Smart-home security: A question of trust

As the world gets smarter and more and more devices are connected, techUK’s director of markets and membership Paul Hide believes the onus is on manufacturers and retailers to treat consumers’ security concerns seriously


The UK smart-home market is starting to gather some pace. Revenue is forecast to reach £2 billion this year, climbing to £4bn by 2022. Household penetration is now approaching 20 per cent and is expected to double in the next four years. Average spend per household is modest at present, around £140, but this is forecast to grow as the smart ecosystem expands and connects more widely.

Smart homes are, of course, connected. To realise the benefit of connected homes, the collection and manipulation of a huge amount of data about how we live, travel and communicate is required.

Increasingly, the narrative on data issues, such as privacy and security, has come to the fore, brought into focus by high-profile cases relating to breaches of data privacy and the less-than-transparent capture and use of user data.

We are now at a crossroads. If we are to continue down a path of exploiting individuals’ data for their benefit, we must restore and maintain trust, because, if we do not, the opportunities in delivering smarter homes will be severely compromised.
Industry is awake to these challenges and is taking steps to address the genuine and understandable concerns.

TechUK, in partnership with a broad spread of industry partners, launched its Trust Principles in an Internet of Things (IoT) World – a set of high-level principles to build trust in IoT innovations. The principles cover key elements that are needed to help the IoT/smart markets grow though greater consumer confidence.

These principles include:

Data transparency and customer empowerment, ensuring all citizens have control over their own data;

• Interoperability, so that a user can switch between devices, providers and services according to changing preferences;

• Security by design in order to help protect from cyber-attack.

As the Government’s 2014 Blackett Review stated, public acceptability and trust are essential to the implementation of IoT-based services. Developments within the IoT space need to earn users’ trust in order for the full potential of the technology to be realised.

Smart-home technologies can have a beneficial impact on our economy and society that goes far deeper than the features and benefits offered by current smart-home products.
Done right, they can help enable better health services, cleaner and safer public spaces, more efficient industries and more innovative businesses and business models.

Unprecedented amounts of detailed data, often in real-time, will be created that can then inform and improve services and products.

We all have a responsibility to ensure that we only offer devices and services that meet the highest standards of security and privacy

The Government is acutely aware of the opportunities and barriers to development. Matt Hancock, Minister of State for Digital and Culture, has said: “The Internet of Things is transforming our lives through innovative products and services with the potential to deliver major benefits for citizens.Successful technology depends on secure technology. We are determined to make sure the UK is an international leader in this technology and that means ensuring the internet of things is cyber-secure.”

The Department for Digital, Culture, Media and Sport (DCMS) is very focused on protecting user privacy and transparency relating to individuals’ data. If industry does not work together, we can expect regulatory intervention to enforce change.

DCMS identified two risks that develop as a result of poor practices: privacy and safety is being undermined by the vulnerability of individual devices; and an increasing threat of large-scale cyber-attacks launched from large volumes of insecure IoT devices.

At the heart of the report is a Code of Practice aimed at device manufacturers, service providers, developers and retailers. The focus is on best practice, such as no devices or services to be provided with a default password, implementing a vulnerability disclosure policy and providing ongoing software support.

We all have a responsibility to ensure that we only offer devices and services that meet the highest standards of security and privacy. Forgoing these principles in the quest for lower-priced solutions and a quick sale is a false economy as, once bitten, consumers are unlikely to trust either the concept or the supplier again.

Regulators are likely to come down harder on those who do not exercise the highest standards of care relating to user data or those who do not abide by the new General Data Protection Regulation (GDPR), which came into force on May 25.

Convincing your customers that they can place their trust in you is part of the new world of customer retention and loyalty. A failure to follow through on this trust will be increasingly transparent in a smarter world.