Worldwide spending on Internet of Things security will reach $348 million in 2016, a 23.7 percent increase from 2015 spending of $281.5 million, according to Gartner. Furthermore, spending on IoT security is expected to reach $547 million in 2018.
“It’s encouraging to see the investment in security spend for IoT increase, it will however not be enough based upon Gartner forecasts. Our reliance on such devices will extend to well beyond consumer IoT, and such technology will form the basis of our critical infrastructure moving forward. Outsourcing to the cloud will become the de-facto approach for most organizations, but without trust the rate of adoption will be significantly impacted,” Raj Samani, CTO, Intel Security EMEA, told Help Net Security.
IoT security spending and adoption
The market for IoT security products is dependent on IoT adoption by the consumer and industry sectors. Endpoint spending will be dominated by connected cars, as well as other complex machines and vehicles, such as heavy trucks, commercial aircraft, farming and construction equipment.
IoT adoption is growing so fast that a recent survey of 500 CEOs and senior decision makers in the UK showed that this year, 60% of UK businesses are increasing their investments in IoT projects, by an average of 42%. In fact, 68% of business leaders are expecting to reap actual benefits from their IoT investments in 2016.
Wearables continue to see high levels of interest and market momentum. According to a new report from Tractica, by 2021 a cumulative total of 171.9 million wearables will be shipped for use in enterprise and industrial environments. Fitness trackers are seeing large-scale adoption in corporate wellness programs, smart glasses are continuing to experience a growth in trial activity with pilots converting to commercial deployments, and smart watches are beginning to gain greater attention from enterprise-focused app developers.
Expected surge in IoT-related attacks
Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets. Security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT and the decentralized approach to early IoT implementations in organizations. Vendors will focus too much on spotting vulnerabilities and exploits, rather than segmentation and other long-term means that better protect IoT.
In industries where we’re already seeing a greater number of connected devices being introduced, such as healthcare and automotive, we are also seeing security vulnerabilities being identified in numerous devices, according to John Smith, Principal Solution Architect at Veracode. “Last year the US Food and Drug Administration made an unprecedented move and urged American healthcare facilities to refrain from using Hospira’s Symbiq Infusion System, after a security flaw in its drugs pump was left unpatched,” he added.
“It is clear that IoT systems and software are not being developed with a hostile operating environment in mind. In Veracode and IDC’s 2016 research into the security of connected cars, the manufacturers that were interviewed told IDC that it will be one to three years before connected car systems are implemented with full consideration of security concerns,” Smith concluded.