To address cybercrime vulnerabilities, the UK Government is introducing new legislation to protect consumers from insecure connected products such as smart televisions, home security and smartphones.

The consumer IoT market is estimated to be worth over $50bn in 2021, with a CAGR of 15.2% by 2025. With this level of growth and influx of consumer connected devices covering smart televisions, connected smart home devices, consumer wearables and smart phones, increased cybersecurity vulnerabilities will exist in digitally connected consumer technologies.

In GlobalData’s view this has been further exacerbated by the void of defined standards and legislation with which manufacturers of devices in the IoT value chain can adhere to. This contrasts with B2B connected devices where there are clearer defined digital eco-systems and points of demarcation with respect to cybersecurity that has been influenced and developed through networking and cybersecurity standards defined by cybersecurity vendors and network providers.

For consumer IoT, Internet-connected products with universal default passwords are particularly open to vulnerabilities, with irregular password updates and inadequate security measures and polices in place.

This has resulted in several malicious actors posing security breaches to devices and central networks. Some examples of recent consumer IoT data breaches include Amazon’s Ring home camera security breach giving cyber criminals access to connected home devices, and Nortek Security & Control Access Control System breach for connected homes.

More buy in by manufacturers is needed

To tackle security vulnerabilities in consumer IoT there needs to be more buy-in by manufacturers in complying to defined security standards as well as legislation, and enforcement by governments in ensuring manufacturers and players in the value chain comply to standards before IoT devices can operate in country consumer settings.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

To address IoT vulnerabilities and implement appropriate legislation, the UK Government in paving the way by ensuring consumers are protected with their IoT devices. Ultimately, introduction of the new UK legislation will hold manufacturers and players selling Internet-connected devices to account for security vulnerabilities and safeguard consumer privacy and safety from cyber criminals.

The UK Government’s recent April 2021 announcement builds up on its 2018 published Cod of Practice which set out the security principles that manufacturers and key stake holders need to adhere to. Additionally, international efforts by the UK Government have involved persuading other States to follow a similar course. One of the by-products of this was the introduction of the European Standards EN 303-645 on connected product security being introduced.

What is UK Government key legislative position?

Ultimately, the UK Government’s intervention will ensure that manufacturers of products that do not meet the minimum baseline of security measures are not made available to UK consumers.

The desired outcome of the government’s intervention in this space is that the range of harms that can arise from vulnerable consumer connected products are minimised. In practical terms the UK Government through its work with the National Cyber Security Centre and industry experts has compiled twelve key policy areas supporting its new legislation. Examples of these include defining products in scope and ones that are exempt. Included are devices like smartphones, connected cameras/TVs/speakers, wearable devices, and connected home automation and alarm systems.

However, excluded are categories like second-hand products with lack of direct business connection with the manufacturer, and operational industrial connected devices. Additionally, compliance to security requirements will follow two key paths. These cover compliance to the Code of Practice for Consumer IoT Security and ETSI European Standard (EN) 303-645, and/or designated relevant standards that can be as the UK government states be implemented in lieu of the security requirements in the legislation.

The UK Government’s new legislation will certainly pave the way for manufacturers and suppliers to be accountable in ensuring appropriate security measures are in place on their devices before they are introduced to the UK market.

However, the ever-changing complex IoT eco-system, new devices and methods of access will require the UK Government to continuously enforce innovative legislative measures to provide adequate protection to consumers