The vast proliferation of the Internet of Things (IoT) over the past few years has led to mounting concerns by consumers about the security and privacy of those devices. Many consumers, despite owning one or more of these connected devices, remain wary about IoT security and privacy issues. That’s the big takeaway from a new report from The Internet Society, which surveyed consumers around the world in order to better understand how they feel about the amount of data being collected about them by these devices, as well as the security measures that manufacturers and retailers are taking to protect them.
Key findings on IoT security and privacy
The Internet Society, in partnership with Consumers International (a global membership organization for more than 200 consumer groups), asked consumers in Australia, Canada, France, Japan, the UK and the United States for their opinions on key IoT security and privacy issues. These were then compiled into a report (“The Trust Opportunity: Exploring Consumers’ Attitudes to the IoT”) that highlights consumer attitudes to the vast range of connected IoT objects in their daily lives.
The primary focus of the report was everyday connected devices, including fitness monitors, connected toys, home assistants and gaming consoles. For the purposes of the report, connected devices did not include tablets, mobile phones or laptops. As the report found out, 69% of participants in the survey owned at least one connected device. The most popular IoT devices connected to the Internet included gaming consoles, home appliances and fitness monitors.
When asked about the amount of personal data being collected by smart devices, 63% described the data collection process as “creepy.” This is a key factor to keep in mind for both retailers and manufacturers. At one time, consumers might have picked up connected toys for their kids – but now they find these types of devices “creepy” because they are silently recording data about their kids’ behavior and then feeding this data into the Big Data ecosystem.
At the same time, 53% of consumers distrust connected devices to protect their privacy and handle information in a responsible manner. No doubt, this is due to the constant barrage of articles in the media detailing new attack vectors and cyber security risks (e.g. massive botnets leading to denial of service attacks), not to the mention the fast-and-loose approach that many IoT vendors take to data collection. Some personal data – such as the information collected by connected medical devices – is simply too sensitive to be shared with third party data brokers. The same is true of data being collected by connected devices hooked up to home security systems. The goal of these devices should be to collect data on what’s going on outside of the home (i.e. a burglar trying to break in through a window), rather than what’s going on inside the home (i.e. conversations in the bedroom).
In terms of IoT security and privacy, one particularly stunning result concerned the sheer amount of distrust that consumers have about IoT devices. Despite the ubiquity of these devices, consumers remain wary about the way their data is being used. Data collection seems to be a big focus of these devices for IoT device manufacturers, but data protection is not. In fact, The Internet Society found that 75% of consumers are significantly concerned about the way data is being used by other organizations without their permission.
Implications of the report on consumer attitudes to IoT devices
As this report on IoT security and privacy makes clear, there are important implications from the largely negative view that consumers have about the IoT. For one, manufacturer and retailers need to be doing a better job of ensuring that Internet of Things devices sold to consumers are vetted for how data is collected and transmitted. In the UK, for example, there is growing momentum for a mandatory labeling scheme that would require all IoT devices come with a warning label describing how and why data is being collected.
If retailers and manufacturers are not able to resolve all of the IoT security and privacy issues, it could lead to stalling momentum for this still nascent industry. For example, the report found that 28% of people who do not already own a connected device would be deterred from buying a smart device in the future, based on their fears about IoT security and privacy.
Here, it is worth remembering the early days of e-commerce on the Internet. The first e-commerce sites were plagued by concerns that hackers were going to get their hands on credit card and payment information. That led to the development of security certificates and other “proof” that a website was safe to use. That same type of “proof” might now be needed for connected devices. Otherwise, consumers will continue to worry about all the bad things that could happen when they use these devices.
Restoring trust in the IoT
So who should be taking the lead in helping to resolve all of these IoT security and privacy issues? When asked this question by The Internet Society, 88% of respondents said regulators, followed by manufacturers (81%) and retailers (80%). Thus, as much as the government might be able to step in and regulate changes, it will also take the active buy-in of manufacturers and retailers to push forward safety initiatives related to IoT security and privacy.
The one silver lining of the report is what the report authors call “the trust opportunity.” This is the opportunity for manufacturers to use IoT security and privacy as a source of competitive advantage in the marketplace. In other words, if they can take real steps to show that they are designing IoT security and privacy directly into their devices from the outset, consumers will view them as being more trustworthy and will be more likely to purchase their devices.
Internet Society and Consumers International report says 53% of consumers distrust #IoT to protect their #privacy and handle data in a responsible manner.
Click to Tweet
Going forward, there seems to be a direct correlation between consumer awareness of IoT security and privacy issues and the amount of regulation in the marketplace. Thus, it is almost inevitable that more regulation related to the IoT will be coming soon.