Gartner: IoT security spend hitting $1.5 billion – but strategy poor
IoT security

Gartner: IoT security spend hitting $1.5 billion – but strategy poor

Worldwide spending on Internet of Things security will hit $1.5 billion in 2018, a 28 per cent increase from 2017, according to a new report from Gartner.

However, the analyst company warns that IoT security is being left up to line-of-business units, with a lack of overall business strategy, poor “security by design”, and little control over the technology within connected devices.

Its report, Forecast: IoT Security, Worldwide 2018, says that IoT-based attacks are already a reality. A recent Gartner survey found that nearly 20 per cent of organisations have experienced at least one IoT-based attack in the past three years.

“In IoT initiatives, organisations often don’t have control over the source and nature of the software and hardware being used by smart connected devices,” said Ruggero Contu, research director at Gartner.

“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity.”

These factors will be the main drivers of growth in IoT security, with spending hitting a forecast $3.1 billion in 2021, according to the company.

How the market breaks down

The report forecasts that endpoint security spending will be roughly one-third of the value of professional services security spending this year: $373 million against $946 million. Meanwhile, gateway security spending is predicted to hit $186 million.

However, in 2021 professional services security spending is likely to exceed $2 billion, with endpoint security hitting $631 million, and gateway security $415 million.

Despite healthy year-on-year growth in worldwide spending into the next decade, the report predicts that the biggest inhibitor to the growth of IoT security will be a lack of prioritisation and implementation of security best practices and tools. This will hamper spending on IoT security by 80 percent: an extraordinary figure.

No co-ordinated strategy

“Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed, and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed,” said Contu.

However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider’s alliances with partners or the core system that the devices are enhancing or replacing.”

While basic security patterns have been revealed in many vertical projects, they have not yet been “codified into policy or design templates to allow for consistent reuse”, continues the report.

“As a result, technical standards for specific IoT security components in the industry are only now just starting to be addressed by IT security standards bodies, consortium organisations, and vendor alliances”, it adds.

This absence of “security by design” comes from a lack of specific and stringent regulations. Going forward, Gartner expects this trend to change, especially in heavily regulated industries, such as healthcare and the automotive sector.

By 2021, Gartner predicts that regulatory compliance will be the prime influencer for IoT security uptake – hence the significant uptick in spending.

Internet of Business says

As Gartner says, spending is up. But the consistent theme in all 2018 IoT security reports has been exactly the same: users’ approach to the specific problem of securing IoT implementations is lax, device manufacturers are rushing to market to compete, and strategy is poor at board level.

Meanwhile, regulations are playing catchup with the market, just as the law is years behind the advance of AI in other areas of the connected world.

Read more: Cambridge Analytica vs Facebook: Why AI laws are inadequate

The result of all this is a vacuum where an IoT security policy should be, even as people are throwing money at the problem. As the IoT grows, this poses a serious challenge to decision-makers, who are leaving the big decisions to line-of-business departments that may lack both a big-picture view and the relevant security expertise.

Hopefully, Gartner’s name and reputation will persuade more people to see the subtext beneath the healthy spending figures.

• Just some of our 2018 security coverage so far:-

Read more: Reports reveal critical need for IoT cybersecurity upgrade

Read more: IIoT security: How to secure the ‘Internet of Threats’, by IBM

Read more: Tenable unveils cybersecurity benchmarking tool

Read more: Vendors, users ignoring IoT security in rush to market – report

Read more: IoT ramps up cyber security risk, says in-depth report

Chris Middleton
Chris Middleton is former editor of Internet of Business, and now a key contributor to the title. He specialises in robotics, AI, the IoT, blockchain, and technology strategy. He is also former editor of Computing, Computer Business Review, and Professional Outsourcing, among others, and is a contributing editor to Diginomica, Computing, and Hack & Craft News. Over the years, he has also written for Computer Weekly, The Guardian, The Times, PC World, I-CIO, V3, The Inquirer, and Blockchain News, among many others. He is an acknowledged robotics expert who has appeared on BBC TV and radio, ITN, and Talk Radio, and is probably the only tech journalist in the UK to own a number of humanoid robots, which he hires out to events, exhibitions, universities, and schools. Chris has also chaired conferences on robotics, AI, IoT investment, digital marketing, blockchain, and space technologies, and has spoken at numerous other events.