Security labels for smart devices: are you willing to pay more for peace of mind?

Users are willing to spend considerable amounts for a smart device that is resistant to potential cyber attacks. Earlier this year, the White House announced plans to introduce optional labels for internet-connected devices, such as smart refrigerators, thermostats and baby cams, that comply with specific cybersecurity standards. These standards highlight features such as automatic security updates and de-identification of user data. These measures aim to address a growing concern: two in five homes globally own a device susceptible to cyber threats.

The advantages for companies participating in the security program

The benefit for technology companies that join this program is clear. A new survey conducted in the United States has revealed a willingness among buyers to pay a premium for devices that ensure privacy and data security before purchasing. However, researchers caution that these voluntary labels may not be sufficient for lasting consumer protection.

“Device companies that don't care about security and privacy may decide not to disclose them at all,” says Pardis Emami-Naeini, assistant professor of computer science at Duke University, in a university press release. "It's not what we want."

Protect your Internet-connected home devices

A typical American household currently has over 20 devices connected to the Internet, each collecting and disseminating data. These devices, ranging from fitness trackers to video door cameras, are admired for their convenience. However, concerns about privacy breaches, such as unauthorized access to children's monitors or smart TVs tracking viewers, are widespread. Attacks on smart devices increased from 639 million to an astonishing 1.5 billion in the first six months of 2021 alone.

The White House likens this program to the introduction of Energy Star labels for energy-efficient appliances, which has been around for three decades. They believe that this program will be a benchmark for home devices on the highest standards of cybersecurity.

Pardis Emami-Naeini's study

Pardis Emami-Naeini, who helped design the cybersecurity label in the United States, conducted a study with 180 American consumers. Participants were asked to choose between two smart devices with different levels of security at discounted prices. The results were convincing. Consumers were willing to pay up to 50% more for devices that provided clear information on security mechanisms.

Emami-Naeini observed a worrying trend. When participants had to choose between a potentially unsafe labeled device and an unlabeled one, they were inclined to pay more for the latter. The absence of a warning led many to assume that such devices were as safe as others on the market. This raises concerns that optional labels could allow manufacturers to omit information unfavorable to sales.

With an expected launch in 2024, this labeling initiative has attracted interest from countries such as Singapore, Finland and Australia. The researchers warn that an optional approach could be exploited by manufacturers. Emami-Naeini has supported the adoption of a mandatory security and privacy label, arguing that it could prevent companies from manipulating consumer perceptions.