The Internet of Things (IoT) is in hacker crosshairs. Last year, more than 110 million IoT malware attacks took place — an 87% increase from the previous 12 months. And as connected devices take on more critical roles in the modern home and office, tens of billions more endpoints are coming online.
In this precarious landscape, both individual consumers and enterprises embracing IoT have made cybersecurity a top priority. Now the government is following suit. In July, the White House announced the launch of a "U.S. Cyber Trust Mark" as part of its voluntary labeling program for smart devices.
The mark is a quality seal to help Americans more easily and securely select these products. It comes in the wake of similar proposed regulations like the EU's Cyber Resilience Act.
Finally, device producers will have minimum cybersecurity standards to meet. Consumers are far more likely to seek out and commit to IoT devices that have a seal like the U.S. Cyber Trust Mark, giving device makers a long-overdue incentive to get up to code.
Here’s why, for the first time, device makers will begin to see cybersecurity as an investment rather than an expense.
Compliance now is more cost-effective than retrofitting later
For years, IoT device makers have catered to customers that wanted cheap products and services, often at the cost of robust security. Manufacturers haven’t been driven to spend money on better protection — until the announcement of these coming changes on either side of the Atlantic.
Complying with the likes of the U.S. Cyber Trust Mark makes financial sense because it ultimately saves device makers time and money down the line. While the White House label program is currently voluntary, there’s a strong possibility that it will become mandatory in a few years.
Device makers that don’t join now risk fines or expensive retrofitting of whole device fleets. Just look at the EU cybersecurity plan — once in practice, national authorities could impose fines of up to €10 million for IoT device makers, or up to 2% of their worldwide annual turnover.
In my opinion, cybersecurity labeling leads to stronger and longer-lasting devices, which can reduce the amount of material waste from manufacturers. Such a decrease aligns with sustainability efforts and emerging legislation in the electronic sphere and lowers the risk of manufacturers being penalized for excessive waste.
Certification creates minimum standard security thresholds
Things like default passwords, always-on cloud features, and minimal product support are concerningly normal in IoT. To earn the government check mark, however, device makers must adhere to basic principles that foster a safe, efficient IoT space. This includes unique and strong passwords, data protection, automatic software updates, and incident detection capabilities.
The intention is to create a security baseline and help close gaps in and among device makers. Cybersecurity is only ever as strong as its weakest link, and a cybersecurity certification forms a community of manufacturers that have a united shield against attackers.
Tech giants like Amazon, Best Buy, Google, LG Electronics, Logitech, and Samsung Electronics have already pledged their support for the U.S. Cyber Trust Mark, which will appear on approved products as a distinct shield logo. This will no doubt encourage other device makers of all sizes to do the same.
With more players involved, there will be more awareness around cybersecurity issues, greater innovation, and a savvier ecosystem. The certification could additionally be a springboard for more complex guidelines that develop in response to new cybersecurity challenges in the coming years.
A Cyber Trust Mark will boost customer retention (and profits)
The U.S. Cyber Trust Mark and its subsequent cybersecurity reevaluation will go a long way to repairing trust in the sector. A report from McKinsey reveals that only 30% of IoT providers believe trust is essential in their solutions; meanwhile, 60% of customers consider it crucial.
This trust gap suggests that device makers haven’t been fully meeting consumer needs and aren’t building long-term relationships — which translates to lost profits. By demonstrating that they are dedicated to security and trustworthy experiences via a certification, device makers can improve user retention and loyalty.
We already know that consumers gravitate to products that have a tick of approval — just look at the Energy Star label. This government-backed symbol identifies appliances that are energy efficient, and consumers explicitly say that the certification positively influences their decision to buy a product with this label.
Users see these marks as a prevetting service, where they know that the goods have been assessed beforehand and achieved government-defined requirements. IoT device makers can expect the same bottom-line benefits.
The U.S. Cyber Trust Mark is the beginning of a more formalized cybersecurity structure in IoT. It will fuel a shift in device making, where manufacturers spend more on cybersecurity but equally reap more valuable returns.
And, device makers that invest sooner will not only be better positioned with their audiences, but they’ll also be poised to smoothly navigate an inevitably more complex digital landscape.