Introduction to Consumer IoT Security

Skip to content

Consumers will benefit from the IoT but we must build trust in connected devices first.

We often refer to the potential of the Internet of Things (IoT) in terms of gains in efficiency or productivity but that may be understating its importance. In some cases, connected technologies will be game-changing or even lifesaving. Consider the transport of medical devices that could help improve people’s quality of life or the impact of using a connected security camera to protect your home remotely. The IoT is just beginning to have a direct effect on our lives. People are buying products to enhance their wellbeing and feeling of security or to optimize energy use and the automation of processes within their homes. Demand in this consumer market is increasing with more than 1.4 billion smart home products expected to be shipped in 2025 – up from just over 800 million last year.

The Consumer IoT Market

IoT for Good - climate change, vaccine delivery, air quality monitoring, smart energy
Healthcare - health monitoring, diagnostics, trackers, fall detection
Home automation - smart door locks, doorbells, cameras, alarms, smoke detectors
Security, smart locks, doorbells, cameras, alarms, smoke detectors

With huge opportunities in the consumer IoT market, device makers also find there are barriers to growth. In recent years, there have been reports of smart security cameras, baby monitors and even a car being hacked. That means people are increasingly informed and concerned about cybersecurity.

A study by research firm Parks Associates shows that poor security is slowing the adoption of smart home devices. A third of households surveyed said they do not have and do not intend to buy a smart home product because of privacy and security concerns.

Consumers are waking up to the reality of insecure devices with 1/3 of those who don’t own a smart home product, unwilling to buy one due to privacy and security concerns.

That highlights an opportunity for device makers that prioritize building-in product security and focus on consumer trust and confidence. As Peter Stephens from the UK’s Department for Digital, Culture, Media & Sport (DCMS) explained in a recent podcast, it is a misconception that consumers do not care about the security of their devices. “We did quite a lot of studies into this and … it’s one of the most important characteristics they look for,” he said.

The question many in the industry are now asking is if security is critical, who is responsible for it? DCMS’ recent research into people’s attitudes towards device security, particularly since the coronavirus pandemic, suggests the whole ecosystem needs to work together to build people’s trust. 84% of the consumers surveyed believed that companies in the supply chain should be responsible for checking and being aware of the cybersecurity features of a device before it goes on sale. 87% thought smart devices should have basic security features built-in as a way of protecting people’s privacy and security.

Peter Stephens, Head of Secure by Design Cybersecurity at DCMS, claims that consumers really do care about security, the issue is that they assume the device is safe because it’s for sale.

Device manufacturers will have to respond to consumers’ fears about embracing these technologies if they are to maximize the opportunities of the consumer IoT and improve people’s lives. So, what is standing in the way?

The Consumer Perspective of IoT Security

Can I Assume a Connected Home Product Is Secure Because It Is on Sale?

According to Peter Stephens, Head of Secure by Design Cybersecurity at DCMS, a common problem is that consumers assume a smart product is safe because it is on sale. Unfortunately, as we highlighted earlier, many examples demonstrate this is not the case. That means buyers are relying on manufacturers and retailers to do the right thing and the trust they are placing in them could be eroded if they are the victim of a cyberattack.

What Does a Secure Device Look Like?

Currently, there is no consistent information to inform consumers’ decision-making about the purchase of a connected device. There is no agreed form of wording, rating system or logo to point people in the direction of trustworthy products and this lack of clarity makes it hard for them to buy with confidence.

The business perspective on consumer IoT security is far more complex as device manufacturers face multiple challenges when implementing best practice IoT security.

The Business Perspective

How Do We Navigate the Standards for Access to Global Markets?

IoT product developers can be overwhelmed by the existing and emerging legislation, standards and baseline requirements that are being developed to protect consumers, especially as they ship products globally.

Security Is Complex, Requires Expertise and Is Time Consuming

All of this can make security feel complex and time-consuming, particularly if companies do not have access to dedicated security specialists. There are also concerns that difficulties in implementing the right security for a device will increase time to market. Research shows this can have a particularly large impact on smaller organizations.

Can the Costs of Security Outweigh the Benefits?

The costs of security are another worry for the ecosystem, as we know from the more than 600 decision-makers who responded to the PSA Certified 2021 Security Report. More than half (52%) said costs were a significant barrier to implementation. However, there are benefits, investing in security can also enable device makers to sell their products at a premium price, increase their top line, improve their bottom line, unlock new markets and even create new businesses. Our Security Report also highlighted the importance of security to this aspect of business – 93% of the organizations said it is likely to be a differentiator in the IoT marketplace.

We Need Data To Improve People’s Lives. How Do We Gather That Securely?

As well as thinking about the steps being taken to protect their sensitive data, consumers are also hesitant about how their personal details are being used. And yet, many still buy smart home devices because of the convenience and features. OEMs face the challenge of balancing consumers’ demand for better features and intelligence with their fears about trust and potential data breaches.

Andrew Glickman, Director of Strategic Development at the worldwide manufacturing services company, Jabil stated in a recent blog: “Unfortunately, many consumers have grown suspicious of the risks that come when they install smart light bulbs or change their smart thermostat settings to away. There is already a sense that their every digital move is being tracked and monetized.” 

Customers Are Looking for Assurance

Even if security is a priority for device makers, many realize consumers may not trust all the claims they make about their products without independent verification. Therefore, they are looking for a way to assure consumers their devices are secure.

An Ecosystem Standardizing IoT Security

To respond to these concerns, industry experts have developed PSA Certified, a common framework and assurance scheme that reduces the complexity of security and makes it simpler and more cost-effective to secure a consumer IoT device.

PSA Certified provides an ecosystem of products with independently certified security implementations. These create a foundation of security from the silicon through to the device level, enabling OEMs to leverage the efforts and expertise of silicon and software providers.

Building on a trusted foundation, streamlines the security at the device level, speeding the time-to-market and reducing the security overheads to build trust into the devices and instil trust in the data.