Thursday, 02 November 2017 00:14

9 in 10 lack confidence in IoT security, want government regulation, Gemalto finds


Digital security provider Gemalto released research this week that claimed 90% of consumers lack confidence in the security of Internet of Things devices.

The research also found more than two-thirds of consumers and almost 80% of organisations support government involvement in IoT security.

The biggest fear, expressed by 66% of consumer respondents, is hackers taking control of their Internet-connected devices. This was a greater concern than data being leaked (60%) and hackers accessing personal information (54%).

Gemalto's research also found that while 54% of consumers own at least one IoT device — in fact, an average of two — only 14% believed they were extremely knowledgeable when it came to the security of these devices.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, chief technology officer, Data Protection at Gemalto.

“With legislation like GDPR (General Data Protection Regulation) showing that governments are beginning to recognise the threats and long-lasting damage cyber attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

The survey found businesses are in favour of regulations, stating they wanted government to identify with clarity who is responsible for securing IoT devices and data at each point in its journey (61%) and the implications of non-compliance (55%).

Of consumers and businesses surveyed, Gemalto found an almost unanimous response when it comes to government-enforced IoT security regulation with 96% of organisations and 90% of consumers looking for this.

Businesses have identified they require support when it comes to understanding and implementing IoT technology, turning to cloud service providers (52%) and IoT service providers (50%). The reasons for this are a lack of internal expertise and skills (47%), and to help facilitate and speed up their IoT deployment (46%).

However, despite these partnerships aiding the adoption and deployment of IoT devices, organisations acknowledged they felt they did not have complete control over the data their IoT products or services collected as it moved from partner to partner, leaving the organisation itself exposed.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart said. “Within this ecosystem, there are four groups involved — consumers, manufacturers, cloud service providers and third parties — all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach.

"Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

Gemalto's research also found IoT device manufacturers and service providers spend 11% of their total IoT budget on securing these devices. Half these companies stated they had a security-by-design approach. 67% reported encryption as their primary means to secure IoT assets, with 62% encrypting data as soon as it reached the device, and 59% as soon as it leaves the device.

Ninety-two percent of IoT-related companies said they saw an increase in sales or product usage after implementing security measures.

Gemalto commissioned independent technology market research specialist Vanson Bourne to conduct the research. A total of 1050 IT and business decision-makers and 10,500 consumers were interviewed in July 2017, via online and telephone methodology. Decision maker respondents were from organisations in any sector, but with a minimum of 250 employees.

The results can be found online in an interactive infographic, both aggregated and by country of response.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments