As more and more connected devices are deployed, countless new business opportunities will be unlocked. However, the current insecurity of IoT devices means that risks will also rise. With increasing demand from consumers, governments and the wider IoT industry for a universal baseline of requirements, independent IoT security certification has never been more important.
The Risks Are Rising
The high level of insecure devices being deployed around the world is giving hackers more opportunities than ever before: on average there are 5,400 attacks per month on IoT devices, with 7 million data records compromised daily. As these risks continue to rise and threaten consumer confidence, the electronics industry needs to act today to protect society tomorrow. Certification is fundamental to building trust in connected devices: 84% of tech decision makers value the role of certification and its independent measure of conformance to best practice.
per month on average targeted at IoT devices
The Cost of Inaction is Huge
Despite 52% of OEMs citing the cost of security as a main barrier to improving it, the cost of inaction remains far greater. The average cost of a successful IoT device attack is more than $330,000 and it’s estimated that by 2025 cybercrime damages will total $10 trillion. However, the damage is not limited to finances, it can ripple through the entire company: reputational damage tarnishes the brand, while restoration and investigations put a massive strain on resources. Industry-led frameworks alleviate the up-front costs of security across the value chain, while certification schemes can help provide documented assurance against these risks.
anticipated cybercrime damages by 2025
Consumers Expect Security
As new hacks continue to make the headlines every week, consumers are waking up to the realities of an insecure world and are starting to expect that security is built into every product. Nearly a third of those who don’t own a smart device will not buy one due to security concerns and more than half of consumers across markets don’t trust that IoT devices protect their privacy or handle their data respectfully. This lack of confidence impacts adoption rates, delaying the deployment of IoT and digital transformation. Certification highlights your commitment to security, acting as a differentiator.
Governments Are Taking Action
Across all geographies new standards, requirements and regulations are being released by governments to address concerns about the threat of insecure devices. 48% of OEMs view the fragmentation of standards and regulations as a top challenge when implementing IoT security however, the fundamental security requirements are largely aligned. Certification schemes show implementation of best practice security and can offer alignment to different requirements, unifying them under a common set of guidelines that provides clarity in the market and drives consistency across the industry.
Save Time on Security
Security is non-negotiable, so it’s increasingly important that we lower the barriers with a standardized security framework based on a common set of requirements. Reusable and consumable certifications ensure that each member of the value chain can be sure of the security of different components they’re implementing. Device manufacturers can take certified components and build them into their devices knowing they can trust them. Only having to concentrate on the security requirements of your individual product speeds time-to-market and allows you to focus on product differentiation.
Protect Your Reputation
The complexity and insecurity of the IoT makes it hard for insurers to model risk, breakdown liability and provide the warranties the electronics industry needs to fully embrace digital transformation. An agreed approach to security provides consistency and helps combat these challenges. Standardized security components, such as a Root of Trust, are a crucial aspect of this. Uniformity helps build confidence in connected devices and demonstrates to insurers that the risk of a cyberattack has been reduced. Certification provides expert guidance and an audit trail of compliance, easily demonstrating to insurers your commitment to security.
Collaborate With the Ecosystem
Despite 71% of tech decision makers stating they are on track with security, only 52% of companies use external lab testing to measure their security. This is worrying as we cannot ensure the security implementations of a product are robust enough. Security evaluation laboratories bring a wealth of knowledge and experience, helping them to identify both known and unknown security vulnerabilities in your product. Third party evaluation provides an objective measurement of a product’s integrity and assurance that the product conforms to security best practice, as well as new and emerging laws. Certification based on independent evaluation reduces the risk of you deploying an insecure product and can help build trust with consumers, regulators and insurers.
Demonstrate Best Practice Security
A common security language that the entire value chain can work towards helps ease security implementation, while reusable and consumable certifications encourage industry collaboration. Certification demonstrates that you have successfully implemented security best practice, passed independent security assessment and provides recognition of your investment- allowing customers, cyber-security insurers and regulatory bodies to easily identify the security credentials of your product. With growing industry adoption, PSA Certified is uniting the ecosystem under a common language, revolutionizing IoT security for all stakeholders in the IoT industry.
: Symantec Internet Security Threat Report
: 2019 Official Annual Cybercrime Report