In an increasingly breach-shy, but connected world, 90% ofconsumers lack confidence in Internet of Things security; and sometwo-thirds of consumers and almost 80% of organizations supportgovernment-set IoT guidelines.

Amsterdam-based digital-security firm Gemalto revealed in areport, “The State of IoT Security” that both consumers andbusinesses have serious concerns around IoT security and little confidence that IoTservice providers and device manufacturers can protect IoT devicesand more importantly the integrity of the data created, stored andtransmitted by these devices.”

“With legislation like GDPR showing that governments arebeginning to recognize the threats and long-lasting damagecyberattacks can have on everyday lives, they now need to step upwhen it comes to IoT security. Until there is confidence in IoTamongst businesses and consumers, it won't see mainstreamadoption,” Jason Hart, CTO, Data Protection at Gemalto said.

Key Findings:

• Most organizations (96%) and consumers (90%) believe there isa need for IoT security regulations, and want governmentinvolvement.

• A hacker controlling IoT devices is the most common concernfor consumers (65%), while six in ten (60%) worry about theft oftheir data.

• More than two-thirds (67%) of businesses encrypt all datacaptured or stored via IoT devices.

Consumers' main fear (cited by two thirds of respondents) ishackers taking control of their device. this was more concerningthan leaked data (60%) and hackers accessing their personalinformation (54%). Despite 54% of consumers owning an IoT device (on average two), just 14% believethat they are extremely knowledgeable when it comes to the securityof these devices.

In terms of the level of investment in security, the surveyfound that IoT device manufacturers and service providers spendjust 11% of their IoT budget on securing their IoT devices. Thestudy found that these companies do recognize the importance ofprotecting devices and the data they generate or transfer with 50%of companies adopting a security by design approach. Two-thirds oforganizations report encryption as their main method of securingIoT assets with 62% encrypting the data as soon as it reaches theirIoT device, while 59% as it leaves the device. Ninety two percentof companies also see an increase in sales or product usage afterimplementing IoT security measures.

According to the survey, businesses favor regulations to make itclear who is responsible for securing IoT devices and data at eachstage of its journey (61%) and the implications of non-compliance(55%). Almost every organization (96%) and consumer (90%) islooking for government-enforced IoT security regulation.

Businesses are realizing they need support in understanding IoTtechnology and are turning to partners to help, with cloud serviceproviders (52%) and IoT service providers (50%) the favoredoptions. When asked why, the top reason was a lack of expertise andskills (47%), followed by help in facilitating and speeding uptheir IoT deployment (46%).

While these partnerships may benefit businesses in adopting IoT,organizations admitted they don't have complete control over thedata that IoT products or services collect as it moves from partnerto partner, potentially leaving it unprotected.

“The lack of knowledge among both the business and consumerworlds is quite worrying and it's leading to gaps in the IoTecosystem that hackers will exploit,” Hart continued. “Within thisecosystem, there are four groups involved – consumers,manufacturers, cloud service providers and third parties – all ofwhich have a responsibility to protect the data. 'Security bydesign' is the most effective approach to mitigate against abreach. Furthermore, IoT devices are a portal to the wider networkand failing to protect them is like leaving your door wide open forhackers to walk in. Until both sides increase their knowledge ofhow to protect themselves and adopt industry standard approaches,IoT will continue to be a treasure trove of opportunity forhackers.”

In other news Gemalto and hardware wallet provider Ledger arepooling their efforts to create a new secure storage solution forfinancial institutions working with cryptocurrency. The newpartnership will apply Ledger's hardware wallet operating system,BOLOS, with Gemalto's cryptographic key storage system to create adevice geared towards the management of crypto-assets.