A Cybersecurity ‘Glitch’ in the Growing Telematics Insurance Trend


VP Innovation

September 11, 2018

Telematics is transforming the insurance industry

The connected car ecosystem is cultivating another growing trend of telematics-based insurance, which promises to create a boom for the automotive insurance industry. This trend, also known as usage-based insurance (UBI), behavior-based insurance, or per-per-mile or pay-as-you-drive, is becoming one of the fastest growing segments in the automotive insurance industry, with the number of active policies expected to hit 100 million globally by 2020 and 142 million by 2023.

Riding on the wings of the connected car momentum and consumer demand for higher value services, telematics-based insurance offers drivers personalized insurance premiums, based on driver behavior and lifestyle. UBI is based on a foundation established by insurers, that see driver behavior as a leading indicator for risk projection, more accurate than traditional risk variables such as age, postcode, gender, or vehicle type.

A new customized approach to telematics insurance

This new approach for risk indicators has led to the emergence of new insurance models: usage-based insurance (UBI) and behavior-based insurance. The first model offers an insurance premium according to the number of trips and miles driven and is based on the assumption that the less time a driver spends on the road, the less likely it is for an accident to occur. The second model is based on the driver’s behavior, and the insurance premium is measured based on distance traveled, speed, number of brake scenarios, how quickly the driver brakes or accelerates, weather conditions, and time of day most drives take place at.

UBI and behavior-based insurance are  only the beginning. Insurance companies now provide dedicated programs based on even more customized factors: programs for low-mileage drivers such as Metromile, day-time driver programs such as Progressive, specialized programs for commercial fleet drivers such as those offered by Liberty Mutual, new  driver programs such as Nationwide, or tailored programs for teen drivers such as  Travelers.

Whichever the model, insurance telematics provides today’s drivers with reduced costs and value added services:

  • Real-time monitoring of the driver’s habits on the road poses an incentive for safer, smarter and more responsible driving.
  • Cost savings. According to Metromile, 65% of drivers pay higher premiums to subsidize the minority that drive the most. Personalized mileage-based insurance programs (UBI) enable a fairer model for low-mileage drivers. As for safer drivers- they can now enjoy lower premiums thanks to the behavior-based insurance models available today.
  • Saves trips to the mechanic, due to optional services such as health status reporting and alerts, often a part of the insurer’s offering.

Does it really work, and is there a catch?

Telematics-based insurance programs typically capture and process driving data based on a “tracker” either in a hard-wired aftermarket black box (most popular in Europe), a small self-installed plug-in (most common in the U.S.) that fits into the vehicle’s onboard diagnostics port (OBD-ǁ dongle), or based on a mobile app that requires placing the driver’s smartphone in the car.

In each of these options, the data is being collected and sent back to the insurer’s servers, or the TSP (Telematics Service Provider) that runs these servers for the insurer, in order to assess the risk and help calculate the cost of insurance premiums for each driver. This technology is what ultimately results in more personalized insurance rates- it also presents insurers with the challenge faced by every stakeholder in the connected car ecosystem – an exposure to cybersecurity attacks on the enterprise and its customers.

Insurance companies providing telematics-based insurance programs should be aware of three primary risks when connecting to the telematics data:


  1. Cyber attacks on the insurance company’s customers. Once drivers connect their vehicles to the internet and enable a connection between the insurance company and their vehicle, they are in effect exposing their vehicles to hackers. OBD-ll dongles  provide potential breach points for hackers to remotely exploit and cause damage such as remote vehicle control (e.g. cutting the car’s brakes), car theft, data privacy breaches, and more.
  2. Cyber attacks on the company’s cloud and OT infrastructure. The telematics servers receiving the data from the OBD-II dongles can be a target to cyber threats, as hackers can exploit flaws to gain access to the backend systems and launch remote attacks, potentially on entire vehicle fleets.
  3. Cyber attacks on the company’s IT network. In case of no proper network segmentation, an attack on the insurance company’s OT network (in this case the telematics servers) can use lateral movement to attack the IT network as well.

Protecting the company and its customers – a key business and marketing priority for telematics insurers

In a reality where insurers are expected to embrace telematics technology in order to improve their offering and create long-term relationships with their consumers, they need to add one vital component to maximize their offering – Automotive Cybersecurity.

A centralized cloud-based automotive cybersecurity solution monitoring the entire data traffic between the connected vehicle, the telematics servers and other service components, ensures complete visibility into potential breaches, and provides real-time alerts on any anomalous behaviors across the connected car value chain. Situated at the demarcation point between the operational network (OT) and information network (IT), this type of cybersecurity solution is the only one capable of ensuring comprehensive protection of the company and its customers.

Without it, no matter how great the customer experience is or how low the insurance premiums are – the enterprise brand will always be at risk. A single attack on consumer vehicles or the company’s networks can cause irreparable reputational and financial damage, not to mention risking the safety and privacy of consumers. In other words, the risk is simply too great.

Every insurance telematics should come equipped with a proven, comprehensive automotive cybersecurity solution to protect both the insurer and its customers.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more

With Its Second Milestone Coming Soon, the Impact of UNECE R155 Continues to Expand

The UNECE WP.29 R155 regulation is rapidly evolving, reflecting the automotive industry’s commitment to addressing cybersecurity risks across an increasingly connected and technologically advanced mobility…

Read more