- 69% of decision makers in the connected device ecosystem are currently placing more importance on security as a result of AI
- 85% believe that security concerns will drive more AI use cases to happen at the edge
- But security fundamentals are still being missed and 78% of technology decision makers believe they still need to do more to prepare for AI given the rise of edge technology
Cambridge, UK — 15th August 2024: The growth of AI is driving an increased focus on security and more use cases to happen at the edge, according to new research from PSA Certified. But with two-thirds (68%) of technology decision makers raising concerns that rapid advances in AI risk outpacing the industry’s ability to secure products, devices and services, the acceleration in AI needs to be matched by the same acceleration in security investment and best practice to ensure trusted AI deployment.
A major factor impacting the need for greater AI security is edge technology. With the ability to process, analyze and store data at the edge of the network, or on the device itself, edge devices have efficiency, security and privacy advantages over a centralized cloud-based location. This could be why 85% of device manufacturers (OEMs), design manufacturers (ODMs), SIPs, software vendors and other technology decision makers believe that security concerns will drive more AI use cases to happen at the edge. But in this push for added efficiency, the security of edge devices has become even more crucial and organizations will need to double down on securing and protecting their devices and AI models in order to meet the demands of deploying AI at scale.
Addressing the AI security lag
Security matters across the supply chain, whether you’re a deployer of services, a device vendor or a consumer of those services. Indeed, the survey of 1,260 global technology decision-makers found that security has increased as a priority in the last 12 months for three quarters (73%) of respondents, with 69% now placing more impetus on security as a result of AI.
However, despite AI’s promise to catalyze the importance being placed on security, there is an AI-security lag that needs to be closed if its full potential is to be realized.
Only half (50%) of those surveyed believe they are currently investing enough in security and a significant proportion are neglecting to prioritize important security foundations, like security certification, that underpin best practice. Just over half (54%) are currently using externally validated security certifications, independent third-party testing / evaluation on products (48%) or threat analysis / threat modeling (51%) as a means to improve the security robustness of their products and services. These easy-to-implement security fundamentals should be foundational as organizations seek to build consumer trust in AI driven services.
David Maidment, Senior Director, Market Strategy, at Arm (a PSA Certified co-founder): “There is an important interconnect between AI and security: one doesn’t scale without the other. While AI is a huge opportunity, its proliferation also offers that same opportunity to bad actors. It’s more imperative than ever that those in the connected device ecosystem don’t skip best practice security in the hunt for AI features. The entire value chain needs to take collective responsibility and ensure that consumer trust in AI driven services is maintained. The good news is that the industry recognizes the need to prepare, and the criticality of prioritizing security investment to future-proof systems against new attack methods and rising security threats linked to rapid adoption of edge AI.”
AI and security: net positive but both must scale together
With four in five (80%) of respondents claiming security built into products is a driver of the bottom line, there’s a commercial as well as a reputational benefit to continued security investment. The same proportion (80%) also agree that compliance with security regulation is now a top priority, up by 6% from those listing it as a top three priority in 2023 (74%).
With edge AI booming alongside an exponential increase in AI inference, the result is an unprecedented amount of personal data being processed on the billions of individual endpoint devices, with each one needing to be secured. To secure edge devices and maintain compliance with emerging cybersecurity regulation, stakeholders in the connected device ecosystem must play their part in creating a secure edge AI life cycle that includes the secure deployment of the device and the secure management of the trusted AI models that are deployed at the edge.
Despite some concerns that rapid advances in AI are outpacing the industry’s ability to secure products, devices and services (68%), organizations broadly feel poised to capitalize on the AI opportunity and are buoyant about the ability for security to keep pace. 67% believe their organization is well-equipped to manage the potential security risks associated with an upsurge in AI. More decision makers are also placing importance on increasing the security of their products and services (46%) than increasing the AI readiness (39%) of their products and services, recognising the importance of scaling security and AI in step.
But with a majority of respondents (78%) also agreeing they need to do more to prepare for AI, and concerns around security risks remaining prevalent, security must remain a central pillar of technology strategy. Improving and scaling security in an era of interoperability and edge AI requires established standards, certification and trusted hardware all businesses can rely on. By embedding security-by-design, organizations can guarantee a benchmark of best practice that will help to protect them against risk both today and in the future.
Maidment ends: “Those looking to unleash the full potential of AI must ensure they are taking the right steps to mitigate potential security risks. As stakeholders in the connected device ecosystem rapidly embrace a new set of AI-enabled use cases, it’s crucial that they do not simply forge ahead with AI regardless of security implications. Instead, security must be implemented from the ground up, and mapped across the complete value chain in order to embed best practice at scale and keep pace with evolving security risks.”
Notes to editors
The core findings in this report were drawn from a survey conducted among 1,260 technology decision makers and consultants in North America (Canada and US), Europe (Denmark, France, Germany, Italy, Netherlands, Norway, Sweden, UK) and APAC (China, India, Japan, Korea, Taiwan). The interviews were conducted online in April 2024 using an email invitation and an online survey.
Country of Residence:
- United States & Canada: 300
- Europe: 470
- APAC: 390
Audience:
- Potential Certification Holders*: 61%
- Ecosystem**: 39%
* Potential Certification holders are those building devices (e.g. SIPs, OEMs and software vendors)
** Ecosystem are those in the supporting industry, such as insurers
RoleType:
- 34% of respondents held Founder/C-suite/Executive level positions
- 24% of respondents held Director/Vice President level positions
- 42% of respondents held Manager level positions
Size of Company:
- 1 to 249 of employees: 35% of respondents
- 250 to 999 of employees: 31% of respondents
- 1,000 to 9,999 of employees: 26% of respondents
- 10,000+ of employees: 7% of respondents
About PSA Certified
PSA Certified is a global partnership of security-conscious companies who are proactively building security best practices into devices at scale. Our security framework and independent third-party evaluation scheme was originally spearheaded by Arm and six other security ecosystem leaders (and now maintained by Applus+ Laboratories, CAICT, ECSEC Laboratory, ProvenRun, Riscure, SGS Brightsight, Serma, TrustCB, and UL) providing the resources needed to build upon the Root of Trust.
PSA Certified has scaled to become one of the fastest growing, most valued security ecosystems, globally. Being awarded ‘Ecosystem of the Year’ in the IoT Global Awards 2021 is testament to the role it has played in uniting industry, standards bodies, regulators and insurers together under one initiative. In doing so it’s accelerating the cross-industry collaboration required to untap the full potential of the IoT.
With over 200 certifications from over 90 partners, PSA Certified has democratized the adoption of security across the electronics industry, giving the ecosystem the confidence to innovate, while protecting consumers from the most common hacks.
Find out more: psacertified.org
Contact
Stephanie Smith
Director, Head of Technology Strategy Product Marketing, Arm
PSA Certified Marketing Sub-Group Chair