Traditional risk assessments will change radically with the growth of the Internet of Things (IoT), Lloyd’s says.

The technology will also lead to more frequent risk assessments, with the constant availability and updates of IoT systems making periodic assessments insufficient.

IoT devices will create cascading, inter-system risk, Lloyd’s says. For example, access to an IoT-powered home could affect similar systems in the work environment.

About 25 billion devices will be connected to the internet within two years. Some studies estimate that will rise to 125 billion by 2030, Lloyd’s says.

Risk assessments in the cyber sector will have to account for physical safety and digital security too, because IoT has a cyber-physical nature.

Current risk assessments have not adjusted to this variability, the paper says.

This raises questions about whether cyber-exclusion policies or non-affirmative cyber risks can still be upheld.

IoT may also automate decision-making and improve the pricing of risk. “As-you-use” policies are increasingly popular in the car insurance sector, the paper says.

If insurers can access IoT data related to predictive maintenance that clients collect from their devices, they could create policies and prices based on real-world performance, tailored to individual customer needs.

Lloyd’s warns capturing data from different systems to support automated decision-making could increase the possibility that “bad data” from one system will pollute other systems.

It warns that assessing and quantifying risk is complicated by the unclear and constantly changing boundaries between the many devices, services and systems involved.

Risk assessments will also be complicated by the range and quality of security standards for IoT. Regulatory gaps needs to be plugged too, with liability uncertainty an issue.