The Rise and Risks of IoT Devices

by on Aug 29, 2019

Smart devices are enriching the possibilities for connecting and interacting with the world, while also exposing consumers to increasingly complex security risks. It is no surprise that a recent study estimates that we spend more than 11 hours a day sending emails, browsing social media or watching videos on tablets and smartphones. To further fuel this dependency, new digital devices are slowly being introduced in our homes, businesses and communities. Collectively known as the Internet of Things (IoT), these devices are growing exponentially in popularity. Common examples include gadgets like Alexa and Google Home, smart appliances, security cameras, wearable devices, connected cars and healthcare devices. In financial services, TD Ameritrade has added skills to Amazon Echo Auto to allow customers to receive quotes and manage their accounts from their cars. TD clients can also trade stocks with Amazon’s Alexa using voice-activated commands.

While the market growth for electronics like personal computers, smartphones and tablets has significantly slowed or plateaued, BI Intelligence estimates that the number of IoT devices in use has grown 35% between 2014 and 2019. A recent report by Parks Associates estimates that the average household now owns more than 10 connected devices. It’s predicted that there will be more than 75 billion IoT devices worldwide by 2025.

Source: Statista Research Department

Haphazardly connecting both essential and mundane devices to the internet comes with inherent risks. In July, the FDA recalled select Medtronic MiniMed insulin pumps due to potential cybersecurity risks, affecting an estimated 4,000 users. An infamous 2016 distributed denial of service (DDoS) attack used malware known as a “botnet” to overload the servers of IoT devices to knock major websites offline including Netflix, Spotify and Amazon, with damages estimated at $100 million. This is just the start of security concerns with IoT devices. Hackers may take more drastic measures to weaponize smart devices, such as dropping home thermostats during winter months, taking control of and crashing self-driving cars, or even inflicting substantial financial and private data losses for customers at financial institutions.

Consumers are cognizant of these security risks. In a recent Insurance Customer Study conducted by Corporate Insight, 40% of respondents were not interested in owning or using a driverless car due to their vulnerability to hackers. In May, the Consumers International and the Internet Society uncovered that over half of respondents surveyed (53%) distrust connected devices and don’t believe companies will protect their private data. Almost 28% of respondents who don’t own an IoT device stated security concerns would stop them from buying one.

Corporate Insight studies account security closely—particularly front-end measures to secure financial services clients’ accounts. We have seen many firms move from standard username and password login credentials to more secure methods such as two-factor and biometric authentication; new alerting systems help notify consumers of suspicious activity. Today, firms are wrestling with the delicate balance between security and convenience. While forcing strict security measures could help ensure that client information stays secure, burdening clients with a cumbersome login process could negatively impact engagement. It has also become a standard practice for firms to communicate their security practices online to engender trust and confidence among their customers. Fidelity, for example, has a series of 360 Security videos that address common security concerns in a personal, family-oriented way.

As more financial services companies start to transform the payment and transaction process by moving to non-proprietary platforms like IoT devices, fortifying security on the back-end is critical, as is developing optimal measures on the front-end, including authentication and alert methods. Companies must effectively communicate to prospects and customers how their security is safeguarded—a critical step towards fostering engagement and confidence in the growing world of IoT devices.