Our offices will be closed from 25 Dec – 2 Jan,for urgent enquiries please email info@whinneyinsurance.co.uk

Risks and insurance considerations for Internet of Things (IOT) companies 

The interconnectivity of devices and software is growing at a relentless pace. We would argue almost every person in the UK uses Internet of Things applications and devices every day, whether they know it or not. These may range from wearable health devices to smart televisions or doorbell cams. The interconnectivity of the modern world naturally creates complexity, and complexity without doubt increases the chance of things going wrong. 

How do we provide the right insurance for the Internet of Things (IOT) companies?

When looking for insurance for IOT companies, how many insurance professionals or even insurers, really understand how the technology works?

While we are a specialist technology broker, we cannot profess to understand the ins and outs of your technology – that is your expertise. Where we believe we can add value is by asking the right questions. Asking the right questions is vital, so that you as an IOT company can accurately articulate and explain your technology and how it works to insurers. It’s crucial, if purchasing insurance, that your insurer understands your business so the policy responds as you expect if and when things go wrong. As well as asking the right questions that enable you to articulate your business, we also want to ask questions to understand your drivers and concerns regarding risk.  

Once we understand your concerns, a discussion can be had as to which policies may cover that risk and respond accordingly as required. 

What are the key risks for Internet of Things companies?


Our biggest concern is always data and privacy. 

IOT providers are somewhat different to other software providers, who may simply host data on a tenanted single server for each client. Internet of Things providers will assist with the transfer of data, from device to software application, and then one software application to another and another, so on and so forth. Data can migrate from one server, to the server of an interconnected application and it goes on and on. Some commentators suggest that data from a single device or data point could theoretically connect with thousands, if not millions of other devices and applications.  If this data is anonymised then arguably the risk is lower. If the data being collected in question is personal in nature (which is more than likely), the risk is greatly increased. Privacy laws are very strict in the UK and EU, and similar in North America too: Any IOT company must comply with the localised data privacy laws.

The interconnectivity of devices and applications naturally increases risk, as hackers have various points of attack. One vulnerability at a single point in the data chain can be exploited, meaning that data collected by your firm can be at risk of exploitation.


Closely linked to our thoughts on data is the matter of security and keeping the data secure. As an IOT provider, you need to understand when you are responsible for security, and when you are not. The interconnectivity requires you to keep a watchful eye. Any updates and patches to interconnected devices or applications can create backdoors for cyber criminals. This also leads on to our next concern; compatibility.


Software never stands still. As we’ve mentioned, updates to devices can often create compatibility issues with interconnected devices and applications. What happens if your health monitoring device is not connecting to the health application due to an update with the application or even an update to the operating system upon which that device runs?

We have had problems with our own websites where an update to one plugin has created an issue with an interconnected plug in. Where we are concerned, the impact was nominal, but for a health device the impact could potentially be the difference between life and death. 

The IOT has changed the way we all live, and most would argue it has changed life for the better. But our reliance on the IOT naturally creates risk, and that risk needs insuring. The most common risks concern data, security, failures (the technology not working as it should or as intended) and downtime (not working when company or person needs it to work). These risks can result in litigation. A professional defence against litigation is expensive. This risk and litigation can be insured, and that is where we can help.  

If you are an Internet of Things company and would like to discuss your requirements, Whinney Insurance Brokers would love to help. Please contact our office on 020 8659 5038 or email info@whinneyinsurance.co.uk.