By Michael George and Chris Boots - Tue, Apr 1, 2025 - Blog
Michael George and Chris Boots from AMJ Insurance discuss the need for integration businesses to ensure they have cybersecurity insurance.
In 2017, there was a major breach at a Las Vegas casino. Through a controller operating a fish tank, someone was able to break in and access portions of the network. It wasn’t on its own VLAN, it was connected to the main network. This meant that once they got access to the one fish tank controller, they were able to delve deeper into the casino’s network and steal vast sums of money.
Cybersecurity insurance in the smart home technology sector refers to specialized coverage designed to protect homeowners and businesses from financial losses resulting from cyberattacks or data breaches. As smart devices become increasingly integrated into daily life, the risk of cyber threats grows, making this insurance essential for mitigating potential damages. It typically covers costs related to data recovery, legal fees, and liability claims, ensuring that users can safeguard their investments in smart home technology while maintaining peace of mind.
So, the question is, at what point does the integrator become liable? Will integrators get sued because a cybersecurity issue enabled someone to break into a property that they worked on? And will homeowners argue that, ‘you installed the technology, so you are liable’?
We already address these and other questions. In fact, we’ve been working with CEDIA members since 1993.
On one occasion, we had a situation with an integrator who had installed a Nest thermostat in a business owner’s home. Unfortunately, he had neglected to reset the default password. This oversight opened the door for an unauthorized individual to access the Nest device, which then allowed them to infiltrate the owner’s work computer and gain access to the company’s network.
The insurance company conducted an investigation to determine the cause of the breach and traced the intrusion back to the Nest device. As a result, they sought to hold the integrator accountable for the security lapse. Fortunately, he had cybersecurity insurance, which provided a layer of protection in this case.
While there was some payout from the insurance, the incident highlighted the critical importance of cybersecurity measures, especially in an age where many devices are connected. The integrator, who only intended to help the business owner create a more comfortable home environment during COVID – by installing the Nest thermostat and a flat-screen TV so he could video conference with his employees – learned a tough lesson about the vulnerabilities associated with modern technology. It was a stark reminder that even a small oversight can lead to significant consequences.
Don’t wait until it’s too late
In the US, only 17% of businesses have cybersecurity insurance, and of these, 48% did not purchase this level of insurance until after their first attack. By waiting until this happens, your rate will be higher.
Business owners will say, ‘this isn’t going to happen to me – it’s someone else’s problem,’ but no, it’s really our problem here and now. Nearly a third of attacks happen to companies that have less than 100 employees.
If you are an integration company, then it is a no-brainer, you have to have cybersecurity insurance. Business owners may think, ‘well, I already have insurance, so I’m covered.’ No, this isn’t the case – general liability doesn’t cover this sort of thing. Your insurance needs to include technology errors and omissions and cyber, and these have to be packaged together. Also, look into including prior acts coverage, so that you can’t be liable for a breach in a system that you installed 15-20 years ago.