comment on this article

Benchmarking the cost of security

David Maidment, Director of Secure Device Ecosystem, Arm explores why it’s not important to benchmark the cost of security, but instead to benchmark the cost of not following good security practice, and why it's better to get ahead of the curve before regulation comes into play.

There are often a few motivations for hackers, but most of the time it comes down to two main factors: financial gain and attention.

As the number of connected devices surge, and momentum continues to grow for the Internet of Things (IoT), there is no denying that connected devices are attractive for hackers. In fact, Symantec, detected almost 19 million attacks on its IoT devices in the first quarter of 2020 – which is a 13% rise when compared with the previous year. In order to not become another statistic, it’s clear that device manufacturers need to turn their attention to securing devices right from their inception.

However, there is a reason that IoT device security is historically skipped and it’s not always due to negligence. Among many other concerns such as navigating worldwide regulations, manufacturers are constantly weighing up the cost of creating devices to ensure they have the best return on investment.

When you are selling tens of thousands, or even millions of devices, even the most minor cost can have a huge impact - every cent really does count. Security is complex, and it takes time, resources and expertise to implement. As a result, device manufacturers often skip security as it is seen as an unnecessary overhead in the race to get devices to market.

The real question is what’s greater - the cost of poor security or the savings from a fast time to market? Unfortunately, the cost of security failure is always greater and often immeasurable. A recent report by Accenture, states that over the next five years, companies in the private sector "risk losing an estimated $5.2 trillion in value creation opportunities from the digital economy thanks to cyber security attacks”.

The costs also extend beyond financial damage – hacks ripple through press and media outlets which often leads to a lack of customer trust, brand erosion, failure to meet worldwide regulation, possible threat of litigation from end customers and ultimately; loss of business, the impact of which is impossible to measure.

Thankfully, it’s not all doom and gloom. We know we need to invest in security, but it shouldn’t be viewed as an irrecoverable cost. In a recent panel discussion with my colleagues [SS1] at world-leading manufacturing companies OSRAM, Signify and Sigma Delta, we covered this very topic and were united in the fact that adding security isn’t actually “just a cost”, but rather a competitive advantage. Fabio Vignoli, Head of Product Security, Digital Solutions Division Signify correctly pointed out that: “Security is a cost, however, it’s also an opportunity for a competitive advantage. Security is less costly when you build it in at the beginning, instead of trying to bolt it on later.”

The good news is that there are things you can do to reduce the financial strain of security. Adopting industry best practices and using design frameworks helps to significantly decrease the financial and time burden vs ground-up development. PSA Certified [SS2] is a security framework and certification program, which is mapped to key regional regulations and outlines 10 key security goals [SS3] that all connected devices need to meet a security baseline. The composite structure of this scheme reduces the complexities of security for device manufacturers by allowing them to build on the hard work of silicon providers, many of which have invested heavily in their solutions.

I’d love to see a future where we’re embracing the costs associated with security and turning them into competitive advantages in the market. By prioritizing security, businesses could have the opportunity to position themselves as more reliable – building trust with current and future customers.

A recent study by the Dawes Centre for Future Crime found an overwhelming willingness amongst consumers to pay more for a secure device. In the case of security cameras participants were prepared to pay an additional 40% for a secure product. Adopting security into your company’s cultural DNA has the power to protect your reputation, but also leave a positive legacy for the IoT.

If you’d like to know more about the cost of insecurity, and how you can balance the costs associated with security, check out our interactive whitepaper here[SS4] .





David Maidment, Director of Secure Device Ecosystem, Arm (A PSA Certified Co-Founder)

Comment on this article



This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:

Add your comments


Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

Securing IoT devices

Infineon Technologies has achieved the Arm Platform Security Architecture (PSA) ...

What is EMC testing?

Testing of products under EU guidelines to ensure they don't either pollute the ...

Circuit protection

Circuit protection is designed as an intentional weak link which can combat ...

Under attack

According to Gartner, two thirds of organisations are planning to deploy 5G by ...


The news that Uber has been forbidden by the US state governor of Arizona to ...

Stinging reports

Another week, another report highlighting the industry’s apparent inability to ...

New possibilities

With the recent investment in the business by DBAG congatec is poised for ...

Data privacy concerns

Professor Antonio Capone of the Politecnico di Milano University talks to Neil ...

Ensuring security

Silicon Labs’ CSO, Sharon Hagi, talks to Neil Tyler about security and product ...