Introduction to Consumer IoT Security

Skip to content

Consumers will benefit from the IoT but we must build trust in connected devices first.

Before the coronavirus pandemic, many of us had embraced connected technologies but few of us depended on them. When they were the only way to stay connected to our colleagues, customers, healthcare professionals, and loved ones they became more important in our lives.

Now, an increasing number of people are buying Internet of Things (IoT) products to enhance their wellbeing, their feeling of security or to optimize energy use and automate processes within their homes.

The Consumer IoT Market

IoT for Good - climate change, vaccine delivery, air quality monitoring, smart energy
Healthcare - health monitoring, diagnostics, trackers, fall detection
Home automation - smart door locks, doorbells, cameras, alarms, smoke detectors
Security, smart locks, doorbells, cameras, alarms, smoke detectors

While digital transformation offers many benefits to consumers it also puts them at risk. When we survey more than 1,200 technology decision-makers in our annual PSA Certified Security Report, we find year-on-year that the consumers are growing increasingly more concerned about security. This means that buyers of connected products are increasingly aware when it comes to protecting their devices and data.

Fortunately, the buyers of IoT products are increasingly aware when it comes to protecting their devices and data. Peter Stephens from the UK’s Department for Digital, Culture, Media & Sport (DCMS) explained in the first series of our Beyond the Now podcast“… there is this narrative that consumers just don’t care about security,” he said. “We did quite a lot of studies into this … and consumers really do care … it’s one of the most important characteristics they look for.”

Our own research provides further evidence of this. Ninety percent of survey respondents said security had increased in importance in the past year. More than two-thirds (70%) thought people were actively choosing to buy connected devices that follow security best practice.

This highlights an opportunity for device makers that prioritize building-in product security and focus on consumer trust and confidence. However, several barriers must be overcome if we are to maximize the opportunities of the consumer IoT and improve people’s lives. So, what is standing in the way?

The Consumer Perspective of IoT Security

Many People Assume a Connected Home Product Is Secure Because It Is on Sale

Research conducted for DCMS highlights a common problem – people think a product is secure because it is on sale. Almost three-quarters (72%) of respondents to a survey about the labeling of IoT devices said they assume security has been built in ‘when the product comes to market’.

Unfortunately, there are many high-profile examples that demonstrate this is not always the case. That means buyers are relying on manufacturers and retailers to do the right thing and the trust they are placing in them could be eroded if they are the victim of a cyberattack.

Who Is Responsible for Securing IoT Devices?

Consumers may want peace of mind but who is responsible for providing it? A separate DCMS report into people’s attitudes towards device security, particularly since the coronavirus pandemic, suggests the whole ecosystem needs to work together to build people’s trust in the IoT. Eighty-four percent of the consumers surveyed believed companies in the supply chain should be responsible for checking and being aware of the cybersecurity features of a device before it goes on sale. Almost nine in 10 respondents (87%) thought smart devices should have basic security features built-in as a way of protecting people’s privacy and security.

So, what do technology decision-makers think? They also believe we all have a role in securing the IoT. More than half of consumer IoT survey respondents (58%) said individual companies should show initiative and protect consumers from vulnerabilities.

What Does a Secure Device Look Like?

How do consumers know what products have security built-in? Currently, there is no consistent information to inform their decision-making. While individual governments are coming up with some solutions, there is no agreed form of wording, rating system, or logo to point people in the direction of trustworthy products and this lack of clarity makes it hard for them to buy with confidence.

As an industry, we must get better at communicating with customers about security in a way that is easy to understand, and we’re proud that the PSA Certified ecosystem are taking proactive steps to do that.

Consumer IoT Security: The Business Perspective

Navigating Security Standards to Access Global Markets

In many regions, governments and standards organizations are stepping in to protect consumers from insecure products and to offer guidance to device makers on basic security requirements. However, meeting all standards, requirements, and regulations can be challenging, especially if a device maker ships products globally.

Security Is Complex, Requires Expertise and Is Time Consuming

All of this can also make security feel complex and time-consuming, particularly if companies do not have access to dedicated security specialists. Our yearly PSA Certified Security Report finds that companies are not completely satisfied with the level of security expertise and the World Economic Forum estimates that there is a gap of more than 3 million security experts worldwide. This exacerbates concerns that difficulties in implementing the right security for a device will increase time to market- something that is particularly true for smaller organizations.

The Cost Paradox

As more consumers value security an increasing number of technology leaders are also realizing its benefits. Respondents in our yearly survey tell us year-on-year that security positively affects their company’s bottom line.

It means the costs of insecurity are starting to outweigh the costs of investing in appropriate protection, and yet, our Security Report also shows the cost of implementing security is still one of the reasons many IoT product developers overlook it. Their challenges include the costs of security expertise and independent testing and certification.

Assuring Consumers Their Devices Are Secure

Even if security is a priority, many developers of IoT products realize consumers may not trust the claims they make about their products without third-party verification.

Independent verification also enables manufacturers to build their products on secure and trusted components.

Unlocking the Potential of the Consumer IoT Through Collective Action and a Common Language

To help device makers overcome the challenges of securing a connected device, a global partnership of security experts has developed the PSA Certified IoT security framework and independent certification scheme. The framework is designed to democratize security – it helps companies build their devices on industry best practice, comply with worldwide regulations, and leverage the expertise within the wider ecosystem. Importantly, it also makes securing an IoT device quicker, easier and more cost-effective and establishes a common language so we all understand what ‘best practice’ means in the context of the IoT.

However, this is just the first step toward realizing the potential of the consumer IoT. The most significant shift will be determined by our collective action. We all have a part to play in building people’s trust in our devices and the data they gather and establishing a firm foundation for our digital future.