As the third phase of the Scottish Government-funded IoT Secure programme gets underway, Cade Wells reflects on its benefits for SMEs and start-ups.
The use of IoT has grown exponentially over the past few years. Figures from IHS Markit show that globally the number of devices increased from 15.41 billion in 2015 to 42.62 billion by 2022, and is predicted to grow to 75.44 billion by 2025.
Greater adoption of IoT is hugely positive – these technologies can help organisations to better monitor their assets, reduce costs, and make better decisions informed by data. But having more devices than ever before will also come with its challenges, particularly from a cyber security perspective.
Earlier this year, a report from McKinsey found that major buyers of IoT devices across all industries see cyber security as the biggest impediment to greater adoption, ahead of interoperability, implementation effort, and return on investment. In fact, four-times as many respondents said cyber security was a barrier (32%) compared to cost (8%).
It was with that in mind that in March 2020 we undertook our IoT Secure programme, providing Scottish small and medium-sized enterprises (SMEs) with one-to-one support on the use and development of IoT cyber security. With the first two phases delivered, we are keeping the work going with a third instalment later this year.
There have been some real success stories among the companies which have taken part. One company opened up new markets by using the programme to learn more about certification requirements in international markets for the type of device it produces.
Another business used IoT Secure to understand how cyber security could be incorporated into the products it is developing. It has since gone on to expand its team by appointing a member of staff who will look after cyber security matters.
These cases demonstrate some of the huge amounts of change we have seen in the market in the last three years, not only in Scotland but also in terms of where IoT is being used – from aquaculture to manufacturing.
Perhaps just as positively, we have also found companies becoming more aware of the importance of security and its potential to be a significant obstacle. They now see being able to provide customers with assurances for cyber security as a way of giving them an edge over their competitors.
It is an especially imperative issue with the introduction of the Product Security and Telecommunications Infrastructure (Product Security) regime, which will come into effect from 29th of April 2024. Among other changes, it will compel providers of connected devices to do away with default passwords, provide details of their vulnerability disclosure processes, and give customers information about how long they can expect security updates.
Cyber security is only going to remain a threat. The Covid-19 pandemic showed that not even national lockdowns will stop hackers from trying to gain entry to systems and individual products. There have been a range of organisations suffering high-profile cyber attacks over the last few years and, as they use more connected devices, the risks could increase.
Wherever there is challenge, there is also opportunity. For forward-thinking users and developers of IoT-connected equipment, being at the vanguard of cyber security can be a real differentiator in an increasingly cluttered market, helping them to steal a march on their competitors.