The research also found more than two-thirds of consumers and almost 80% of organisations support government involvement in IoT security.
The biggest fear, expressed by 66% of consumer respondents, is hackers taking control of their Internet-connected devices. This was a greater concern than data being leaked (60%) and hackers accessing personal information (54%).
Gemalto's research also found that while 54% of consumers own at least one IoT device — in fact, an average of two — only 14% believed they were extremely knowledgeable when it came to the security of these devices.
“With legislation like GDPR (General Data Protection Regulation) showing that governments are beginning to recognise the threats and long-lasting damage cyber attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”
The survey found businesses are in favour of regulations, stating they wanted government to identify with clarity who is responsible for securing IoT devices and data at each point in its journey (61%) and the implications of non-compliance (55%).
Of consumers and businesses surveyed, Gemalto found an almost unanimous response when it comes to government-enforced IoT security regulation with 96% of organisations and 90% of consumers looking for this.
Businesses have identified they require support when it comes to understanding and implementing IoT technology, turning to cloud service providers (52%) and IoT service providers (50%). The reasons for this are a lack of internal expertise and skills (47%), and to help facilitate and speed up their IoT deployment (46%).
However, despite these partnerships aiding the adoption and deployment of IoT devices, organisations acknowledged they felt they did not have complete control over the data their IoT products or services collected as it moved from partner to partner, leaving the organisation itself exposed.
“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart said. “Within this ecosystem, there are four groups involved — consumers, manufacturers, cloud service providers and third parties — all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach.
"Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”
Gemalto's research also found IoT device manufacturers and service providers spend 11% of their total IoT budget on securing these devices. Half these companies stated they had a security-by-design approach. 67% reported encryption as their primary means to secure IoT assets, with 62% encrypting data as soon as it reached the device, and 59% as soon as it leaves the device.
Ninety-two percent of IoT-related companies said they saw an increase in sales or product usage after implementing security measures.
Gemalto commissioned independent technology market research specialist Vanson Bourne to conduct the research. A total of 1050 IT and business decision-makers and 10,500 consumers were interviewed in July 2017, via online and telephone methodology. Decision maker respondents were from organisations in any sector, but with a minimum of 250 employees.
The results can be found online in an interactive infographic, both aggregated and by country of response.