Internet of Things : The Potential Influence of Enterprise Buyers on the Security of IoT

Abstract: While IoT safety and security incidents continue to increase in frequency, scope and severity, there remains a gap in how the issue will be addressed. While the debate continues within academia, industry standards bodies, government and industry media, new entrants continue to rapidly enter the market with cheaper more powerful products with little incentive to address information security issues. In a free market economy, the supply and the demand would determine the product and services and the associated prices without intervention. Manufacturers are free to innovate, consumers drive choice and competition brings these opposing forces to an equilibrium of market price. But how does this economic system factor in the risk of an event that neither party may ever consider and, yet, it may impact not only impact those involved, but has the potential to have catastrophic harm to others? The downside, the system does not consider “external factors”, i.e. a compromise to accommodate what consumers need. Economists often urge governments to adopt policies that "internalize" an externality, so that costs and benefits will affect mainly parties who choose to incur them. Such an intervention, however, often comes with many challenges and consequences. Even with the added urgency of growing risk to human safety, regulatory intervention takes time. Likewise, a self-regulating market would undoubtedly also take a significant amount of time to take the necessary actions to address such an externality, even if incentivized. While it continues to be all too easy to defer the blame and risk on consumer, like the industrial revolution, this industry must overcome its own safety challenges like the auto, transportation or energy industries before it. While, consumers must inevitably take some reasonable measures to protect their interests, clearly the accountability must reside elsewhere. There is a potentially increasingly significant influential subset of consumers in the IoT ecosystem, the Enterprise Buyer, specifically marketing and technology executives, who champion consumer needs within their organization’s broader products and services that incorporate IoT. In this thesis, we aim to investigate the following issue: What are the attitudes and potential role for Enterprise Buyers in influencing negative externalities, i.e. IoT security in the IoT market, specifically from the perspective of marketing and technology executives? We believe that this group is uniquely positioned to understand a consumer first mindset and how to articulate value in otherwise negatively perceived field of information security by examining context, business/technical challenges and opportunities and reveal awareness, attitude and accountability. The results of our survey show the majority of marketing and technology executives who responded believe information security awareness is increasingly an executive accountability and priority and Enterprise Buyers hold a highly influential position in their ability to influence the IoT market and its security development and maturation.