Lloyd's has issued a report following a study into the emerging drone industry and highlights what it sees as the five fundamental risk that may harm growth in the drone industry and the requirements that specialist drone insurers are likely to require. Two of the five risks identified are (i) vulnerability to cyber attack; and (ii) privacy infringement.
According to the report, most civilian drones rely on unencrypted data links for control and navigation. This makes drones especially vulnerable to cyber attack. Researchers have highlighted the ease with which drones can succumb to a cyber attack. It is understood that a community of drone hackers is already out there. The report suggests that cyber attacks have not yet been a major factor in insurers' assessment of drone risks but is likely to become increasingly important.
As we have previously reported, the ICO's CCTV Code of Practice now has a section on the use of drones which identifies that drones have a high potential for collateral intrusion due to inadvertent filming of individuals and, as such, drone operators should perform robust privacy impact assessments in respect of any drone use. The Lloyd's report suggests that performing privacy impact assessments and compliance with the DPA is likely to be a requirement for insureds requiring cover against privacy breaches resulting from the use of drones.
As an aside, the ICO has published a guidance page on its website for members of the public using drones. The page provides some practical tips on how to use drones responsibly such as considering your surroundings before starting to film and taking a common sense approach to sharing images. The page is available here
A copy of the Lloyd's report is available here
What action could be taken to manage risks that may arise from this development?
This report should be considered in forming any drone and cyber strategy that companies wish to institute