Your IoT devices put you at risk – but you don’t seem to care

Around 25% of people don’t take any measures to protect their smart devices.

Key findings

Almost 9/10 people have at least one IoT device

The majority of respondents said they had some IoT device in their homes. There was no significant gap between genders, but different age groups had different devices. Younger people were more likely to have smart speakers, game consoles, and children’s devices. In contrast, the likelihood of having no IoT devices went up with age. The number of devices also went up with income. This was more pronounced with devices that were part of house fixtures, such as security or heating and lighting.

More devices – less secure behaviors

Even though having more devices increases the chance of an attack, it doesn’t affect users’ behavior. For example, almost 95% of people in the UK have some IoT device. However, of the countries surveyed, respondents in the UK took the least action against the risks: almost 1 in 5 take no measures to protect themselves. And while people from Canada and the Netherlands have the best security habits, the French are generally safer by having fewer devices to begin with.

People tend to blame themselves

More than half of people believe that making sure their devices are safe is solely their responsibility rather than the manufacturers’. Unfortunately, this belief doesn’t reflect in their behavior, creating a privacy paradox. Even when they are aware of potential risks and believe it’s their responsibility to mitigate them, people don’t take any action. This behavior is mostly fueled by the belief that attacks only happen to other people, so users start caring about their privacy only after they’ve suffered from a hack themselves.

IoT sales are expected to continue rising

The history of IoT is a history of security and privacy problems. Nevertheless, these devices are going to dominate our homes, industries, and cities more and more. Statista reports that the worldwide IoT spending may reach over $1 trillion by 2023. More devices are likely to bring more issues and vulnerabilities that cybercriminals can exploit. However, with the growth of IoT, we also expect to see governments getting more involved, better regulation initiatives, and higher awareness among users.

Shared IoT security efforts

The best way to avoid IoT risks is not to buy any devices. But as neither users nor manufacturers would like this solution, all of us need to pick up the slack. Users must demand that companies follow the best security practices while taking better care of their own privacy. IoT manufacturers have to come up with additional ways to protect their devices and their users’ data. And government agencies need to regulate this process as the usage of IoT devices grows in both the private and public sectors.

Timeline of IoT problems

1863

Jules Verne’s Paris in the Twentieth Century is rejected for its dystopian vision of smart technologies.

1962

The Jetsons brought “smart” devices to TV screens, with mishaps aplenty.

1974

TCP is published, a key protocol but a major source of vulnerabilities.

1982

A Coke machine is connected to ARPANET, but Coke engineers aren’t happy.

1988

Talkie Toaster in Red Dwarf shows how annoying smart devices can be.

1990

John Romkey gets in trouble with Interop for his internet-connected toaster.

1999

First use of the name Internet of Things (IoT).

2009

Psyb0t is the first malware targeting routers.

2009

Shodan is launched — a search engine for unsecured devices.

2010

Stuxnet is uncovered — the first worm to attack connected industry systems.

2012

The Carna botnet attacks routers with default or no passwords.

2013

Linux.Darlloz infects IoT devices via a PHP vulnerability.

2014

BASHLITE infects IoT cameras to create DDoS attacks.

2014

Vigilante malware Linux.Wifatch starts fixing vulnerable devices.

2016

Ring doorbell cameras prove easy to hack.

2016

Remaiten malware exploits commonly used passwords.

2016

The Mirai botnet uses thousands of IoT devices for huge DDoS attacks.

2016

Vulnerabilities in connected heart implants reported.

2016

Vigilante malware Hajime fights Mirai.

2017

BrickerBot brute forces Telnet passwords to brick devices.

2019

A series of smart assistant privacy revelations.

2020

A class action lawsuit is brought against Ring for weak security.

2021

Name:Wreck exposes 100 million IoT devices.

Get the full report here

Click the button below to download the full report on IoT device security.

Download PDF

Methodology and sources

To gain a better understanding of the user aspect of IoT, we conducted a survey via CINT. 7000 people were surveyed in total, made up of 1000 people from each of the following countries: Australia, Canada, France, Germany, the Netherlands, the UK, and the US. Participants formed representative samples across gender, age, family situation, and income levels.

The questions revolved around which IoT devices people had in their homes, what measures they took to secure them, and whose responsibility they thought it was to ensure the security of IoT devices. Survey results were cross-referenced with a new user-focused classification of the main vulnerabilities of IoT devices.

The timeline and classification were generated by reviewing the key literature on IoT security and vulnerabilities, as well as looking at press coverages of major attacks.

Similar reports

Device sharing and privacy

We analyzed how people share their personal devices and what measures they take to protect themselves and their family members online.

Find out more

National Privacy Test

Thousands of users tested their cybersecurity-savvy. Find country rankings and average scores in different demographics.

Find out more

Parental monitoring apps

We looked into the top 4 parental monitoring apps. We analyzed how they work, their trends, and what problems these apps can create.

Find out more

Let's talk

Have some ideas? Want to learn more?