As cost and expertise remain key barriers to scaling IoT security, new report calls for increased industry collaboration to speed adoption
Cambridge, UK — 22 February, 2022: The PSA Certified 2022 Security Report predicts that this year will mark a turning point in securing the Internet of Things, as the industry collectively commits to addressing the historic lag between the rate of digital transformation and the speed of securing the ecosystem.
The annual barometer of industry perceptions and intentions around IoT security, now in its second year, surveyed 1,038 technology decision makers across Europe, USA, and APAC, and signals a positive turning point for security with organizations placing it at the center of IoT strategy and organizational culture. 90% of respondents have increased the importance placed on security in the past 12 months, almost 9 in 10 deem security in their top three business priorities and 42% of those rank building a ‘security-first culture’ as their top organizational priority.
The study indicates that increased consumer expectations and growing cyber risk are largely driving the change. Debunking the myth that consumers are purely driven by product features and price, a majority (83%) of respondents state they look for specific security credentials when buying connected products. Over a third of companies believe distributed working has increased the likelihood of an IoT hack and one in five respondents work for companies that had been victims of hacks due to vulnerabilities in third-party products or services.
Security positively impacts the bottom line but expertise remains a barrier
Not only is a security-first culture deemed critical to protecting businesses against cyber-risk, it’s also recognized as a driver of commercial value. Nearly all (96%) tech decision makers say that having security in their products positively impacts the bottom line, with nearly seven in ten citing they can charge a premium for built-in security.
Over half of respondents believe IoT security implementation makes people more likely to trust their products, four in ten claim that it helps them differentiate their product, enabling them to sell and ship in larger volumes.
Despite almost universal acceptance that IoT security commands a premium, nearly a third of those asked identified cost as inhibiting them from implementing stronger security, while perceived expense and a lack of ROI were the biggest barriers to conducting external lab testing. Only 31% of technology decision makers feel “very satisfied” with their level of security expertise in-house and ‘a lack of security specialists’ ranked in the top three barriers to IoT security.
“IoT security has moved well beyond the stage of early adopters and the direction of travel is clear: security is foundational, not optional,” said David Maidment, senior director, Secure Devices Ecosystem at Arm (a PSA Certified co-founder). “This report is an important reminder that security must be integrated into every device, process, company and culture if we are to take advantage of its potential as an enabler of digital transformation – and that continued industry collaboration around security best practice is critical to driving this forward.”
Guidance, education and certification will unlock IoT potential
The desire for guidance is higher than ever: 96% say they would be interested in an industry-led set of guidelines on IoT best practices – a considerably higher finding than the 84% in 2021. Security frameworks and step by step guides were ranked as the most useful tools for deploying secure products to market, underlining the criticality of education and support in shaping a more secure IoT.
The findings from the report also point to the need for a common language around security. Three quarters of respondents look for specific security credentials when buying on behalf of their company, but 68% admit that they don’t know which to look for.
With over half of respondents admitting that internal validation is relied upon to certify security implementations (59%), third-party certification will provide a clear marker of security across the value chain and 95% agree that it can be somewhat valuable to securing the IoT. More importantly, nearly a third of respondents claim customers and end users are demanding it, 34% find it benefits reputation, and 39% think it improves product security.
Maidment continues: “Security concerns represent the biggest perceived risk to successful digital transformation according to our research. Yet, the cost of IoT insecurity remains higher than it’s ever been. As we reach a positive turning point for IoT security, best practice guidelines, a common language around security and the use of trusted components will help streamline costs and further level the security playing field in 2022.”
Read the full PSA Certified 2022 Security Report here.
About PSA Certified
PSA Certified is a global partnership of security-conscious companies that are proactively building security best practices into devices at scale. Our security framework and independent third-party evaluation scheme was originally spearheaded by Arm, CAICT, ProvenRun, Riscure, SGS Brightsight, TrustCB, and UL. Today, the original founders alongside new members, Applus+ Laboratories and ECSEC Laboratory, are providing the resources needed to build a security by design scheme that starts with the Root of Trust and is aligned to cybersecurity requirements of USA, Europe and China.
PSA Certified has scaled to become one of the fastest growing, most valued security ecosystems, globally. Being awarded ‘Ecosystem of the Year’ in the IoT Global Awards 2021 is a testament to the role it has played and will continue to play, in uniting industry, standards bodies, regulators and insurers together under one initiative. In doing so it’s accelerating the cross-industry collaboration required to untap the full potential of the IoT. With nearly 100 certifications from over 50 partners, PSA Certified has democratized the adoption of security across the electronics industry, giving the ecosystem the confidence to innovate, while protecting consumers, businesses and service providers from the most common hacks.
About the Research
The core of the findings in this report were conducted among 1038 technology decision makers and consultants in the US, Europe (UK, France, Germany, Italy, Sweden, Denmark, and Norway) and APAC (China, Taiwan, Korea, Japan).
Most interviews (1014) were conducted by Sapio Research in November 2021 using an email invitation and online survey. The remaining interviews (24) were reached out to by Arm over email and social media.