This week’s question comes from Dan.
If you want an answer to your insurance questions, just answer this e email and look for a reply in a future e email.
Have there been credible data on electric vehicles hacked by a cyber attack? If so, how often does this occur and with the increase in EVs in business and personal use, how much a concern should this be for both consumers and insurance companies? If one of these is attacked and compromised and the striker does something terrible with the vehicle, who should be held responsible? The owner not to install a more robust security system to prevent such an attack or the manufacturer for not giving it from the start?
Let’s see if we can take this apart one piece by piece and come up with some good answers.
Have there been credible data on electric vehicles hacked by a cyber attack? If so, how often does this occur and with the increase in EVs in business and personal use, how much a concern should this be for both consumers and insurance companies?
So far, we don’t see any credible data showing EVs being hacked. There are stories all over the Internet whose headlines show that they are, but a quick reading of the first few paragraphs shows that these articles are about scientists or security specialists who hack EVs to test their vulnerabilities.
So no. There doesn’t seem to be any real hacking going on right now, but that doesn’t mean it’s not possible. Of course, everything that could go wrong must at least be a little interesting to insurance companies.
If one of these is attacked and compromised and the striker does something terrible with the vehicle, who should be held responsible? The owner not to install a more robust security system to prevent such an attack or the manufacturer for not giving it from the start?
Here is the heart of the question. If something happens, who is to be held responsible? Let’s look at two responsibilities that can generally apply.
All of this is related to the concept of negligence, which requires four elements to show that someone was negligent.
· A duty caused by others.
· A violation of this duty.
· The violation was the closest cause to damage.
· The damage resulted in compensation.
Some unknown units hacked into the vehicle, took control of it and drove it into a building and caused bodily damage and property damage. In a sentence we have established damage, which would certainly result in damage. The damage is the body damage and material damage. The damage is the financial effects of the damage, including medical bills, pain and suffering, repair of property and loss of the use of the property.
But was there a duty caused by others, and if there was, was there also a violation of this duty that caused the damage? These are the questions that need to be answered before we can assess any responsibility against the vehicle owner.
Would the vehicle owner have a duty to secure their vehicles against hacking? It depends. If the EV manufacturer, the owner in some way or another informs that there is a security update to be installed and the owner fails to allow the update to be installed and the hackers are taking advantage of this vulnerability, it appears to be a breach of the duty to take reasonable steps to protect EV from hacking. This duty of duty would almost certainly be the closest cause of the damage.
However, if the hack was due to an unknown vulnerability, we need to look away from the vehicle owner to the manufacturer. It seems very unlikely that a court would have a vehicle owner responsible for a problem she did not know or not reasonably expected to know about. It is potentially responsible for the vehicle manufacturer or the company that developed the vehicle’s operating system.
In this case, we may consider the theory of strict responsibility where the manufacturer proves to be responsible, simply because there is a failure in the product that causes damage. In this case, although the manufacturer was not aware of the vulnerability used to hack into the vehicle, the existence of vulnerability is enough to keep them responsible.
Of course, it’s all in theory because we don’t have an actual case ahead of us, but you already knew it, just as you knew I am neither a lawyer nor a requirement that is professional, so these are my opinions based on the parameters of the question that has been made. Any actual claims will be handled based on the requirements of the requirement.
Topics
Cyber
Interested in Cyber?
Get automatic alarms on this topic.
