Creating Market Incentives for Secure Industrial IoT

The challenge

Industrial IoT is expected to transform manufacturing, energy, agriculture, transport and other industrial sectors of the economy, which together account for nearly two-thirds of the global gross domestic product. Unfortunately, many of these companies are unprepared for the potential risk and liability brought on by these new technologies, including new threats to public safety, physical harm and catastrophic systemic attacks on shared public infrastructure. As today’s economy continues to prioritize time-to-market and the profitability of solutions over security, the threat of serious physical, financial and institutional harm grows. Moreover, cybersecurity poses a unique challenge for government regulation of businesses as the process for certifying and enforcing good security practices can be too labour-intensive and costly for governments to address on their own.

The opportunity

Market forces could play a critical role in helping establish and catalyse new norms and best practices for the security of industrial IoT devices and systems. Lower insurance premiums, for example, prompted millions of business and consumers to install fire and security systems. Similarly, good driver discount programmes have created tangible financial incentives for safer and more careful behaviour. Through this project, the same incentive structure – tying minimum safety standards and practices to the sale and pricing of insurance policies – will be applied to industrial IoT deployments. In parallel, this approach will be applied to government stimulus funding and financing programmes for industry. Lastly, through certification, companies have the prospect to differentiate themselves within an increasingly competitive industrial IoT marketplace.


Over the last year, more than two dozen companies, governments, organizations and universities have collaborated with the Centre to co-design the Industrial IoT Safety and Security Protocol. This first-of-its-kind policy framework generates an understanding of how insurance can facilitate the improvement of industrial IoT security design, implementation and maintenance practices. It also puts forth a universal set of security best practices that should be incorporated in all industrial IoT deployments. The next step of the project is to pilot these incentive structures with insurance companies, governments and private-sector stakeholders, refine the underlying operating models, and then share these outcomes to scale up adoption internationally and across sectors.

Industry Pilot Project Building Cyber Resilience in the Aviation Sector

Public and private sectors are finding ways to increase collaboration and to support the drafting of an effective strategy and build the required levels of cyber-resilience understanding and governance. Through this project, key stakeholders in the aviation industry are aligning to develop a method to quantify risk exposure against a defined baseline of “common duty of care” for the aviation sector. It is intended that this measurable baseline would become the reference for risk owners and managers, capital investors and the insurance industry, where the lower the position the higher the indicative cost of transferring risk.

This framework to quantify risk exposure will be piloted through the airport structure and its operational community. The airport ecosystem provides immediate access to the critical capabilities and infrastructure of the aviation industry. Airports also provide an important reference to the interdependencies associated with cyber incidents and the impacts across such a broad ecosystem. Furthermore, the framework will serve as a foundation that will be adapted to a series of industry use cases. 

Find out more...