James Allen is co-leader of the global strategy practice at Bain & Co. and co-author of “The Founder’s Mentality.”
The Internet of Things—digital devices embedded in products ranging from oil drills to wireless syringe pumps in hospitals—continues to grow, but the huge potential for further expansion has been hindered by a nagging problem: concerns about cybersecurity.
Research by my Bain & Co. colleagues finds that business customers would be willing to buy substantially more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might buy if their concerns remain unresolved. And 93% of the executives we surveyed say they would pay an average of 22% more for devices with better security. The survey covered executives from companies based in the U.S., Canada, Europe and China.
Most executives surveyed (60%) say they are very concerned about the risks IoT devices pose to their companies—not surprising, given the damage that a breach of poorly protected devices can cause to operations, revenue and safety. Several large data breaches or debilitating attacks, such as the Mirai and Okiru malware attacks, have occurred over the past couple of years.
Only about a third of IoT security solutions today come from IoT device vendors, suggesting that vendors are either not offering holistic, high-quality solutions that meet customers’ needs, or not promoting them well enough.
That’s particularly vexing for businesses with only basic cybersecurity capabilities, because these companies are the most likely to seek out simplified and integrated security solutions, rather than developing their own. While most businesses would like a cohesive set of tools and a unified overview of the security posture of their devices, few device makers understand their customers’ operations well enough to provide that kind of solution.
Our research also indicates that executives within certain industries—durable goods, building and construction, energy and utilities, financial services, health care and technology–see themselves at greater risk than others. These concerns reflect industry realities, not merely the perceptions of individual executives.
Oil and gas producers, for example, rely on tens of thousands of IoT sensors and complex production-control devices at their wells and drilling platforms. Manufacturers’ use of IoT also introduces new risks in industrial environments, as they might deploy devices ranging from sensors to sophisticated, semiautonomous robots. Compromised sensors could lead to data inaccuracies that hinder management’s ability to make critical operational decisions or create inventory problems that wreak havoc across the value chain. On the plant floor, a compromised robotic device could harm workers and other equipment.
IoT cybersecurity is fairly complicated, as each device has six logic layers that can require security solutions. Lacking well-designed IoT cybersecurity products and services, customers are devising their own solutions, forgoing them altogether or failing to implement solutions until vendors can fill the gap.
IoT device vendors and solutions providers that move quickly to improve security stand to reap rewards not only from their ability to earn a premium, but also from an expanded market.
Read the latest Leadership Report.