, up from 162 in 2019. It attributes the rise to increasing incidents within the Gulf of Guinea in Africa, as well as increased armed robbery activity in the Singapore Strait.

In its Safety and Shipping Review 2021, global insurer Allianz says, the Gulf of Guinea accounted for over 95 percent of crew members kidnapped worldwide in 2020.

“Last year, 130 crew were kidnapped in 22 separate incidents in the region – the highest ever – and the problem has continued in 2021,” the report says. “Vessels are being targeted further away from the shore – over 200 nautical miles from land in some cases.”

The COVID-19 pandemic may have played a role in this rise in pirate activity, as it is tied to underlying social, political, and economic problems.

The economic effects of the pandemic have been especially devastating in parts of the world where piracy tends to be a problem: job losses, negative growth rates, and increased poverty. According to the International Monetary Fund (IMF), China is the only major economy projected to have a positive growth rate in 2020. The economies of most other countries have shrunk, some by more than 9 percent. Overall, the global economy likely shrank by at least 4 percent in 2020, and the World Bank expects an additional 150 million people have been pushed into poverty.

The economic costs of the pandemic have been particularly challenging for piracy-prone countries, and pre-COVID economic conditions in many of these places almost certainly means slower recoveries. 

“Pirates, criminals, and terrorists exploit poverty and desperation to seek recruits, gain support, and find shelter. To counter these threats, we need to raise awareness and educate people, especially youth, while providing alternative livelihoods and support for local businesses,” said Ghada Waly, Executive Director at the UN Office on Drugs and Crime.

Pandemic’s impact on crews

Crew relief is essential to ensuring the safety and health of seafarers. Fatigued crew members make mistakes, and there are serious concerns for the next generation of seafarers. COVID-19 is affecting training, and the sector may struggle to attract new talent due to working conditions.

Reduced availability of well-trained crews could leave vessels more vulnerable as the global economy and international trade rebounds.

In March, the International Chamber of Shipping warned that lack of access to vaccinations for seafarers is placing shipping in a “legal minefield” and could cause disruption to supply chains from cancelled sailings and port delays.

“Vaccinations could soon become a compulsory requirement for work at sea because of reports that some states are insisting all crew be vaccinated as a precondition of entering their ports,” Allianz writes. “However, over half the global maritime workforce is currently sourced from developing nations, which could take many years to vaccinate. In addition, the vaccination of seafarers by shipping companies could also raise liability and insurance issues, including around mandatory vaccination and privacy issues.”

COVID-19’s confounding implications for international piracy were illustrated last month, when more than 80 percent of a South Korean anti-piracy unit serving a mission off the coast of Somalia were found to have tested positive and were airlifted out. South Korea’s defense ministry has said the unit left the country in February unvaccinated. The government has defended the decision, citing lack of vaccine availability at the time.

Learn More:

Insuring marine businesses and cargo

From the Triple-I Blog:

COVID-19 and shipping risk

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

  • Vulnerabilities and potential costs of cyber-attacks to the United States;
  • Whether adequate coverage is available for cyber terrorism;
  • Whether cyber terrorism coverage can be adequately priced by the private market;
  • Whether TRIA’s current structure is appropriate for cyber terrorism events; and
  • Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

House approves TRIA, NFIP extensions as part of $1.4 trillion spending package

On Tuesday, December 17, the House approved a package of bills that includes a seven-year reauthorization of the Terrorism Risk Insurance Act (TRIA) and funding for the National Flood Insurance Program until September 30, 2020.

Numerous insurance industry groups applauded the extension of TRIA. The act has been an important support in the effort to supply terrorism insurance through the private market. Since it was enacted, the percentage of companies purchasing terrorism insurance has risen to 80 percent, and the price of coverage has fallen more than 80 percent.

The $1.4 trillion spending package also includes:

  • Federal funding ($25 million) for gun violence research for the first time in 20 years.
  • A repeal of Obamacare taxes, including a 2.3 percent excise tax on medical devices, a health insurance industry fee that would have taken effect in 2020, and the 40 percent “Cadillac” excise tax on the most expensive health-insurance plans.
  • The Setting Every Community Up for Retirement Enhancement (SECURE) Act of 2019, which features provisions that make it easier for smaller employers to join open multiple-employer plans, ease non-discrimination rules for frozen defined benefit plans, and add a safe harbor for selecting lifetime income providers in defined contribution plans.

The bill is expected to pass the Senate and be signed by President Trump before government funding expires on December 20.

Terrorism risk insurance program renewal advances in Senate

A bill to reauthorize the Terrorism Risk Insurance Act (TRIA) of 2002 was passed on November 20 by the U.S. Senate Committee on Banking, Housing, and Urban Affairs. The unanimous decision was made only a day after the U.S. House of Representatives voted to renew the federally backed terrorism insurance coverage backstop program, which is set to expire in December 2020.

The bill includes a provision to study cyber terrorism and the availability and affordability of coverage, specifically for places of worship.

“The bill being considered today would not only avoid significant uncertainty in the marketplace, but it also preserves the taxpayer reforms included in the last reauthorization,” said Senate Banking Committee chairman  Mike Crapo (R-Idaho) in a statement.

The 2015 reauthorization “required the private insurance industry to absorb and cover the losses for all but the largest acts of terror”, Sen. Crapo said. This included requiring total insurance industry insured losses for certified acts of terror to exceed $200 million before federal assistance would become available and increasing the industry’s aggregate retention amount to $37.5 billion.

The decision was met with resounding approval from insurance industry representatives and other stakeholders.

The next steps are for the Senate Banking Committee version to be approved by the full Senate,  any differences between the two measures (which are said to be virtually identical) to be reconciled, and the final bill to be signed into law by President Trump.

Jimi Grande, senior vice president of government affairs at the National Association of Mutual Insurance Companies (NAMIC) said, “With passage of TRIA reauthorization legislation out of the House on Monday, today’s unanimous passage of an identical bill out of the Senate Banking Committee demonstrates that there is little daylight between the two chambers or between the two sides of the aisle. There is no reason Congress shouldn’t be able to get a bill to the president’s desk by the end of the year.”

To get an idea of what could happen without a government terrorism backstop we’ve been searching our database for news items that appeared in the aftermath of the terrorist attacks on September 11, 2001, before the federal program was in place. Below is an abstract citing a Wall Street Journal article about the impact on workers’ compensation. This line would be one of the most affected by a lack of a backstop because, unlike other insurance lines, workers’ compensation insurers have no choice but to include terrorism coverage in their policies.

House Panel Approves Terrorism Insurance Backstop Reauthorization

“Ground Zero,Lower Manhattan,NYC.”

The House Financial Services Committee on October 31 approved an amended version of the Terrorism Risk Insurance Program Reauthorization Act of 2019 that would require the Government Accountability Office (GAO) to report on cyberterrorism risks and the Department of Treasury to issue a biennial report that includes “disaggregated data on places of worship.”

The Terrorism Risk Insurance Act of 2002 (TRIA), approved after the 9/11 terrorist attacks in New York City and Washington, D.C., provided a backstop to encourage insurers to resume writing terrorism policies. After 9/11, primary insurers sought to explicitly exclude terrorism coverage from their commercial policies, and reinsurers became unwilling to assume risks in urban areas perceived as vulnerable to attack.

TRIA created the Terrorism Risk Insurance Program (TRIP), a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism. TRIP provides a backstop for insurers and has to be periodically reauthorized. It is currently due to expire at the end of 2020.

In addition to the reporting requirements mentioned above, the amended legislation shortens the extension period from 10 years.

The bill says the cyber report should analyze the general vulnerabilities and potential costs of cyberattacks on the nation’s infrastructure and reach conclusions about whether cyberrisk, particularly cyberliabilities, under property/casualty insurance, can be sufficiently covered and adequately priced.

The insurance industry has praised the progress of the extension as well as the proposed studies of cyber exposures. The next step toward TRIA reauthorization is a floor vote in the House of Representatives.

Follow the conversation about the federal terrorism backstop here.

A world without TRIA: premiums skyrocket following 9/11

Below is an abstract from the I.I.I. database citing a Wall Street Journal article from October 8, 2001. It describes the sharp increase in insurance rates immediately following the terrorist attacks of 9/11 2001.

The abstract is part of our series covering the Terrorism Risk Insurance Act of 2002 (TRIA). The act made public and private sharing of insured losses from acts of terrorism in the United States possible.

I.I.I.’s report, A World Without TRIA: Incalculable Risk, describes the function of the federal  terrorism backstop.

Wedding Big Rigs to IoT: What Could Possibly Go Wrong?

“We went out again. We got maybe six steps before lights blared in our faces. It had crept up, big wheels barely turning on the gravel. It had been lying in wait and now it leaped at us, electric headlamps glowing in savage circles, the huge chrome grill seeming to snarl.”

Transportation and logistics companies are now among the top-targeted industries by computer hackers

When Stephen King wrote Trucks – a tale of big rigs, pickups, and earth movers coming suddenly to life and terrorizing people they had trapped in a diner – he didn’t speculate about how or why they’d been incited to malevolence. Aliens? The Soviets? Who cared? It was the 1970s, and all he needed to do was deliver a solid horror yarn.

I loved that story when I read it in high school – mainly because it scared the daylights out of me and yet I knew for sure it couldn’t happen. Could it? Nah!

Today I read an article about “platooning”, in which “a lead vehicle wirelessly assumes control over the throttle and braking of one, two, or more vehicles following along behind it. In many scenarios, the drivers in a platoon continue to steer their vehicles and can disengage from the convoy at any time, but the first vehicle determines the speed and braking maneuvers of the entire platoon. Because the follower trucks maintain constant communication with the lead vehicle and have synchronized acceleration and braking, platooning trucks can maintain much shorter distances between themselves as they travel.”

Bam! I was right back in that 1970s diner inside Stephen King’s warped, brilliant, and quite possibly prophetic brain.

From there I time traveled forward to Bastille Day 2017 in Nice, France, where 84 people were killed when a radicalized individual plowed a 20-ton truck into a crowd waiting to watch a fireworks display. The previous December, CNN reminded me, 12 people were left dead and 48 injured when a tractor trailer was driven into a Berlin Christmas market.

“Platooning, which is based on vehicle-to-vehicle (V2V) communications, has been shown to increase the fuel efficiency of both the lead and following vehicles, saving fleet operators money and reducing carbon dioxide emissions,” the article in Verisk’s Visualize insurance news and thought leadership site tells me comfortingly. It cites a German pilot program in which truck platooning generated fuel savings of 3 to 4 percent. Platooning could lead to huge cost savings for businesses and consumers.

Who doesn’t love fuel efficiency?

And then I read an article in Today’s Trucking that began:

“When Harold Sumerford’s phone rang at 2:30 a.m. on April 2, he knew the news couldn’t be good. But he figured it was probably the safety department – not the CFO telling him the company’s entire computer system was down from a ransomware attack.”

Sumerford is CEO of J&M Tank Lines. According to the article, it took four days for his company to begin functioning after the attack, “and during those four days, they weren’t able to bill any customers or enter anything into the system.”

Granted, this is a far cry from having the entire fleet go on a murderous rampage, but the Internet of Things is still young.  It hasn’t been long since researchers demonstrated that they could remotely do everything from altering a big rig’s  instrument panel to triggering unintended acceleration or disabling brakes.

“These trucks carry hazardous chemicals and large loads,”  Bill Hass, one of the researchers from the University of Michigan’s Transportation Research Institute, told Wired. “If you can cause them to have unintended acceleration…I don’t think it’s too hard to figure out how many bad things could happen with this.”

J&M’s experience, according to Today’s Trucking, was “just one example of a rapidly growing problem with cybersecurity in the trucking industry. Transportation and logistics companies are now among the top-targeted industries by computer hackers.”

According to an article in ZDNet published just a few weeks ago, “Hackers are deploying previously unknown tools in a cyberattack campaign targeting shipping and transport organisations with custom trojan malware. Identified and detailed by researchers at Palo Alto Networks’ Unit 42 threat intelligence division, the campaign has been active since at least May 2019 and focuses on transportation and shipping firms operating out of Kuwait in the Persian Gulf.”

This as everyone I know seems to be panting with enthusiastic anticipation for vehicles that drive themselves!

Look, I’m no Luddite. I appreciate the benefits offered by and realized through interconnectivity.

But I also have a front row seat observing the difficulties people who assess and quantify risk for a living experience in getting and keeping their heads around the ever-changing world of cyberrisk.  As data and “stuff” become increasingly intertwined and the risks surrounding them are less clearly defined, is it so unreasonable to suggest that pushing humans out of the driver’s seat at this moment isn’t the only or best path to traffic safety, low prices, and reducing our collective carbon footprint?