From MIT Sloan Management Review
How cybersecurity can affect the market for smart products.
Smart devices, once relegated to science fiction and our imaginations, are now ubiquitous. Today, there’s a market for everything from a Wi-Fi connected refrigerator to a voice-operated speakerthat doubles as a personal assistant. The internet of things (IoT) — the software-operated network of physical devices, appliances, vehicles — grows day by day as these devices become part of our daily lives. A March 2018 survey found that 22% of Americans used IoT appliances in their homes, and this trend is widespread across the globe. Amazon recently announced a plan to expand Amazon Echo services to Italy and Spain.
For consumers, the concept of easily operated, highly adaptable products is great. Smart devices are convenient, useful, and fun. However, many people remain skeptical or anxious about this level of connectivity. News of products leaking private information or being remotely hacked has led customers to fear for their personal safety and reconsider hooking up physical appliances to vulnerable networks.
Considering the relative infancy of many IoT markets and the growing demand for cheap and accessible IoT products, this is a critical stage for IoT businesses. Manufacturers will have to make decisions about how to best deal with cybersecurity. For some IoT developers, that may mean choosing between product usability and product security.
Prioritizing Product Security
Businesses frequently fail to consider that the incentive for product security can have more to do with marketability than integrity. Just look at the saga of the My Friend Cayla doll. Developed by the U.S.-based manufacturer Genesis, this children’s toy used speech-recognition technology to engage in personalized conversations with kids. The doll experienced high demand in 2015 and 2016 — until the public discovered that My Friend Cayla offered a prime target for hackers.
Germany’s Federal Network Agency found that an unsecured Bluetooth device in the doll, which collected and transmitted all audio to a U.S.-based voice-recognition company, exposed the doll’s data. Independent and possibly malicious hackers could not only access private voice data, but also potentially speak to children through the doll.
The My Friend Cayla doll was officially banned in Germany in early 2017, and officials advised parents to trash the doll and destroy its internal microphone. In the U.S., consumer watchdog groups and legislators demanded that the dolls be pulled from shelves for violating laws protecting child privacy. Sales promptly fizzled. Today, the My Friend Cayla doll is no longer carried by major U.S. retailers. Similar events have occurred in various markets. As a whole, the IoT includes a wide range of devices with unique vulnerabilities. Inconsistent security protocols and physical safety risks of IoT technologies are their primary weaknesses.
Potential adopters of IoT technologies range from individuals to massive organizations. If a new product experiences a publicized cyber incident, it may never get off the ground, even if the security issue gets resolved. This is a prime example of why IoT developers cannot simply focus on marketing and innovation. Security needs to be addressed proactively, even if it requires a considerable investment of resources in earlier stages.
In fact, investing resources in cybersecurity is probably the most business-savvy thing that IoT product manufacturers can do. At Cybersecurity at MIT Sloan (CAMS), we studied how security risks of IoT products can shape the future marketplace. In a recent study, we found that while there are a number of variables at play, investing early in cybersecurity capabilities — even for a company or startup with limited resources — is ultimately the method most likely to bring market success in the long run.
Read the full post at MIT Sloan Management Review.
Mohammad Jalali is a research scientist at MIT Sloan School of Management.