**5. Discussion**

The discussion of results centers on revealing the interpretive flexibility and closure of meaning that characterizes smart home devices. When technology is interpretively flexible, it means that the "interaction of technology and organizations is a function of the different actors and socio-historical contexts implicated in its development and use" [43].

In terms of awareness, business respondents tended to provide definitions of IoT in terms of its structural properties, that is, connectedness. NGO respondents, instead, defined the IoT more in terms of its function and the problems the IoT can solve. In this view, the IoT's identity is intrinsically connected to its pragmatic aspect, that is, its role in a context or "situatedness." This might explain why the wider UK population awareness is greater for the expression "smart home" (90% of people are aware of "smart home") than for the expression IoT (47% of people are aware of "IoT") [3], since "smart home" indicates a recognizable context for use of these devices.

Business respondents are uncertain about the public awareness of IoT. This finding was also reflected in [3]. A deeper awareness of IoT examples and functions may be crucial. Zeng and Roesner [55] point out in fact some of the limitations of current smart home devices design, for example, in regard with the management of multiple users and sometimes lacking basic access control. Hence, promoting awareness of functionalities of this kind may also stimulate adoption in the home, and different players in the industry may need to act in concert to stimulate this functional awareness.

The lack of awareness is also related to the need to have specific technical knowledge and skillsets to be able to grasp both the connectedness and functionality of IoT. This requirement for a technical mindset and expertise could place adopting the IoT beyond the reach of the layperson, particularly those who are less well-educated since usually, it is the "more highly educated individuals who tend to adopt innovations sooner" [56]. Also, [3] survey showed how those with high and medium levels of education were early adopters of smart home devices, though those with less education were catching up.

Business and NGO respondents feel privacy and security issues are not sufficiently part of IoT awareness for the wider public, which is consistent with the finding that 59% of the wider population are not aware of media reports of security incidents involving smart home devices [57].

Previous research [58] showed that the smart home industry is insufficiently emphasizing measures to build consumer confidence in data security and privacy. The industry respondents we recruited, felt they possessed the skillset to judge the security-preserving capacity of smart home devices, but were unsure about the public possessing adequate skillsets. This suggests there is a perceived need to educate the population in regard to security issues pertaining to IoT. This is consistent with the survey finding that consumers' security concerns are likely to impact negatively on IoT adoption. In regard to privacy, both business and NGO respondents raised privacy issues as an industry-wide IoT concern. Hence, privacy as an obstacle to the adoption of the smart home emerges as a stable and established meaning of the smart home. The specific issues respondents raised concern data collection being always on, the uncertainty of data use, illegal malicious data use, and legal but harmful data use. Particular emphasis was placed on the importance of trusting smart home systems' integrity—the belief that the entity is honest and will fulfill its promise to the client [59]—for successful smart home adoption; this view reflects the finding that public trust in companies *not* using data produced by smart home devices without consumers' explicit consent, was fairly low [3]. Significantly, the issue of the influence of friends and experts may have on Privacy Decision Making (e.g., allowing or denying data collection) was not mentioned by any of the participants but this was shown to be an important factor for IoT adoption [60].

One respondent outlined what was perceived to be the neutral position of the public in regard to the likelihood of privacy breach, which was also reflected in our survey [3]. However, in our survey, the public's neutrality changed when the emphasis was placed on understanding the impact or consequences of a privacy breach. Again, this emerging feeling was consistent with our survey finding that the UK public tends to agree that the impact of privacy-related incidents is high [3].

Actions in the form of responses to privacy challenges revolved mainly around taking responsibility for mitigating privacy-related risks. This is key because it has been shown that even when users do indeed trust device manufacturers to protect their privacy, they do not verify that these protections are in place [61]. For business respondents taking responsibility to address privacy-related risks involved taking direct action and experimenting with the technology in order to find new ways to protect privacy. Business respondents felt that a big part of the responsibility toward guaranteeing data integrity was with big service providers. On the other hand, NGO respondents responded to privacy challenges by emphasizing standards, applying pressure to improve industry practices toward data use, and persuading consumers that their data is properly curated and looked after. They also called for collaboration with external, noncommercial, and nongovernmental players, such as academic institutions and researchers. Synergy among industry or industry-relevant stakeholders emerges in this view as the key mechanism toward responding to the privacy challenges of the smart home. When it came to security, both NGO and business respondents associated security issues with the public's lack of awareness of security and uncertainty over making security judgments about a device, which is consistent with the survey finding that people seem to be more concerned about the likelihood of a security incident rather than its impact [3] (unlike for privacy, where it is the other way round), suggesting that there is an education gap in regard to the practical consequences of security breaches.

NGO and business respondents alike thought that security risks were exacerbated by problems at the level of regulation. Specifically, NGO respondents felt that the issue is with a fragmented security-regulation effort, with security being too thinly spread as an issue across government, which is therefore unable to provide a solid answer to this challenge. Steps have been made toward providing a unified approach, with the UK government producing the Code of Practice for Consumer Internet

### *How Is the Internet of Things Industry Responding to the Cybersecurity Challenges of the Smart… DOI: http://dx.doi.org/10.5772/intechopen.106012*

of Things Security [9]. However, this effort may not be sufficient to unify security improvement practice in the sector. Brass et al. [62] point to the proliferation of non-governmental *de facto* standards for smart home cybersecurity produced by businesses, trade associations, and interest groups, as well as NGOs themselves. For businesses, the issue with regulation is felt through a lack of enforcement.

Addressing a specific security concern, one NGO respondent felt that liability may be exacerbated through the public-wide lack of awareness of security issues of smart home devices. Businesses felt that a key security issue is the lack of a marketing incentive for smart home cybersecurity, a feeling that reflects a wider trend with cybersecurity in the private sector in general. Gordon et al. [63] underline how, in general, firms invest in cybersecurity activities at a level below what would be optimal. The issue is particularly significant in regard to small to medium enterprises (SMEs), which are deemed to be potentially the ones most at risk [64], as they often neglect cybercrime prevention [65] and do not possess adequate knowledge in cyber security [66].

In terms of actions, we found NGOs to be leading with the range of responses to the security challenges posed by smart home devices, as they primarily aim to make security a default positioning of devices. They stressed the key role of government in changing the *discourse* around smart home security. The choice of the socio-philosophical term "discourse" refers to the fact that it is both ideas and actions [67] around security that should be promoted and performed, a task for which the government is held to be both capable and responsible for. This perception underlines how it is important that the consumer does not feel he or she is solely responsible for smart home security. However, this feeling contrasts with the attitudes of the public, who ranked the service provider (e.g., Google, Amazon, and Apple) as the main actor responsible for the security of smart home devices, followed by the consumer and the manufacturer, with the government ranking fifth only [57]. This misalignment of perception across NGO experts and consumers may represent an opportunity for intervention for a number of players in the smart home ecosystem. Finally, the global marketplace for smart home devices reminds us that responsibility toward ensuring the security of smart home devices requires an international effort.
