Executive Summary

The Smart Home has taken hold and is set to take off with phenomenal growth. The worldwide household penetration rate of home appliances and devices with a direct internet connection is expected to reach 21% by 2025. This new market is already saturated with gadgets and new smart devices are being launched every day. Consumers are enthusiastically purchasing tools that make everyday home life and chores more efficient and convenient.

The 2021 Smart Home Security survey shows evidence that smart home device adoption is rising among consumers, who own, on average, 4 smart home devices. At least 1 in 10 also plan to purchase smart home devices in the next 12 months.

Alongside convenience and cost-savings, is a growing concern that the new gadgets readily welcomed into consumers’ homes also collect a disturbing amount of personal data that could potentially be leaked out via the internet connection. This survey, conducted among 6,000 adults in Europe and Canada during the summer of 2021, found 62% of consumers are concerned that security cameras could be hacked to spy on members of the household, 57% worry IoT devices could be hacked to gain sensitive data, and 52% fear microphones on devices could be used to eavesdrop on conversations. Concerns about exposure to cyberthreats remains the leading barrier to adoption for many consumers. If Telcos want to launch successful smart home initiatives, they will have to address cybersecurity.

Security cameras and systems present the most glaring challenge as they are one of the most popular smart home devices (24% already own, 15% plan to buy) and also the systems consumers are most concerned about being hacked (62%). Not surprisingly, 9 in 10 respondents agree that connected security cameras need to be protected against hacking. This could present a strategic opportunity for Telcos to provide both smart security cameras and cybersecurity protection as device/service bundle.

Adoption rates and concern are both high, but practical knowledge and skills for securing smart home devices are very low. For example, the most basic thing everyone should do when installing any devices is to change the manufacturer default password, yet only 34% of respondents had performed this simple step.

On the other side of the spectrum, the current gold standard in smart home security requires setting up a second, completely segregated WiFi network so that smart home devices cannot serve as a point of entry for lateral attacks. Only 17% of respondents reported having set up such a network. Coincidentally, or perhaps not, 17% also said they are very confident in their ability to protect their families and themselves from cybercrime. This means that the rest of consumers, roughly 80% of the market, needs a simple, holistic way to protect their entire household from cyberthreats. The 2021 Smart Homes Security Survey reveals strong evidence that internet providers are in the best position to provide consumers the peace of mind from cyberthreats they seek.

State of the Smart Home

The data is clear; the smart home consumer connectivity landscape is growing in size, complexity and maturity. Telcos first entered their customers' homes to deliver telephone, then internet connectivity. More recently content was added to create ‘triple play’ packages that deepened their foothold within the household. Now the Smart Home market has reached the maturity threshold to become the ‘fourth play’ for a wide consumer base.

Among the respondents who currently do not have any smart home devices installed in the home, many do plan to purchase one or more devices in the next 12 months. The most popular planned purchases for this group are Smart TV (18%), floor cleaners (17%), kitchen appliances/food prep (16%), security camera (15%), and health/fitness (14%).

Consumer Technical Confidence

How is all this new technology getting installed in consumer homes? Too many of us know the frustration of either being overwhelmed by installation guides or by requests to lend free technical support to friends and family members. The complexity or perceived complexity of installing and operating smart home devices seems to play a big part in how this market is developing. On the side of device manufacturers, the more foolproof their device the more uptake they will enjoy in the broad consumer market. But consumer technical confidence will also play a huge role in service providers’ ability to secure a foothold by taking the hassle and anxiety out of installing and operating the smart home devices their customers most desire. 42% of all respondents stated they did/will require the assistance of an in-home technician visit to setup their connected home devices.

Barriers to Smart Home Adoption

When asked explicitly about their concerns regarding adopting smart home devices,  83% of respondents had at least one serious reservation about adopting a connected home. The issues fell under three main groups; cost, security and hassle. To effectively market smart home solutions all three barriers must be removed. 17% had no concerns at all.

SECURITY - 12% of respondents fear that bringing smart devices into the home could increase their physical security risk. While this seems counterintuitive, cybersecurity experts have been sounding the alarm on this new, unintended danger for years. Heating and kitchen appliances could be hacked to overheat and start house fires.

Ironically, smart locks and security cameras could be hacked to gain physical entry into the home to perpetrate burglaries or worse.

Cybersecurity concerns (intrusion of privacy 35%), (cybersecurity risk 33%), (data theft 23%) all have to do with the danger posed by devices connecting to the internet and potentially serving as a gateway into their home and sensitive data.

HASSLE - Not everyone enjoys or feels confident in their technical ability to install and manage smart home devices. 19% think smart home technology is too complicated for them to understand, 21% think it will be too much hassle to install and maintain, and 28% are wary that they will create an overreliance on technology.

COST - The leading single issue for users was that a connected home is perceived as too costly (44%). This is a natural concern, as financially responsible adults should always consider new expenses.

Security Threats & Concerns

Since security is a leading concern, researchers asked follow up questions to drill down and understand exactly which of the potential smart home cyberthreats consumers find most worrisome.

Respondents were asked to select their top 3 cyberthreat concerns.

Spying via cameras (62%) is the leading concern for good reason. The security cameras people install to protect their personal safety are shamefully easy to hack. In March of this year a rouge actor hacked 150,000 security cameras installed in offices, manufacturing plants, hospitals, prisons and schools around the world. It was an unsophisticated “super admin” attack perpetrated by a lone cyber-vandal with no real purpose other than to wreak havoc, saying it was “just too much fun not to do it.” (“Hack of '150,000 cameras' investigated by camera firm”, March 2021, BBC).

Next leading threats are of hacking IoT devices to access sensitive data (57%) which is also a very real concern as these devices are very easy to hack and can be used to gain initial access into the home network. Once inside, hackers can move laterally to PCs and mobile phones where more sensitive personal and financial data is stored.

Eavesdropping (52%) is a very real vulnerability that has caught the mindshare of users as numerous news reports have surfaced in recent years about baby monitors being hacked to spy on young children and household members. Another contributing factor is that many of these devices are manufactured either by Big 5 internet giants such as Google and Amazon, or Chinese manufacturers that have all come under suspicion regarding how they obtain and use personal information.

Gaining control and operating devices (48%), demanding ransom (45%), and cyber to physical (36%). Attacks have not yet occurred large scale in private homes, but they are well proven on the industrial and nation state level (‘Remote Hackers Caught Poisoning Florida City Water Supply’ SecurityWeek, February 2021), so the possibility exists that hackers could commandeer smart home devices and even use them to cause physical or monetary damage, including ransom. Ben Dickson, founder of Tech Talks, gave the example that hackers could find out when you are away on extended vacation, then hack your smart thermostat to “lock it up with ransomware while you’re away on vacation and send you a notification to tell you that your smart home has been hacked and you either have to pay a ransom or the thermostat gets locked at a high temperature.”

Cybersecurity Confidence & Competence

Awareness of a threat is one thing. Having the ability to effectively defend against it is quite another. Researchers posed a series of questions to assess the technical confidence and competence of respondents in mounting an effective defense against potential attacks to the home network and smart home connected devices. The results show 17% of users are fully confident and competent securing the network and devices themselves. The rest need outside help.

Only 34% had changed default manufacturer passwords on connected devices: the absolute bare minimum cybersecurity requirement. On the other end of the spectrum, current best practice for smart home device security includes setting up a fully segregated wi-fi network for devices, so that there is no way for a hacker to move laterally from a device into the main home wi-fi network to gain access to PCs and sensitive information. Only 17% of respondents reported they had set up a segregated network, likely the same 17% who stated they are completely confident in their abilities. Just 12% understand that traditional antivirus solutions cannot protect connected smart home devices.

When asked what is the best way to secure smart home IoT devices, 38% said devices should be manually checked for updates on a regular basis. While this is technically the correct answer, we know from experience that it simply isn’t practical. Most users will ‘set it and forget it’ and only attempt any kind of update or maintenance once something goes wrong. As the number of smart devices in the home increases over time, this advice will become even less practical.

29% believe that the best solution is automatic protection for all devices via the home router.

12% naively trust the built-in device security and 9% falsely believe a security app can be downloaded to each device.

Telcos are Most Trusted Provider

Clearly, consumer concerns about cybersecurity and technical complexity are serious barriers to adoption of smart home devices. Approximately 17% of customers have no problem setting up and securing devices on their own, but the remaining 83% need some outside assistance to feel fully confident they are safe. This goes for traditional internet connectivity for PCs, tablets and smartphones, as well as newer smart home devices.

So, who should be responsible for ensuring the safety of all internet connected devices in the home? Users gave nuanced responses for whom and how cybersecurity should be provided, but most expect that the devices (router 58%, connected devices 35%) used to access the internet and the connectivity itself (33%) should be safe, and many think the telco/internet provider (33%) and the router (58%) should include cybersecurity protections. This reflects a fundamental consumer attitude that products and services they purchase should be safe to use.

To assess which brands users already know and trust to deliver cybersecurity protection researchers asked, “Which cyber security solutions have you purchased and installed on computers and mobile phones?” As expected, the usual household names were all mentioned in good numbers. What also stood out was that in markets where Allot Secure network-based cybersecurity protection is available via one of the local telco operators, on average 17% chose their internet provider to also provide cybersecurity. This is an impressive testament to how much customers trust their telco to provide cybersecurity, especially if you take into account that there are multiple competing telcos in each market, so only a portion of respondents have the network-based security available from their operator.

Telcos that have taken the step to include cybersecurity in their offering and brand promise are already enjoying success and recognition by consumers as a trusted cybersecurity brand. By adding more security attributes to the network, telcos are able to offer holistic protection to the entire household, easily extending protection to all the numerous connected devices. They are leveraging the CPE already in the home to deliver peace of mind from all cybersecurity concerns associated with traditional internet connectivity and tumbling down one of consumers’ biggest concerns about adopting smart home technology. Thus, they strengthen their brand and expand their foothold within consumer homes.

Willingness to Pay (average)

As price is always market specific, we will look at each region. In Western Europe (Italy, France, and Germany), 75% of respondents are willing to pay their internet provider an additional €5 or more per month. In the UK 57% are willing to pay £5 or more. In Sweden 78% are wiling to pay >50kr, in Poland 62% are willing to pay >25Zl, and in Canada 50% are willing to pay C$5 or more per month.

On the next page, we see the distribution of pay points, and two interesting patterns appear:

Upon visual analysis a clear “twin peaks” pattern occurs that suggests a two-tiered pricing option may be viable.

For example, in Germany, the first peak is at £5 and the second at £10. If we sum the percentages willing to pay at each price point, we see that 37% are willing to pay £5 - £9 per month, while 42% are willing to pay £10 - £15.

Differentiation, Value, Loyalty

As the established, trusted provider of internet connectivity to the home and household, telco providers are perfectly positioned to leverage the developing smart home landscape to deepen their foothold in the customers’ home, expand products and services offered and strengthen customers’ bond with their brand. 53% said they are looking for an internet provider that allows them to secure their family online, at home and on the go. 83% would consider switching to another provider that offered simple-to-manage cybersecurity protection for all users and devices, including IoT/smart home.

Securing the Smart Home

The Smart Home market has reached critical mass and both the number of households and the number of devices per household will continue to increase rapidly. This opens a unique window of opportunity for internet providers to be a central player in their customers’ digital smart home transformation, and by doing so increase brand loyalty and revenues. But this hinges upon providing compelling solutions to customers’ main concerns; price, technical complexity, and cybersecurity. Offering a no-hassle, cost effective cybersecurity protection service that covers the entire household, including smart home devices is the foundational piece for any telco seeking to seize the emerging smart home opportunity to expand customer foothold.

Allot HomeSecure

Increase connectivity revenue by 10-15% by leveraging existing Customer Premise Equipment (CPE) to

deliver security services that protect the smarthome IoT and user devices.

NEEDS & CHALLENGES -  In today’s expanding threat landscape, all your customers’ connected home devices are a target; from PCs, tablets, smartphones and IoT devices, to the actual router that provides connectivity.

And as IoT and connected devices proliferate, home networks become the foundation of the connected home, yet they are increasingly more difficult to manage. Many consumer grade “smart” appliances are vulnerable and the virtual door to attack the home network is wide open.

BENEFITS

Protect your Customers

Protecting the CPE from security vulnerabilities that can compromise the electronic equipment itself.

Increase Revenue

Increase ARPU by leveraging existing CPE, generating incremental security service revenue.

Secure the CPE

Protecting your CPE from attack by providing password strength enforcement, DNS tampering protection, open port.

 

For a printer-friendly version of the report, click here.