Gemalto survey confirms that Consumers lack confidence in IoT device security

Gemalto survey confirms that Consumers lack confidence in IoT device security

Businesses and consumers support government-mandated IoT security regulations

  • Most organizations (96%) and consumers (90%) believe there is a need for IoT security regulations – and want government involvement
  • A hacker controlling IoT devices is the most common concern for consumers (65%), while six in ten (60%) worry about their data being stolen
  • More than two-thirds (67%) of businesses encrypt all data captured or stored via IoT devices

Amsterdam, October 31, 2017 – Gemalto, the world leader in digital security, today reveal that 90% of consumers lack confidence in the security of Internet of Things (IoT) devices. This comes as more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security​.

​”It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, CTO, Data Protection at Gemalto. “With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

The current state of play in IoT security

Consumers’ main fear (cited by two thirds of respondents) is hackers taking control of their device. In fact, this was more of a concern than their data being leaked (60%) and hackers accessing their personal information (54%). Despite more than half (54%) of consumers owning an IoT device (on average two), just 14% believe that they are extremely knowledgeable when it comes to the security of these devices, showing education is needed among both consumers and businesses.

In terms of the level of investment in security, the survey found that IoT device manufacturers and service providers spend just 11% of their total IoT budget on securing their IoT devices. The study found that these companies do recognize the importance of protecting devices and the data they generate or transfer with 50% of companies adopting a security by design approach. Two-thirds (67%) of organizations report encryption as their main method of securing IoT assets with 62% encrypting the data as soon as it reaches their IoT device, while 59% as it leaves the device. Ninety two percent of companies also see an increase in sales or product usage after implementing IoT security measures.

Support for IoT security regulations gains traction

According to the survey, businesses are in favor of regulations to make it clear who is responsible for securing IoT devices and data at each stage of its journey (61%) and the implications of non- compliance (55%). In fact, almost every organization (96%) and consumer (90%) is looking for government-enforced IoT security regulation.

Lack of end-to-end capabilities leading to partnerships

Encouragingly, businesses are realizing that they need support in understanding IoT technology and are turning to partners to help, with cloud service providers (52%) and IoT service providers (50%) the favored options. When asked why, the top reason was a lack of expertise and skills (47%), followed by help in facilitating and speeding up their IoT deployment (46%).

While these partnerships may be benefiting businesses in adopting IoT, organizations admitted they don’t have complete control over the data that IoT products or services collect as it moves from partner to partner, potentially leaving it unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart continues. “Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

Related Resources

​​

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2016 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

From secure software to biometrics and encryption, our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 15,000+ employees operate out of 112 offices, 43 personalization and data centers, and 30 research and software development centers located in 48 countries.

For more information visit www.gemalto.com, or follow @gemalto on Twitter.

​​​​Gemalto media contacts

Philippe Benitez
Americas
+1 512 257 3869​
[email protected]​​​

​​Kristel Teyras
​Europe Middle East & Africa
+33 1 55 01 57 89
[email protected]

Shintaro Suzuki
Asia Pacific
+65 6317 8266​
[email protected]

​Find Gemalto’s Media Contacts in your region.