Creating Market Incentives for Secure Industrial IoT

Industrial IoT will be one of the largest drivers of economic growth in the coming decade. Without adequate security measures, it could also unleash catastrophic harm. Key influencers from all sectors have aligned on a possible solution to address liability concerns, while still enabling specific markets to be targeted, and elevating the security of critical infrastructure. 

The challenge

Industrial IoT is expected to transform manufacturing, energy, agriculture, transport and other industrial sectors of the economy, which together account for nearly two-thirds of the global gross domestic product. Unfortunately, many of these companies are unprepared for the potential risk and liability brought on by these new technologies. These include new threats to public safety, physical harm and catastrophic systemic attacks on shared public infrastructure. As today’s economy continues to prioritize time-to-market and the profitability of solutions over security, the threat of serious physical, financial and institutional harm grows. Moreover, cybersecurity poses a unique challenge for government regulation of businesses as the process for certifying and enforcing good security practices can be too labour-intensive and costly for governments to address on their own.

The Opportunity 

Market forces could play a critical role in helping establish and catalyse new norms and best practices for the security of industrial IoT devices and systems. Lower insurance premiums, for example, prompted millions of businesses and consumers to install fire and security systems. Similarly, good driver discount programmes have created tangible financial incentives for safer and more careful behaviour. Through this project, the same incentive structure that ties minimum safety standards and practices to the sale and pricing of insurance policies will be applied to industrial IoT. This approach will be applied to government stimulus funding and financing programmes for industry. Lastly, through certification, companies have the prospect to differentiate themselves within an increasingly competitive industrial IoT marketplace.  


Over the course of the last year, more than two dozen companies, governments, organizations, and universities have collaborated with the Centre to co-design the Industrial IoT Safety and Security Protocol. This first-ever framework generates an understanding of how insurance can facilitate the improvement of industrial IoT security design, implementation, and maintenance. It also harmonizes security best practices that should be incorporated in all industrial IoT deployments. The next step is to pilot these incentive structures with insurance companies, governments, and the private sector. The first pilot is being implemented in the aviation industry through Summer of 2020 to test and validate the Protocol. Subsequently, the underlying operating models can be refined, and then outcomes shared so that trans-national adoption can be applied across all sectors. 

Industry Pilot Building Cyber Resilience in the Aviation Sector

Key public and private stakeholders in the aviation industry are aligning to implement the first industry pilot. A multi-stakeholder community is working closely to develop a method to quantify risk exposure against a defined industry baseline of “common duty of care” through the airport structure and its operational community. It is intended that this measurable baseline would become the reference for risk owners and managers, capital investors and the insurance industry, where the lower the position the higher the indicative cost of transferring risk. Thus, generating incentives for industry players to become more cyber resilient. Furthermore, the framework will serve as a foundation that will be adapted to a series of industry use cases.