GlobalData predicts the Internet of Things (IoT) to be a $1 trillion market in the next three years, and enterprise IoT will account for 73% of this market revenue by 2024. The range of devices connected to the internet will grow to include smart wearables, household appliances, connected vehicles, production machinery, and urban infrastructure rather than just laptops and mobiles. But the current IoT ecosystems lack robust security practices and regulations.
The 2021 Verizon annual survey of 856 professionals shows this trend and the negative perception around IoT security, which stated 45% of the surveyed organizations have agreed to compromise their security practices involving mobile/IoT devices during 2021. Worryingly, the share of IoT respondents that think these devices are of less interest to hackers than other systems grew from 26% in 2020 to 30% in 2021.
GlobalData believes the IoT needs to be more secure. Unstructured and fragmented regulations are one of the major roadblocks for broader IoT adoption (be it in consumer or enterprise IoT). Fears around data privacy are widespread.
Current IoT solutions rarely contain adequate anti-tampering measures or comply with all applicable data protection standards and regulations designed to prevent unauthorized access to sensitive data. Failure to embed trust in connected devices may lead to costly and disastrous consequences such as identity theft, industrial espionage, ransomware attacks, or fatal accidents involving autonomous vehicles.
There are three major factors affecting IoT security:
Lack of IoT regulations
There is no unified global IoT security standard spanning all segments of the IoT market, from device to network to data to application. Though some regulatory initiatives are underway (like the US IoT Cybersecurity Improvement Act and the EU’s General Data Protection Regulation), they are very fragmented and do not address concerns around IoT as a whole.
Lack of embedded features
The main challenge for organizations trying to address IoT security is that many devices have weak or even no security controls. Under fierce commercial pressures, IoT device manufacturers often prioritize the performance and price factor over device security. Similarly, IoT adopters often overlook IoT security consideration in favour of cost. As per the 2021 Verizon annual survey, approximately 40% of the respondents preferred ‘expediency’ over IoT security, and more than 30% put profitability ahead of IoT security.
Lack of manufacturer concern over data privacy
IoT devices can be very intrusive into our personal lives; smartphones track our location, smartwatches track our health, and security cameras provide surveillance on our families. Data breaches such as the Amazon Ring camera breach can be devastating. Moreover, many manufacturers do not have transparent policies to explain how they use personal data. As per the 2021 Verizon annual survey, 91% of IoT respondents said they are collecting personal information, and 22% of those were not encrypting it. The survey also states those who compromise IoT security are likely to suffer the consequences 1.5 times more than others. Over half (53%) said that the consequences were major.
Security perceptions need to change
With the ever-increasing number of connected devices, all the stakeholders, including IoT device manufacturers, service providers, and adopters, must change their perception around IoT security from something nice to have to a must-have.
GlobalData is optimistic about this transition. As per Globaldata’s ‘Emerging Technology Trends Survey’ of more than 1,700 senior executives worldwide, 51% perceived cybersecurity (including IoT security) as a key tool for improving efficiency and new business development over the next three years.