To the driver of the typical car today, a 10.7 year-old vehicle in the EU, connected features such as active park assist, lane-keeping or driver alert systems can seem a long way in the future. But the connected world is here, it is real now, and almost every premium vehicle sold today connects to the web to offer some form of personalised services in the Internet of Things (IoT).

As far back as 2016, BMW Connected Drive became standard on all models, with smarter vehicle control and services for email, news, weather and other text-to-speech functions. Other programmes such as Ford’s Sync 3 and GM’s OnStar became standard way back in 2014.

Increasingly automatic functions are driving the technology content of vehicles, and changing who is in control, starting with feet off (cruise control) to hands off (beginning with temporary hands off, lane assist) to eyes off (semi-autonomy) to brain off (full autonomy).

Speaking at our recent Customer Advisory Meeting, Dr George Gillespie, CEO of MIRA, commented on how the automotive industry – together with government support in the UK from the Centre for Connected & Autonomous Vehicles – is preparing for the mega-trends of the next 25 years.

Through the MIRA engineering consultancy Dr Gillespie is a leader in the UK’s connected vehicle technology evolution, working with the Automotive Council UK.

The car is increasingly part of the connected ecosystem. By 2020, 20% of all vehicles on the road worldwide will have some form of network connection, equivalent to 250 million connected vehicles.

The proliferation of vehicle connectivity has implications across the major functional areas of insurance telematics, automated driving, infotainment and mobility services.

“The vehicle is very much a part of the IoT,” commented Dr Gillespie in the conference. “It could very well end up being the biggest data source, with connected cars generating data at the rate of 25 gigabytes per day, rising to 300 terabytes, which is the data estimated to be generated by an autonomous vehicle per year.”

Whilst each computer chip embedded in a fully-autonomous vehicle will be processing data at the rate of 2 GHz, the guidance computer of the Apollo 11 mission to the moon processed at a snail-like 1 MHz in comparison, and it’s external signaling was half that.

What does the IoT and vehicle autonomy mean for insurance?

But what does all of this mean for the automotive companies and insurance providers, keeping up with the IoT over the long term? After all, we are talking about highly-complex vehicles, much more challenging in terms of technology and risk than what insurance deals with today.

By 2022 the UK government intends the country to be well on its way to a driverless future. A legal review is underway to determine some legal questions that will impact on insurance, such as:

  • whether there is a need for new criminal offences to deal with novel types of conduct and interference
  • who is the ‘driver’ or responsible person, as appropriate
  • how to allocate civil and criminal responsibility where there is some shared control in a human-machine interface
  • the role of automated vehicles in smart cities: within public transport networks and emerging platforms for on-demand passenger transport, car sharing and new business models providing mobility-as-a-service
  • what is the impact on other road users and how they can be protected from risk?

Everyone agrees that the period of highest risk will be the ‘fuzzy middle’, the hybrid period when autonomous and driven vehicles will share the roads, and the period of handover when a driver could be suddenly requested by the vehicle to take back control (likely to happen in reality very quickly in case of any vehicle failure).

There are going to be many factors and technologies to deliver the final product. In another recent blog article we commented on the road map from Level 1, Level 2, through to Level 5 autonomy. In our CAM meeting Dr Gillespie commented that there are still many data challenges to be dealt with, with machines making split-second decisions related to personal injury and property damage.

“How is government going to certify these vehicles? The moral dilemmas with risk are there. But they are so much less than the risk we face now,” said Dr Gillespie.

Considering the annual 1.3 million deaths globally from road traffic accidents, that would be the equivalent of six fully loaded A380 airplanes crashing every day.

“Machines will deal drastically with those accident statistics,” commented Dr Gillespie.

“But the Achilles heel is that the vehicle then becomes a cyber-physical device, with the resulting cyber threats….As we all know, you don’t fix cyber security, you manage it.”

New business models and new risks

  • Cyber security: the biggest ongoing risk associated with connected vehicles and the IoT
  • Vehicle complexity: will lead to product liability insurance for the vehicle OEMs
  • Vehicle complexity: data diagnostics and proving who is responsible for product failure is going to be a key development
  • Product cost: fewer claims but significantly higher repair costs, and repairs more likely to take place in authorised automotive networks
  • Lower claims frequency: with fewer crashes, there has been various estimates but the Bank of England forecasts a 41% drop in traditional UK motor insurance premiums by 2040 (the year when driverless cars could account for 80% of new vehicle sales)
  • Data analytics: new opportunities for monetising the data stream from vehicles that insurance companies will be acquiring
  • New insurance models: vehicle manufacturers have begun bundling insurance into their product, as Tesla is doing in China and the US
  • New IoT insurance models: depending on the evolution of robo-taxis and car sharing, more insurance premiums could become commercial rather than personal
  • Real-time dual insurance: complex insurance models could evolve based on who is in control in any given time.

There is a popular view that the technology could move quickly beyond Level 3 (L3) autonomy, effectively leaping over this most dangerous phase. Drivers are still necessary in L3 cars, but are able to completely shift “safety-critical functions” to the vehicle, under certain traffic or environmental conditions. It means that the driver is still present and will intervene if necessary, but is not required to monitor the situation in the same way as for the previous levels.

The Audi A8 recently became the first L3 vehicle to launch, although it is not yet able to fully deploy its features on the road.

In so far as control of the vehicle is going to flip between the human and the machine, for insurance the future is likely to mean a move to real-time risk assurance.

The connected car is going to become the most complex and the most data-rich platform in the whole IoT, creating huge challenges for digital vehicle resilience, for identifying critical risks and designing against them.

The potential entry points for cyber attackers are many, including the physical (USB, OBD-II, infotainment CDs and in-vehicle networks such as CAN, Flexray) and remote (via a keyless entry device, GPS, wi-fi, Bluetooth, V2X, cellular 3G/4G/5G and OEM and other backend systems). As countermeasures are improving we could expect attacks to move ‘down the technology stack’.

It all adds up to a vast vehicle attack surface for cyber-crime and data protection.

LexisNexis Risk Solutions, a unit of RELX Group, is a global data technology and advanced analytics leader, with customers in over 100 countries worldwide.

Follow the link to the LexisNexis Risk Solutions website to find out more about how we support insurance providers.