Cybersecurity Insurance: A Must for Smart Homes

So, the question is, at what point does the integrator become liable? Will integrators get sued because a cybersecurity issue enabled someone to break into a property that they worked on? And will homeowners argue that, ‘you installed the technology, so you are liable’?

We already address these and other questions. In fact, we’ve been working with CEDIA members since 1993.

On one occasion, we had a situation with an integrator who had installed a Nest thermostat in a business owner’s home. Unfortunately, he had neglected to reset the default password. This oversight opened the door for an unauthorized individual to access the Nest device, which then allowed them to infiltrate the owner’s work computer and gain access to the company’s network.

The insurance company conducted an investigation to determine the cause of the breach and traced the intrusion back to the Nest device. As a result, they sought to hold the integrator accountable for the security lapse. Fortunately, he had cybersecurity insurance, which provided a layer of protection in this case.

While there was some payout from the insurance, the incident highlighted the critical importance of cybersecurity measures, especially in an age where many devices are connected. The integrator, who only intended to help the business owner create a more comfortable home environment during COVID – by installing the Nest thermostat and a flat-screen TV so he could video conference with his employees – learned a tough lesson about the vulnerabilities associated with modern technology. It was a stark reminder that even a small oversight can lead to significant consequences.

Don’t wait until it’s too late

In the US, only 17% of businesses have cybersecurity insurance, and of these, 48% did not purchase this level of insurance until after their first attack. By waiting until this happens, your rate will be higher.

Business owners will say, ‘this isn’t going to happen to me – it’s someone else’s problem,’ but no, it’s really our problem here and now. Nearly a third of attacks happen to companies that have less than 100 employees.

If you are an integration company, then it is a no-brainer, you have to have cybersecurity insurance. Business owners may think, ‘well, I already have insurance, so I’m covered.’ No, this isn’t the case – general liability doesn’t cover this sort of thing. Your insurance needs to include technology errors and omissions and cyber, and these have to be packaged together. Also, look into including prior acts coverage, so that you can’t be liable for a breach in a system that you installed 15-20 years ago.