Report Takes a Comprehensive Look at Privacy and Cybersecurity in the Connected Home

Apr 27, 2021

Cybersecurity and privacy concerns in the smart home have the potential to worsen with device ownership and demand for gadgets growing. In building their solutions, industry participants should therefore treat cybersecurity protections as the norm. Looking past functionality and user experience, privacy also needs to be factored into the process.

These were among the key recommendations of CABA’s Privacy and Cybersecurity in the Connected Home Landmark Research project, carried out by CABA member Frost & Sullivan.

“Cybersecurity and privacy remain perhaps the foremost challenges for the connected home industry right now, compounded by technology adoption by new demographic segments, such as older adults and children and large numbers of young adults,” said Ron Zimmer, CABA President & CEO.

“This research sets out a measured approach that stakeholders can use to assess cyber risks and privacy infringement challenges in the connected home, hasten the development of market-wide solutions, and support the industry in a positive way.”

The research focused on understanding the implications of cybersecurity and privacy risks and ways of managing them. It reviewed the challenges of implementing protection measures and evaluated the perceptions of various industry stakeholders — including their level of accountability in managing the challenges. The analysis also provided best practices that can be prioritized to address the issue.

Strong adoption potential with high threat exposure

The consumer-focused portion of the research included a survey of approximately 1,100 consumers in North America. As much as 29% of connected-home adopters surveyed experienced some form of cyber breach over the last 12 months.

Consumers’ sophistication and vigilance with regard to connected-home solutions is increasing. Over 80% of survey respondents said they used unique, complex passwords for multiple devices and 49% were aware of privacy guidelines. However, consumers perceived the levels of privacy protection given by vendors and service providers to be very low.

“The privacy and cybersecurity concerns highlighted in the research pose a serious threat to the market prospects of connected-home solutions,” says Konkana Khaund, Director of Consulting, Energy and Environment with Frost & Sullivan. “This is further complicated by the growing ecosystem and the expanding technology stack that are increasing the potential for various vendors and service providers to inflict security breaches on each other’s networks.

“As different approaches strive for consensus in the areas of regulations, guidelines, and policy to address the stakeholder interests, it will be crucial for those efforts to account for interdependencies in risk mitigation, as well as to mature over time.”

Dynamic response plan

With a projected continued evolution in cyber threats, a dynamic response is required of key industry participants. Privacy is also a changing concept as consumers are introduced to novel experiences with emerging technologies and service experiences, the report notes. It is likely that expectations from vendors will shift as consumers weigh functionality, usefulness, and compromises to their privacy and anonymity.

For vendors and service providers, it is important to chart out a nimble and scalable response plan that can cope with their growth needs and consumers’ evolving demands for new connected products and solutions, the report recommends.

The research calls on solution providers to enhance their compliance levels, given the growing consumer sophistication and vigilance regarding the use of their devices and their expanding expectations of cybersecurity and privacy. But instituting prescriptive cybersecurity requirements and minimum privacy provisions in products requires collaboration between alliances and standards-development bodies to ensure that interoperability and cyber compliance is achieved consistently.

What remains to be seen is how much of this compliance can be institutionalized and mandated. As the report notes: “Interdependencies and crossover impacts will continue to challenge regulators, assimilators, integrators, aggregators, and above all, consumers. Adopting some of the best practices described in this research will help support the compliance agenda and fast-track the consensus needed to address cybersecurity and privacy challenges.”

About the report — executive summary

The 120-page final report from this $US130,000 research project has just been released to the funding organizations. Anyone can download the 27-page executive summary—available as a free product in the CABA Store at https://trk.cp20.com/click/e30n-2dsf1x-2507c5-7hqedea9/. The full report will also be added to the store following an embargo period ending July 16, 2021.

About the funders

This research was funded by the following CABA members: Acuity Brands, Inc., CommScope, Inc., Community Smart Living Inc. (powered by Netex), the Consumer Technology Association (CTA), CSA Group, National Research Council, Resideo Technologies, Inc., SnapAV and UL LLC.

Published with the permission of Lighting Controls Association.