Securing the $6 Trillion Future: Why IoT Standards and Regulation Matter

In the age of digital transformation, an ever‑growing number of devices are being connected, unlocking unprecedented levels of service and efficiency across all sectors. As Arm’s director of the secure device ecosystem, David Maidment, notes, this momentum is “breath‑taking.”

While the benefits are undeniable, the expansion of the connected ecosystem also amplifies cyber‑crime threats. Every device that connects to the Internet becomes a potential attack vector, shifting the focus of cyber‑criminals from traditional IT infrastructure to everyday consumer and industrial technology.

$6 Trillion Cyber‑Crime Cost

According to the Cybersecurity Ventures Annual Cyber‑Crime Report, the global damage from cyber‑crime is projected to reach $6 trillion (€5.37 trillion) by 2021—an astronomical figure that reflects only financial loss, not reputational harm or intangible impacts.

Adding to the urgency, Symantec’s 2019 Internet Security Threat Report estimates that IoT devices face an average of 5,400 attacks each month. These statistics underscore why security standards are rapidly evolving in the last year.

With 5G rollout and the projection of a trillion connected devices, governments and industry groups are implementing preventative measures to guard against vulnerabilities. It is now essential that every device is designed with security from the outset and that business processes embed security as a core principle.

Security Laws and Standards

Regulators worldwide have introduced frameworks such as ETSI 303‑645 (Cyber Security for Consumer IoT), California’s SB‑327, and the NISTIR 8259 (Core Cybersecurity Feature Baseline for Securable IoT Devices). These documents provide detailed guidance—from password hygiene to cryptography, audit logging, and other essential security protocols.

Industries that were once largely unregulated are now moving toward self‑regulation, which gradually transforms into enforceable law. Deploying insecure devices can result in forced decommissioning, operational disruption, and loss of revenue streams.

Protecting Your Business

To navigate the evolving regulatory landscape, start with a trusted, scalable framework that works across multiple jurisdictions. A common language of security best practices helps companies implement and audit controls consistently.

Independent schemes such as PSA Certified—endorsed by the U.S. National Institute of Standards and Technology—provide a framework to secure devices and an assurance scheme that verifies proper implementation. PSA Certified maps key standards across regions, giving you a clear checklist whether you’re developing devices or selecting them for your operations.

Adopt a Security Framework

Security is an ongoing commitment, not a one‑time task. By embedding a robust security framework into your organization, you safeguard your finances, protect your brand, and build trust in an IoT‑driven future.

Author: David Maidment, Director, Secure Device Ecosystem, Arm.