Connected consumer devices – such as smart TVs, smart thermostats and connected appliances – are becoming increasingly common. Yet the cybersecurity measures on these devices are often lacking: many such devices contain serious vulnerabilities that leave them open to attack. This imposes costs not only on the owners of such devices, but upon third parties and other users of the Internet.

While there are a number of technical reasons behind weak device security, the root cause lies in economic factors. These factors include asymmetric information, misaligned incentives, externalities, and behavioural biases.

These factors mean that manufacturers and consumers are likely to under-invest in effective cybersecurity measures. And until these underlying economic factors are addressed, poorly-secured devices will continue to be produced, sold and bought.

Drawing upon a recent Plum report for the Internet Society, this Insight explores these economic factors and proposes potential actions to help address them. These actions should help improve both device security and the security of the wider Internet.