Introduction to Consumer IoT Security

Skip to content

Consumers will benefit from the IoT but we must build trust in connected devices first.

Before the coronavirus pandemic, many of us had embraced connected technologies but few of us depended on them. When they were the only way to stay connected to our colleagues, customers, healthcare professionals, and loved ones they became more important in our lives.

Now, an increasing number of people are buying Internet of Things (IoT) products to enhance their wellbeing, their feeling of security or to optimize energy use and automate processes within their homes. Demand in this consumer market is increasing with more than 1.4 billion smart home products expected to be shipped in 2025 – up from just over 800 million in 2020.

The Consumer IoT Market

IoT for Good - climate change, vaccine delivery, air quality monitoring, smart energy
Healthcare - health monitoring, diagnostics, trackers, fall detection
Home automation - smart door locks, doorbells, cameras, alarms, smoke detectors
Security, smart locks, doorbells, cameras, alarms, smoke detectors

While digital transformation offers many benefits to consumers it also puts them at risk. Recently, we asked more than 1,000 technology decision-makers for their insight into the issues affecting the IoT industry as part of our PSA Certified 2022 Security Report. More than one-third of respondents to our survey believed distributed working and the pandemic increased the likelihood of IoT attacks. Seventeen percent had been targeted by hackers themselves.

Fortunately, the buyers of IoT products are increasingly aware when it comes to protecting their devices and data. Peter Stephens from the UK’s Department for Digital, Culture, Media & Sport (DCMS) explained in the first series of our Beyond the Now podcast“… there is this narrative that consumers just don’t care about security,” he said. “We did quite a lot of studies into this … and consumers really do care … it’s one of the most important characteristics they look for.”

Our own research provides further evidence of this. Ninety percent of survey respondents said security had increased in importance in the past year. More than two-thirds (70%) thought people were actively choosing to buy connected devices that follow security best practice.

This highlights an opportunity for device makers that prioritize building-in product security and focus on consumer trust and confidence. However, several barriers must be overcome if we are to maximize the opportunities of the consumer IoT and improve people’s lives. So, what is standing in the way?

The Consumer Perspective of IoT Security

Many People Assume a Connected Home Product Is Secure Because It Is on Sale

Research conducted for DCMS highlights a common problem – people think a product is secure because it is on sale. Almost three-quarters (72%) of respondents to a survey about the labeling of IoT devices said they assume security has been built in ‘when the product comes to market’.

Unfortunately, there are many high-profile examples that demonstrate this is not always the case. That means buyers are relying on manufacturers and retailers to do the right thing and the trust they are placing in them could be eroded if they are the victim of a cyberattack.

Who Is Responsible for Securing IoT Devices?

Consumers may want peace of mind but who is responsible for providing it? A separate DCMS report into people’s attitudes towards device security, particularly since the coronavirus pandemic, suggests the whole ecosystem needs to work together to build people’s trust in the IoT. Eighty-four percent of the consumers surveyed believed companies in the supply chain should be responsible for checking and being aware of the cybersecurity features of a device before it goes on sale. Almost nine in 10 respondents (87%) thought smart devices should have basic security features built-in as a way of protecting people’s privacy and security.

So, what do technology decision-makers think? They also believe we all have a role in securing the IoT. More than half of consumer IoT survey respondents (58%) said individual companies should show initiative and protect consumers from vulnerabilities.

What Does a Secure Device Look Like?

How do consumers know what products have security built-in? Currently, there is no consistent information to inform their decision-making. There is no agreed form of wording, rating system, or logo to point people in the direction of trustworthy products and this lack of clarity makes it hard for them to buy with confidence.

In fact, 83% of our survey respondents said they look for specific security credentials when they are buying IoT devices for themselves, and almost as many (76%) do so when they are buying for their company. However, more than two-thirds (68%) admitted they do not know what to look for in the latter case.

As an industry, we must get better at communicating with customers about security in a way that is easy to understand.

Consumer IoT Security: The Business Perspective

Navigating Security Standards to Access Global Markets

In many regions, governments and standards organizations are stepping in to protect consumers from insecure products and to offer guidance to device makers on basic security requirements. However, meeting all standards, requirements, and regulations can be challenging, especially if a device maker ships products globally.

Security Is Complex, Requires Expertise and Is Time Consuming

All of this can also make security feel complex and time-consuming, particularly if companies do not have access to dedicated security specialists. Just 31% of companies are very satisfied with the level of security expertise within their company and the World Economic Forum estimates that there is a gap of more than 3 million security experts worldwide. This exacerbates concerns that difficulties in implementing the right security for a device will increase time to market- something that is particularly true for smaller organizations.

The Cost Paradox

As more consumers value security an increasing number of technology leaders are also realizing its benefits. Almost all respondents to our survey (96%) said securing their IoT products positively affects their company’s bottom line. More specifically, many (52%) said people are more likely to trust their company, and therefore, buy their products. Others (30%) reported being able to charge more for their devices because they are secure.

It means the costs of insecurity are starting to outweigh the costs of investing in appropriate protection, and yet, our Security Report also shows the cost of implementing security is still one of the reasons many IoT product developers overlook it. Their challenges include the costs of security expertise and independent testing and certification.

Assuring Consumers Their Devices Are Secure

Even if security is a priority, many developers of IoT products realize consumers may not trust the claims they make about their products without third-party verification. Independent verification also enables manufacturers to build their products on secure and trusted components. 95% of people who responded to our survey agreed– they said security certification was at least somewhat valuable to ensuring a secure IoT.

Unlocking the Potential of the Consumer IoT Through Collective Action and a Common Language

To help device makers overcome the challenges of securing a connected device, a global partnership of security experts has developed the PSA Certified IoT security framework and independent certification scheme. The framework is designed to democratize security – it helps companies build their devices on industry best practice, comply with worldwide regulations, and leverage the expertise within the wider ecosystem. Importantly, it also makes securing an IoT device quicker, easier and more cost-effective and establishes a common language so we all understand what ‘best practice’ means in the context of the IoT.

However, this is just the first step toward realizing the potential of the consumer IoT. The most significant shift will be determined by our collective action. We all have a part to play in building people’s trust in our devices and the data they gather and establishing a firm foundation for our digital future.

A Partnership of Solutions

The PSA Certified partners are building the future of the IoT, creating innovative solutions that their customers can trust.

PSA Certified 2022 Security Report

Get IoT security insights from over 1000 tech decision-makers in our latest security report.

Read more
Read more

Partner Spotlight

Explore their solutions and learn how you can join the ecosystem creating a digitally transformed world.

Read more
Read more

Listen to the UK DCMS

Hear from the UK Department for Digital, Culture, Media & Sport as they joined us to discuss the role of regulation…

Read more
Read more

Listen to ioXt

IoXT talk about how they’re helping to defragment IoT security and talk about their consumer-focused program

Read more
Read more

Listen to Dr Sally Eaves

We explore how IoT can be used for good as we navigate how COVID-19 has changed the world.

Read more
Read more

Understanding IoT Device Developers Challenges

Sequitur Labs share security considerations for a connected security camera and why a holistic software solution is key

Read more
Read more

In Conversation With.. Nordic Semiconductor

Nordic Semiconductor talk about the importance of security for health monitoring and the role of partnerships to build in this security

Read more
Read more