Iot Security Report
Iot Security Report
Iot Security Report
Powered by
Is it time for government-
mandated IoT regulations?
The rise of IoT is driving increasing concern about consumers. A whole host of devices are being IoT
the threat of cyber attacks at home and work. This enabled, from cars to kettles and lights to locks –
trend has sparked a security concern across the you name it, it’s becoming IoT ready. As a result,
globe with companies and consumers as smart consumers have more to consider when
devices like baby monitors, smart speakers, smart purchasing household items and security can
watches or thermostats potentially provide a often be the deciding factor.
gateway into users’ home or workplace networks. However, it’s no secret that there can be challenges in
securing IoT devices. More devices being IoT enabled
The pace of change and technological advancements means a more complex IoT ecosystem. In addition,
are increasing. More and more organizations are more data is being collected than ever before and this
connecting through IoT and monetizing IoT can be data is being stored in various places, but with no clear
a key factor between a business being successful regulation or direction on how this should work. This
and being left behind. It’s also bigger than ever for means that the IoT journey is not always
2
an easy one - but it could be. This is the right time
for intervention. If governments can set regulations All respondents were interviewed using a rigorous
then faith can be restored and built into the security multi-level screening process to ensure that only
of the IoT ecosystem. After all, which other suitable candidates were given the opportunity to
revolutionary technologies are left unregulated? In participate.
addition, organizations need to invest in IoT
This research identifies the following:
partnerships, particularly with security in mind.
>>The current state of the IoT ecosystem
Consumer confidence is likely to define an
>>How technology and security influence IoT
organization’s success in the IoT world, with
>>The partnerships forged between organizations
security playing a huge part in that. >>Whether there should be IoT government
regulations
Now is the time for organizations and regulatory >>Consumers’ perception of IoT
bodies to act. Many organizations are already
utilizing IoT, but with a lack of clear direction. If
organizations do not secure their devices, their undertake the research upon which this report
competitors will. Those who do not risk losing their is based.
competitive advantage, customers and financial
gains. Ultimately, it could see them becoming a A total of 1,050 IT and business decision makers and
dinosaur in a digital age, ceasing to exist. 10,500 consumers were interviewed in July 2017, via
online and telephone methodology. Decision maker
Scope of research (methodology) respondents were from organizations in any sector,
Gemalto commissioned independent technology but with a minimum of 250 employees. Respondents
market research specialist Vanson Bourne to were within the following countries:
Countries surveyed
Netherlands
Belgium
UK
Germany
US France
Japan
Saudi Arabia
India
UAE
Brazil
IoT Devices - Please consider IoT devices throughout this report as any internet-connected object able to collect and exchange data, and that can be monitored
and/or controlled from a remote location. Examples of IoT devices include smart watches (e.g. Apple Watch, Fitbit, etc.), in-house heating systems (e.g. Hive etc.),
smart speakers (e.g. Amazon Echo, Google Home), security systems (e.g. IP camera, connected alarm panel etc.), home comforts (e.g. smart lighting, smart garden
irrigation, etc.), connected cars, drones etc.
3
Key findings
90% %
of consumers own an average
of four IoT devices, but only
54 14% believe that they are
knowledgeable on IoT device
security
%
96 of consumers are concerned
Only Only
% %
57 61%
33
of businesses believe they
of businesses encrypt all of of businesses feel IoT
have complete control over the
the data that they capture or regulations should include
data that their IoT products/
store via IoT devices who is responsible for
services collects as it moves
securing data at each
from partner to partner,
stage of the journey
potentially leaving data
unprotected at some stages of
its journey
4
Background to IoT
The internet of things (IoT) is here. IoT is a technology trend that is gaining in profile and credibility and with
that comes a vastly complex IoT ecosystem. Just over half (51%) of surveyed IT and business decision
makers report that their organization uses IoT devices that have been created by a third party. Around three
in ten use IoT devices that they create themselves (30%) or create software for use within or alongside IoT
devices (28%). More and more organizations are connecting with IoT in an attempt to steal a competitive
advantage and prevent themselves falling behind. Organizations can now work alongside one another in
many different ways, making for an extremely unique and diverse ecosystem.
But, it is not too late for organizations to connect with the IoT
world. Nine in ten (90%) decision makers think that IoT will be The longetivity of IoT
around for the long term and that it will become even more
common in the future. This feeling is slightly less evident “Which of the following best describes
(69%) among consumer respondents. The difference in your opinion of IoT?”
opinion could be due to a lack of awareness and exposure
that consumers have had with IoT. Decision makers are more 90%
likely to have had the opportunity to monetize IoT in the 69%
workplace and see the benefits that can be reaped. IoT will be around for the long term and will become more common
8%
19%
With the increase in complexity and size of the IoT IoT will be around for the long term, but will not become
more common
ecosystem, it is perhaps no surprise to see that the vast
1%
majority (94%) of decision makers, whose organization uses
12%
IoT, state that their organization is doing something
IoT will only be around for the short term
differently as a result of more devices becoming IoT
enabled. The most likely changes are to improve IT and business decision Consumers makers
communication channels internally (58%) and externally
(49%), suggesting that communication can be improved
Split by respondent type, asked to all respondents (1,050 decision maker
through the use of these devices. In addition, most (98%)
respondents and 10,500 consumer respondents)
IoT enablers are also making changes. Increasing their IoT
security offering is the most common (57%) change,
highlighting the importance of security within the IoT
ecosystem.
5
Introducing IoT security
Effective IoT platforms need to be built on a secure foundation. On average, 11% of decision makers’
organizations’ IoT spend is on the security of their IoT products or services. But, of those who are spending
on IoT security, fewer than three in five (57%) decision makers report that their organization encrypts all of
their IoT data. This is just not good enough. Organizations should be utilizing encryption to provide
persistent protection of IoT data at all critical points of the IoT ecosystem.
IoT security is often deemed as complicated and insufficient. data effectively, and absorbing huge financial cost. No
More than nine in ten decision makers (94%) and consumers small ask.
with IoT knowledge (93%) feel that there are challenges when
trying to secure IoT products/ services. Decision makers most Additionally, over four in five (84%) consumers agree that
commonly cite the cost of implementation (44%) and large the amount of data being collected via IoT makes privacy
amounts of data being collected (39%) as challenges, while a challenge and a similar proportion (81%) of decision
consumers frequently state that the lack of external guidance makers say the same for security. With more
(43%) and a lack of clarity over who is responsible (41%) are organizations connecting to the IoT environment and the
challenges. If organizations are to successfully monetize their ecosystem becoming ever more complex, these
IoT offering then they will need to work alongside consumers challenges are only going to increase in stature.
to ensure that they feel comfortable and confident in the Organizations need to ensure that they have the right
security of their devices, while harnessing resources, security systems, and knowledge and
guidance in place to be successful in this digital era.
“What challenges does your organization “What challenges do you think are present
see with trying to secure IoT products/ when trying to secure IoT products/
services?” services?”
44% 43%
The cost of implementation is high Lack of external guidance / regulation
39% 41%
Large amounts of data is being collected It is not clear who is responsible
32% 41%
Ensuring software updates are secure Large amounts of data is being collected
30% 39%
Lack of external guidance / regulation Ensuring software updates are secure
28% 39%
Data is stored in various locations The cost of implementing security is high
26% 33%
Data is stored in various locations
It is not clear who is responsible
21% 29%
We don't know how to evaluate threats I don't know how to evaluate security threats
19% 18%
Can't find an integrated 'plug-and-play' solution I have a lack of knowledge of how to do so
13% 17%
Lack of internal knowledge of how to do so I can't find a solution which is 'plug-and-play'
12% 15%
Not sure how to manage new devices I'm not sure how to manage new devices
5% 8%
I wouldn't know where to start
There are no challenges
1% 2%
There are no challenges
Don't know
5%
Don't know
Asked to all decision maker respondents (1,050 respondents)
Asked to consumer respondents who have some IoT security
knowledge (6,729 respondents)
6
Security preferences
Given the challenges that IoT security can introduce, perception of IoT security is likely to vary and is often
negative. But, IoT security does also have positive impacts on organizations. A significant minority of
decision makers believe that IoT security is a secure foundation to offer new services (32%), a revenue
driver (18%) or a means of improving customer experience (15%). Organizations must be able to see a long
term goal that can be achieved through a secure IoT platform. A partnership alongside an IoT security
specialist then becomes an obvious port of call.
50%
secure IoT platform. No, but it should be No, and it should not be
Don't know
7
Advanced technologies
are becoming more
accessible and common
than ever before
The use of expert tools and technologies are fundamental to a have the technologies in place that they desire, but this could
secure IoT platform. Encryption (67%) and password be improved further. Advanced technologies are becoming
protection (63%) are the most commonly used IoT security more accessible and common than ever before; organizations
technologies in decision makers’ organizations currently and should be adopting them before they fall behind their
are also seen as being the ideal ones (encryption (56%), competitors or face a severe data breach, as so many have
password protection (52%). There is also a significant already.
proportion of respondents who believe that two-factor
authentication (38%) and biometrics (35%) are the ideal
security technologies. Organizations tend to
Analysis of decision maker respondents whose organization currently uses to secure its IoT
data/services/devices compared to ideal use.
67%
63%
56%
52%
38%
35%
35% 35% 30% 28% 30% 31% 24%
33% 27% 29% 28% 27%
25% 20% 13% 2% 3%
0% 3%
9%
8
Consumer impact on security
Justifying spend on security can often be difficult. But, that shouldn’t be the case. Almost all (97%) decision
makers, whose organization is an IoT enabler, think that security is a consideration for their customers
when they are using their IoT products/offerings. Slightly fewer (82%) consumer respondents do say that
security is a personal consideration when using an IoT product. The vast majority of both respondent types
see security as important, which should go some way to justifying that investment. However, nine in ten
(90%) consumers expect IoT security to come as standard, rather than as something that they would have
to look into or consider themselves. This can leave a dangerous gap in the security of their devices.
Ultimately, leaving devices unsecured can lead to consumers facing theft of personal information, banking
details or identity fraud.
2%
6%
46%
46%
9
IoT Partnerships
To maximize the potential of IoT, partnerships between organizations are vital. Almost all (95%) decision
makers say that their organization partners with other organizations regarding IoT. These organizations
partner with three other vendors, on average. Around half partner with cloud service providers (52%) or IoT
service providers (50%), while nearly a third (31%) partner with IoT security specialists. Partnerships are
most likely to be formed due to the partners having IoT skills/knowledge that organizations do not have
(47%) and to facilitate and speed up IoT deployment (46%). Using partnerships can increase the complexity
of the IoT ecosystem. But, for many, a partnership with a recognized IoT security specialist could pave the
way for organizations to monetize their IoT solutions.
10
Partnerships are most likely to
be formed due to partners
having IoT skills/knowledge
that organizations do not have.
11
Government regulations and impact
Regulations are a huge part of modern life, particularly in the world of technology. Why should IoT be any
different? The vast majority of decision maker (96%) and consumer (90%) respondents state that there
should be IoT security regulations. In addition, a large majority of both decision makers (79%) and
consumers (72%) agree that government intervention is important to IoT security. On the whole,
guidelines and regulations would be welcomed into the IoT ecosystem. If consumer confidence in IoT
security can be improved through regulations, then this will continue to drive IoT adoption and offer a huge
opportunity to organizations; all they need to do is take that opportunity.
5%
5%
Yes, but we wouldn't actually want them
2%
2%
No, there is no need for regulations
2%
8%
Don't know
12
The consumer world of IoT
Thinking specifically about consumer respondents, more than half (54%) own an IoT device and they own
two IoT devices, on average. There is evidently a consumer market for IoT devices; however, only just over
one in ten (14%) consumers perceive themselves as being extremely knowledgeable about IoT device
security. Poor IoT security can have huge implications across modern life. With so many everyday consumer
devices becoming IoT enabled, a security gap in one could lead to an entire IoT ecosystem crashing down.
13
Organizations and governments can
no longer afford to neglect IoT security
Consumers want more, expect more and need more. Dynamic changes in technology are creating seismic shifts
in the way that organizations operate. In addition, digital consumers are becoming increasingly empowered with
an increase in technology at their fingertips. This all leads to a complex ecosystem within the technology world.
Organizations need to be able to connect with technology, and each other, to ensure that they keep pace in this
digital era.
In particular, the utilization of IoT can be the key to The IoT ecosystem is complex and the journey can be long.
unlocking the door between organizations and a successful But, the optimization of IoT could be best seen through
and prosperous future. IoT is here to stay. It can enable organizational partnerships. Achieving consumer confidence
organizations to securely offer new services, become a could be best seen through partnerships with an experienced
revenue driver in itself and improve customer experience. IoT security specialist.
All being reasons to pursue an IoT journey.
IoT is not going away and the sooner organizations can offer
Are there challenges to adopting IoT? Yes, of course. It’s a secure platform the better. Organizations need to see the
no secret that IoT can divide opinion, with security being a warning signs and act upon them – IoT related breaches can
key reason for some initial skepticism. But, there are ways be excruciatingly costly. And let’s not forget the consumer.
to overcome these reservations, with mandatory regulations With the number of IoT devices becoming available, security
being one of them. is becoming a differentiator for them. So, can organizations
afford to neglect IoT security any longer?
Organizations must commit to their IoT journey to harness
its full power. Investment in IoT security will be needed in
order to do this and must continue to happen.
Understandably, consumers can be concerned over the
security of their devices and data. For most, it’s a
consideration when choosing which devices to use and it
can be a vital selling point for organizations.
14
Organizations must commit
to their IoT journey to
harness its full power and
investment in IoT security will
be needed in order to do this.
15
©Gemalto 2017. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. (EN)-19Oct2017 - Design: DB
About Gemalto IoT Security
Gemalto offers one of the most complete portfolios of IoT security solutions in the world,
enabling its customers to enjoy industry-leading protection of digital identities, transactions,
payments, and data – from the edge to the core. Gemalto’s portfolio of Device and Data
Protection solutions enable enterprises across many verticals, including major financial institutions
and governments, to take a end-to-end approach to security by utilizing innovative encryption
methods, best-in-class crypto management techniques, and strong authentication and identity
management solutions to protect what matters, where it matters. Through these solutions, Gemalto
helps organizations achieve compliance with stringent data privacy regulations and ensure that
sensitive corporate assets, customer information, and digital transactions are safe from exposure and
manipulation in order to protect customer trust in an increasingly digital world.
Powered by