Our research shows consumers are becoming increasingly concerned about cyberattacks on their smart home, healthcare, and fitness devices.
As consumers, we’re connecting more of our devices – from smart speakers and watches to thermostats and smoke detectors – and we’re using the data and insights they generate to improve the security and efficiency of our homes and to optimize our health or exercise regime.
The popularity of the devices may be explained by how easy they are to use and how well they fit into our lifestyle. For example, with a click of a button or touch on a screen, we can collect detailed information on our walk or run and we can analyze our route and performance later in an app. Or, in the home, we can automate our lighting, heating, or cooling so it switches on and off at set times. If we forget to change the settings before heading off on holiday we can do it remotely, so we don’t return to a hefty bill.
Protecting Consumer Devices from Cyberattacks
However, we could end up paying quite a high price for the smart features and convenience. There’s an increasing number of cyberattacks on consumer smart devices. A consumer organization in the UK recorded more than 12,000 attempts to compromise the products in its smart home in just one week.
We expect the number of attacks will continue to rise as we connect more technologies. As many of the devices gather sensitive data, or are used to make important decisions, an attack on an insecure product could put people’s privacy, security and even their identity at risk. Consider, for example, the implications of a security breach on a smart door lock or camera that gives hackers unauthorized access to a property.
This means that securing consumer devices is more important than ever before. As Sander Speek, Product Manager at Scalys stated in our recent PSA Certified 2023 Security Report: “Device security is the essential armor that protects our homes and enables cyber secure hybrid working, ensuring privacy, and preventing IP and data theft.”
If security isn’t built into the products people depend on and what they value is compromised, it will erode their trust in device manufacturers and in the IoT. That will then slow innovation within the industry and hinder growth.
Interoperability – An Opportunity or a Threat?
Improving the security of devices is also the only way to capitalize on one of its biggest successes – its ability to make products that are easy to use. As we move forward, many manufacturers must also ensure their devices work seamlessly with others’. Interoperability is essential to the industry’s continued growth and the respondents in the PSA Certified 2023 Security Report seem to agree. The report reveals that the consumer (74%), home security (77%), and smart speaker (74%) sectors were all more likely to say enabling device interoperability was a top three business priority compared with their counterparts in other industries (69%). However, most of our respondents (67%) are also cautious. They believe opening a service to potentially less secure third parties will enable bigger security threats.
Businesses are Stepping Up Their Security
Fortunately, businesses are increasing their focus on, and investment in, security. In fact, 75% of the leaders we surveyed for the report said security is more of a priority now than it was 12 months ago. However, we wanted to know why they are more concerned.
Forty-one percent of respondents said they were prioritizing security because they believe it protects them and their customers from hacks and ransom attacks. Almost as many (39%) told us that it was because security is now at the forefront of buyers’ minds.
Consumers Are Demanding More Secure IoT Devices
In fact, thirty-nine percent said security was a priority for their business because customers demand it. Shahram Mossayebi, CEO and Co-Founder of Crypto Quantique, states in our report: “The PSA Certified 2023 Security Report findings that consumers are increasingly aware of the importance of security in the IoT industry are encouraging and it mirrors our current engagements in the industry. At Crypto Quantique, we have seen a shift in the last 24 months from having to push our message of security by design to customers, to them contacting us asking for security by design. In 2023, security is considered an essential part of any IoT solution.”
When our survey respondents considered security from their own point of view, 70% said the value they place on security as a consumer has increased in the past 12 months, while almost two-thirds (65%) said they look for security credentials when they buy IoT products for themselves. Almost the same number of people (69%) said they would pay a premium for products that have security built in. The findings demonstrate that security is now recognized adding value to a device.
Compliance Also Drives Investment
Compliance with new standards, requirements, and regulations is also a key reason for security being at the top of a business’ list of priorities. Three-quarters of our survey respondents shared this view and said compliance was one of their top three concerns.
Regulations proposed by the European Union will affect most of the electronics industry if they operate in its member states. The proposed EU Cyber Resilience Act aims to protect the buyers of “products with digital elements” by making cybersecurity mandatory and put more information on the security of devices at people’s fingertips. The EU has also updated its Radio Equipment Directive (RED) to help ensure wireless devices are protected from cyberattacks.We’ve prepared a guide to the regulations and changes if you would like to learn more.
In the US, the proposed US Cyber Trust Mark will help address a major hurdle for consumers – knowing what a secure device looks like. Currently, there’s no consistent form of words, or a rating system or logo to assure people that a product has security at its heart. The voluntary Trust Mark scheme will rectify this and help people choose devices that have protection built-in.
Other guidelines and requirements are set out in EN 303 645, NIST 8259A and Californian State Law SB-327. Compliance with the relevant standards, requirements, and regulations is essential to avoid possible fines, legal action, or reputational damage but many companies, including those in the health monitoring sector, are working hard to get ahead of the current and emerging requirements and give themselves an advantage. Seventy-one percent of people we surveyed said they see security regulations as a positive move for the industry.
Building Consumers’ Trust in the IoT
Almost the same number (68%) of people who welcomed regulation also said they believe it will help build consumers’ trust. Security certification is yet another way to build buyers’ confidence in products. More than half (53%) of respondents said it’s a useful tool in proving the robustness of products to customers, which is a considerable increase on the 32% of people who felt that way the year before.
While there may be widespread agreement on the importance of security in earning people’s trust, for some, securing a connected device is still difficult, costly, and time consuming. The skills and expertise required can also be hard to access, especially for smaller firms.
To address this imbalance, easy-to-follow guidelines, pre-certified components, and external testing and validation are required. PSA Certified, a partnership of industry experts, is offering those resources and making security for connected devices quicker, easier, and more cost-effective to implement. The scheme leads designers, developers, and manufacturers through the process of securing a product, from analysis to compliance with regulations and finally to independent certification. It also offers free, standardized resources and access to trusted components.
However, building a more secure World for consumers will require the industry to do more. It must come together and answer important questions about security, privacy, interoperability, and the future of the technologies. Collaboration is crucial to securing the devices we’re manufacturing now and to establishing the foundation for tomorrow.
The Multiplier Effect
As our PSA Certified 2023 Security Report shows, there are more reasons than ever to invest in security. The increasing number of attacks on devices, consumers’ concerns about their privacy and security, and the emergence of new standards, requirements, and regulation means we can’t afford to not design security into products.
For more insight into the industry view on security for consumer devices, you can download our infographic.