40% users blame manufacturers for security of their IoT devices

The majority of respondents said they had some IoT device in their homes. There was no significant gap between genders, but different age groups had different devices. Younger people were more likely to have smart speakers, game consoles, and children’s devices. In contrast, the likelihood of having no IoT devices went up with age. The number of devices also went up with income. This was more pronounced with devices that were part of house fixtures, such as security or heating and lighting.

More devices – less secure behaviors
Even though having more devices increases the chance of an attack, it doesn’t affect users’ behavior. For example, almost 95% of people in the UK have some IoT device. However, of the countries surveyed, respondents in the UK took the least action against the risks: almost 1 in 5 take no measures to protect themselves. And while people from Canada and the Netherlands have the best security habits, the French are generally safer by having fewer devices to begin with

People tend to blame themselves
More than half of people believe that making sure their devices are safe is solely their responsibility rather than the manufacturers’. Unfortunately, this belief doesn’t reflect in their behavior, creating a privacy paradox. Even when they are aware of potential risks and believe it’s their responsibility to mitigate them, people don’t take any action. This behavior is mostly fueled by the belief that attacks only happen to other people, so users start caring about their privacy only after they’ve suffered from a hack themselves.

IoT sales are expected to continue rising
The history of IoT is a history of security and privacy problems. Nevertheless, these devices are going to dominate our homes, industries, and cities more and more. Statista reports that the worldwide IoT spending may reach over $1 trillion by 2023. More devices are likely to bring more issues and vulnerabilities that cybercriminals can exploit. However, with the growth of IoT, we also expect to see governments getting more involved, better regulation initiatives, and higher awareness among users.

Shared IoT security efforts
The best way to avoid IoT risks is not to buy any devices. But as neither users nor manufacturers would like this solution, all of us need to pick up the slack. Users must demand that companies follow the best security practices while taking better care of their own privacy. IoT manufacturers have to come up with additional ways to protect their devices and their users’ data. And government agencies need to regulate this process as the usage of IoT devices grows in both the private and public sectors.

Methodology and sources
To gain a better understanding of the user aspect of IoT, we conducted a survey via CINT. 7000 people were surveyed in total, made up of 1000 people from each of the following countries: Australia, Canada, France, Germany, the Netherlands, the UK, and the US. Participants formed representative samples across gender, age, family situation, and income levels.

The questions revolved around which IoT devices people had in their homes, what measures they took to secure them, and whose responsibility they thought it was to ensure the security of IoT devices. Survey results were cross-referenced with a new user-focused classification of the main vulnerabilities of IoT devices.

The timeline and classification were generated by reviewing the key literature on IoT security and vulnerabilities, as well as looking at press coverages of major attacks.
CT Bureau