IoT Security Background

The Internet of Things is here and is steadily gaining additional profile and credibility. With that comes a vastly complex IoT ecosystem. 51% of surveyed IT and business decision makers report that their organization uses IoT devices that have been created by a third party.

Quick jump to a question

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

Just over half (51%) of surveyed IT and business decision makers report that their organization uses IoT devices that have been created by a third party. Around three in ten use IoT devices that they create themselves (30%) or create software for use within or alongside IoT devices (28%) (sheet D4). These are amongst several other areas organizations have involvement with, showing the great variety of organizations that exist within the IoT ecosystem and suggesting that the different connections between each organization could be potentially complex.

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

According to almost all (98%) of the decision makers whose organization is an IoT enabler, providing manufacturing, software, services, applications or security for IoT, their organization is doing something differently as a result of more devices becoming IoT enabled. Around six in ten (57%) are increasing their IoT security offering and more than half are innovating new business models (54%) or increasing their range of products/services (54%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

On average, 11% of decision makers’ organizations’ IoT spend is on the security of their IoT products or services, but there is no predominant element of the IoT value chain that organizations are spending the most on.

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

IoT security spending for these organizations is split, on average, across securing the data (34%), securing the connectivity (29%), securing the device (23%) and securing the application access (14%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

Of decision makers whose organization uses IoT devices and spends on the security of their IoT products or services, a significant majority (95%) say that their organization encrypts at least some of the data that it captures or stores via IoT devices. However, fewer than three in five (57%) decision makers report that their organization encrypts all of this data, which is concerning as encrypting all IoT data should be the aim for every organization.

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

Furthermore, for those using encryption, this data is not always being encrypted at every point of its journey. Worryingly, the most common point of encryption is as soon as data is captured on the IoT device, which is only reported by around six in ten (62%) decision makers. Even fewer say that their organization is encrypting data when it leaves the IoT device (51%), when it reaches the IoT service provider (34%) or when it is in the cloud (25%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

It is a similar story when it comes to sending data via IoT devices, according to decision makers whose organization encrypts at least some of the data that they capture or store via IoT devices. Again, not all organizations are encrypting data as soon as it is captured on the IoT device (59%), when it leaves the IoT device (52%), when it reaches the IoT service provider (37%) or when it is in the cloud (25%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

Cloud service providers are most commonly reported by decision makers to be currently responsible for IoT data security as soon as it is captured on the IoT device (39%) and when it is in the cloud (42%). IoT service providers are most likely to currently be responsible when data leaves the IoT device (36%), when it reaches the IoT service provider (42%) and when the IoT device receives a software update (32%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

When it comes to who decision makers think should ideally be responsible for ensuring IoT data security, the same providers remain the most likely at the same stages. However, manufacturers of IoT enabled products increase to become equally likely for when data leaves the IoT device (34%) and when the device receives a software update (31%). IoT security specialists also become equally likely for when the device receives a software update (31%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

The fact that more than nine in ten (94%) decision makers report that there are challenges to their organization trying to secure IoT products or devices may contribute to the confusion over responsibility and lack of complete IoT security that we have seen amongst their organizations. The most common challenge reported by decision makers is the cost of IoT implementation being high (44%). Other challenges to organizations securing IoT products or devices include the large amounts of data that are being collected (39%), ensuring that software updates are secure (32%) and a lack of external guidance/regulation on how to make them secure (30%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

IoT security challenges are not exclusively felt by decision makers. The significant majority (93%) of consumers also think that there are challenges to trying to secure IoT products/services, including a lack of external guidance/regulation on how to do so (43%), it not being clear who is responsible (41%) and the large amounts of data being collected (41%).

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

Additionally, over four in five (84%) consumers agree that the amount of data being collected via IoT makes privacy a challenge.

Compare total results with

US
UK
France
Germany
BeNe
MiddleEast
India
Japan
Australia
Brazil
SouthAfrica
compare country

And a similar proportion (81%) of decision makers say that the amount of data being collected makes security a challenge.