IoT devices risk reversing progress on cybersecurity

Outlook

The global consumer market for connected devices is proliferating -- and with it, regulatory and consumer awareness of cybersecurity risks associated with the Internet of Things (IoT). Regulatory responses are belated, uneven and in many cases voluntary: the EU and UK governments, notably, hope market incentives will push industry to create products that are safe, secure and private by design to inspire consumer confidence.

Even if this works in some regions, security of the global ecosystem of IoT devices will be deeply uneven. Unlike the smartphone and laptop markets that are dominated by a few large technology firms, IoT devices ranging from ‘smart fridges’ to ‘smart vacuum cleaners’ are manufactured by multiple firms of unequal quality whose complex supply chains prioritise affordability over security. Unsecure IoT devices put individuals, organisations and national critical infrastructure at risk.

Impacts

• The regulation-lite approach of the current federal US administration is expanding the country’s cybersecurity vulnerability.
• Regulatory compliance by industry will not guarantee security unless governments impose robust security standards.
• The balance between acceptable security risk and affordability will be difficult and contested.
• Even countries that tighten cybersecurity rules are likely to struggle to contain the market for unsecure but cheap IoT devices.