Abstract
The Internet of Things (IoT) has become part of everyday life and recorded an increasing number of users. However, security concerns have been raised regardless of the many benefits of the technology. Especially for consumers in online shopping, it is difficult to distinguish between more and less safe products. One proposal is to carry a security label to help consumers know which digital products to trust. Prior research only analyzes the impact of such labels from a consumer’s perspective (i.e., the impact of security labeling on online consumer behavior). We currently lack an understanding of a manufacturer’s perspective. Therefore, we conduct a literature review to identify factors influencing the decision to adopt security labels.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, Y., Oh, H., Kang, S.: Proof of concept of home IoT connected vehicles. Sensors 17(6), 1289 (2017). https://doi.org/10.3390/s17061289
Bello, O., Zeadally, S., Badra, M.: Network layer inter-operation of Device-to-Device communication technologies in Internet of Things (IoT). Ad Hoc Netw. 57, 52–62 (2017). https://doi.org/10.1016/j.adhoc.2016.06.010
AlHogail, A.: Improving IoT technology adoption through improving consumer trust. Technologies 6(3), 64 (2018). https://doi.org/10.3390/technologies6030064
Alaa, M., Zaidan, A.A., Zaidan, B.B., Talal, M., Kiah, M.: A review of smart home applications based on Internet of Things. J. Netw. Comput. Appl. 97, 48–65 (2017). https://doi.org/10.1016/j.jnca.2017.08.017
Feng, S., Setoodeh, P., Haykin, S.: Smart home: cognitive interactive people-centric Internet of Things. IEEE Commun. Mag. 55, 34–39 (2017). https://doi.org/10.1109/MCOM.2017.1600682CM
Isyanto, H., Arifin, A.S., Suryanegara, M.: Design and implementation of IoT-based smart home voice commands for disabled people using Google assistant. In: 2020 International Conference on Smart Technology and Applications (ICoSTA), Surabaya, Indonesia, pp. 1–6. https://doi.org/10.1109/ICoSTA48221.2020.1570613925
Park, J.-S., Jang, G.-J., Kim, J.-H., Kim, S.-H.: Acoustic interference cancellation for a voice-driven interface in smart TVs. IEEE Trans. Consum. Electron. 59(1), 244–249 (2013). https://doi.org/10.1109/TCE.2013.6490266
Knips, J., Gries, C.-I. and Wernick, C.: Consumer-IoT in Deutschland. Anwendungsbereiche und möglicher Regelungsbedarf. WIK Diskussionsbeitrag, No. 471 (2020). http://hdl.handle.net/10419/228684
Statista: Digital Market Outlook. Prognose zur Anzahl der Smart Home Haushalte nach Segmenten in Europa für die Jahre 2017 bis 2025 (in Millionen), p. 4 (2021). https://de.statista.com/statistik/studie/id/6638/dokument/smart-home/
Stenkamp, D.: TÜV Consumer IoT Zertifizierung – mehr Sicherheit für smarte Produkte. Pressekonferenz (2021). https://www.tuev-verband.de/?tx_epxelo_file%5Bid%5D=831592&cHash=1d5eb42a2fe855c4182fe148983f8185
Raffman, M.S., Russo, A.H.: Mitigating transactional risk in the Internet of Things. J. Private Equity 21, 65–73 (2018). https://doi.org/10.3905/jpe.2018.21.2.065
businesswire: Strategy Analytics: Global Smart Home Market Roaring Back in 2021 (2022). https://www.businesswire.com/news/home/20210706005692/en/Strategy-Analytics-Global-Smart-Home-Market-Roaring-Back-in-2021
Badran, H.: IoT Security and Consumer Trust. In: Proceedings of the 20th Annual International Conference on Digital Government Research (dg.o 2019), pp. 133–140. Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3325112.3325234
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/mc.2017.201
Khan, W.Z., Aalsalem, M.Y., Khan, M.K.: Communal acts of IoT consumers: a potential threat to security and privacy. IEEE Trans. Consum. Electron. 65(1), 64–72 (2019). https://doi.org/10.1109/TCE.2018.2880338
Maras, M.-H.: Internet of Things: security and privacy implications. Int. Data Privacy Law 5(2), 99–104 (2015). https://doi.org/10.1093/idpl/ipv004
Myeonggeon, L., Kyungmook, L., Jaewoo, S., Seong-je, C., Jongmoo, C.: Security threat on wearable services: empirical study using a commercial smartband. In: 2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia), Seoul, Korea (South), pp. 1–5. https://doi.org/10.1109/ICCE-Asia.2016.7804766
Woods, D.W., Moore, T.: Cyber warranties: market fix or marketing trick? Commun. ACM 63(4), 104–107 (2020). https://doi.org/10.1145/3360310
Yildirim, H., Ali-Eldin, A.M.: A model for predicting user intention to use wearable IoT devices at the workplace. J. King Saud Univ. Comput. Inform. Sci. 31(4), 497–505 (2019). https://doi.org/10.1016/j.jksuci.2018.03.001
Johnson, S.D., Blythe, J.M., Manning, M., Wong, G.T.W.: The impact of IoT security labelling on consumer product choice and willingness to pay. PLoS ONE 15, e0227800 (2020). https://doi.org/10.1371/journal.pone.0227800
Emami-Naeini, P., Dixon, H., Agarwal, Y., Cranor, L.F.: Exploring how privacy and security factor into IoT device purchase behavior. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI 2019). Association for Computing Machinery, New York, NY, USA, vol. 534, pp. 1–12. https://doi.org/10.1145/3290605.3300764
United Nations Conference on Trade and Development (UNCTAD): United Nations Guidelines for Consumer Protection (2016). https://unctad.org/system/files/official-document/ditccplpmisc2016d1_en.pdf
Garg, V.: A lemon by any other label. In: Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), pp. 558–565 (2021). https://doi.org/10.5220/0010295205580565
Bundesamt für Sicherheit in der Informationstechnik (BSI): Bericht zum Digitalen Verbraucherschutz 2021 (2022). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/dvs-bericht_2021.pdf?__blob=publicationFile&v=4
Halderman, J.A.: To strengthen security, change developers’ incentives. IEEE Secur. Priv. 8(2), 79–82 (2010). https://doi.org/10.1109/MSP.2010.85
Serabian, D.: Consumer Protection and Cybersecurity: The Consumer Education Gap (2015). https://digitalscholarship.unlv.edu/brookings_pubs/33/
Jentzsch, N.: Was können Datenschutz-Gütesiegel leisten? Wirtschaftsdienst 92, 413–419 (2012). https://doi.org/10.1007/s10273-012-1397-9
Blythe, J.M., Johnson, S.D.: A systematic review of crime facilitated by the consumer Internet of Things. Secur. J. 34, 97–125 (2021). https://doi.org/10.1057/s41284-019-00211-8
Dold, M., Krieger, T.: Cyber-security aus ordnungspolitischer Sicht: Verfügungsrechte. Wettbewerb und Nudges. Wirtschaftsdienst 97, 559–565 (2017). https://doi.org/10.1007/s10273-017-2176-4
Enste, D., Ewers, M., Heldman, C. and Schneider, R.: Verbraucherschutz und Verhaltensökonomik. Zur Psychologie von Vertrauen und Kontrolle. IW-Analysen, No. 106 (2016). http://hdl.handle.net/10419/157153
Spindler, G.: Behavioral economics und Verbraucherschutz sowie Sicherheitsrecht in der IT-Welt. Wirtschaftsdienst 100, 97–99 (2020). https://doi.org/10.1007/s10273-020-2576-8
Kenning, P., Wobker, I.: Ist der “mündige Verbraucher” eine Fiktion? Zeitschrift für Wirtschafts- und Unternehmensethik 14(2), 282–300 (2013). https://doi.org/10.5771/1439-880X-2013-2-282
Micklitz, H.-W., Oehler, A., Piorkowsky, M.-B., Reisch, L., Strünck, C.: Der vertrauende, der verletzliche oder der verantwortungsvolle Verbraucher? Stellungnahme des Wissenschaftlichen Beirats Verbraucher- und Ernährungspolitik beim BMELV (2010). https://www.vzbv.de/sites/default/files/downloads/Strategie_verbraucherpolitik_Wiss_BeiratBMELV_2010.pdf
Reisch, L., Büchel, D., Joost, G., Zander-Hayrat, H.: Sachverständigenrat für Verbraucherfragen: Digitale Welt und Handel. Verbraucher im personalisierten Online-Handel, Berlin (2016)
Simon, H.A.: Rationality in psychology and economics. J. Bus. 59(2), 209–224 (1986)
Levine, J., Chan, K.M., Satterfield, T.: From rational actor to efficient complexity manager: exorcising the ghost of Homo economicus with a unified synthesis of cognition research. Ecol. Econ. 114, 22–32 (2015). https://doi.org/10.1016/j.ecolecon.2015.03.010
Simon, H.A.: A behavioral model of rational choice. Q. J. Econ. 69(1), 99 (1955). https://doi.org/10.2307/1884852
Simon, H.A.: Bounded Rationality. In: Eatwell, J., Milgate, M., Newman, P. (eds.) Utility and Probability, pp. 15–18. Palgrave Macmillan UK, London (1990). https://doi.org/10.1007/978-1-349-20568-4_5
Gao, J., Zhang, C., Wang, K., Ba, S.: Understanding online purchase decision making: the effects of unconscious thought, information quality, and information quantity. Decis. Support. Syst. 53(4), 772–781 (2012). https://doi.org/10.1016/j.dss.2012.05.011
Murray, K.B.: A test of services marketing theory: consumer information acquisition activities. J. Mark. 55(1), 10–25 (1991). https://doi.org/10.1177/002224299105500102
Rubik, F., Weskamp, C.: Verbraucherschutz durch Produktkennzeichnung. Gutachten im Auftrag des Bundesministeriums für Wirtschaft (Forschungsauftrag Nr. 24/94) (1996). https://www.ioew.de/fileadmin/_migrated/tx_ukioewdb/IOEW_SR_098_Verbraucherschutz_durch_ProduktkennzeichnungTeil1.pdf
Akerlof, G.A.: The Market for “Lemons”. quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970). https://doi.org/10.2307/1879431
Jahn, G., Schramm, M., Spiller, A.: The reliability of certification: quality labels as a consumer policy tool. J. Consum. Policy 28, 53–73 (2005). https://doi.org/10.1007/s10603-004-7298-6
OECD: Key Issues for Digital Transformation in the G20. Report prepared for a joint G20 German Presidency/OECD conference. OECD Publishing, Paris (2017). https://www.oecd.org/G20/key-issues-for-digital-transformation-in-the-G20.pdf
Thorun, C., Diels, J.: Consumer protection technologies: an investigation into the potentials of new digital technologies for consumer policy. J. Consum. Policy 43, 177–191 (2020). https://doi.org/10.1007/s10603-019-09411-6
Organisation for Economic Co-operation and Development (OECD): Consumer Policy Toolkit, vol. (2010). https://doi.org/10.1787/9789264079663-en
Spence, M.: Job market signaling. Q. J. Econ. 87(3), 355–374 (1973). https://doi.org/10.2307/1882010
Stiglitz, J.E.: The theory of “screening,” education, and the distribution of income. Am. Econ. Rev. 65(3), 283–300 (1975)
Sander, M., Heim, N., Kohnle, Y.: Label-Awareness. Wie genau schaut der Konsument hin? Eine Analyse des Label-Bewusstseins von Verbrauchern unter besonderer Berücksichtigung des Lebensmittelbereichs. Berichte über Landwirtschaft - Zeitschrift für Agrarpolitik und Landwirtschaft 94(2), 1–20 (2016). https://doi.org/10.12767/buel.v94i2.120
Pollrich, M., Wagner, L.: Gütesiegel. Zu detaillierte Angaben können die Funktionsfähigkeit der Zertifikate schmälern. DIW Wochenbericht 80, 15–18 (2013)
Blythe, J., Johnson, S.D.: Rapid evidence assessment on labelling schemes and implications for consumer IoT security. PETRAS IoT Hub, pp. 1–19 (2018). https://www.gov.uk/government/publications/rapid-evidence-assessment-on-labelling-schemes-for-iot-security
Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A ‘nutrition label’ for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS 2009), vol. 4, pp. 1–12. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1572532.1572538
Morgner, P., Mai, C., Koschate-Fischer, N., Freiling, F., Benenson, Z.: Security update labels: establishing economic incentives for security patching of IoT consumer products. In: 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 429–446 (2020). https://doi.org/10.1109/sp40000.2020.00021
Emami-Naeini, P., Agarwal, Y., Cranor, L., Hibshi, H.: Ask the experts. What should be on an IoT privacy and security label?. In: IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA,, pp. 447–464 (2020). https://doi.org/10.1109/sp40000.2020.00043
Wertenbroch, K., Skiera, B.: Measuring consumers’ willingness to pay at the point of purchase. J. Mark. Res. 39(2), 228–241 (2002). https://doi.org/10.1509/jmkr.39.2.228.19086
Kalish, S., Nelson, P.: A comparison of ranking, rating and reservation price measurement in conjoint analysis. Mark. Lett. 2, 327–335 (1991). https://doi.org/10.1007/BF00664219
Simonson, I., Drolet, A.: Anchoring effects on consumers’ willingness-to-pay and willingness-to-accept. SSRN Electron. J (2003). Stanford GSB Working Paper No. 1787. https://doi.org/10.2139/ssrn.383341
Miller, K.M., Hofstetter, R., Krohmer, H., Zhang, Z.J.: How should consumers’ willingness to pay be measured? An empirical comparison of state-of-the-art approaches. J. Mark. Res. 58(1), 172–184 (2011). https://doi.org/10.1509/jmkr.48.1.172
Fettke, P.: State-of-the-Art des State-of-the-Art. Eine Untersuchung der Forschungsmethode „Review“ innerhalb der Wirtschaftsinformatik. WIRTSCHAFTSINFORMATIK 48, 257–266 (2006). https://doi.org/10.1007/s11576-006-0057-3
vom Brocke, J., Simons, A., Riemer, K., Niehaves, B., Plattfaut, R., Cleven, A.: Standing on the shoulders of giants: challenges and recommendations of literature search in information systems research. Commun. Assoc. Inform. Syst. 37, 206–220 (2015). https://doi.org/10.17705/1CAIS.03709
Webster, J., Watson, R.T.: Analyzing the past to prepare for the future. Writing a literature review. MIS Q. 26(2), xiii–xxiii (2002)
Tornatzky, L.G., Fleischer, M.: The Processes of Technological Innovation. Lexington Books, Lexington (1990)
Doolin, B., Ali, E.A.H.: Adoption of mobile technology in the supply chain: an exploratory cross-case analysis. In: Electronic Business: Concepts, Methodologies, Tools, and Applications. IGI Global, pp. 1121–1136 (2008). https://doi.org/10.4018/9781605660561.ch070
Angeles, R.: Using the technology-organization-environment framework and Zuboff’S concepts for understanding environmental sustainability and RFID: two case studies. Int. J. Econ. Manage. Eng. 7, 2878–2887 (2013). https://doi.org/10.5281/zenodo.1088850
Schütz, F., Spierau, B., Rampold, F., Nickerson, R., Trang, S.: Chasing cyber security unicorns: a taxonomy-based analysis of cyber security start-ups’ business models. In: ECIS 2023 Research Papers, Kristiansand, Norway, vol. 262, pp. 1–19 (2023)
McGregor, R., Reaiche, C., Boyle, S., Corral de Zubielqui, G.: Cyberspace and personal cyber insurance: a systematic review. J. Comput. Inform. Syst. 64(1), 157–171 (2023). https://doi.org/10.1080/08874417.2023.2185551
Schütz, F., Rampold, F., Kalisch, A., Masuch, K.: Consumer cyber insurance as risk transfer: a coverage analysis. Procedia Comput. Sci. 219, 521–528 (2023). https://doi.org/10.1016/j.procs.2023.01.320
Lansing, J., Benlian, A., Sunyaev, A.: Unblackboxing’ decision makers’ interpretations of IS certifications in the context of cloud service certifications. J. Assoc. Inf. Syst. 19(11), 1064–1096 (2018). https://doi.org/10.17705/1jais.00520
Lins, S., Kromat, T., Löbbers, J., Benlian, A., Sunyaev, A.: Why don’t you join in? A typology of information system certification adopters. Decis. Sci. 53, 452–485 (2020). https://doi.org/10.1111/deci.12488
Volkamer, M., Hauff, H.: Zum Nutzen hoher Zertifizierungsstufen nach den Common Criteria (II). Datenschutz und Datensicherheit 31, 766–768 (2007). https://doi.org/10.1007/s11623-007-0250-6
Lins, S., Sunyaev, A.: Unblackboxing IT certifications: a theoretical model explaining IT certification effectiveness. In: ICIS 2017 Proceedings, Seoul, Korea (South), vol. 26, pp. 1–13 (2017)
Gadatsch, A., Klein, H., Münchhausen, M.: Zertifizierte IT-Sicherheit für Cloud Services. Wirtschaftsinformatik Management 6, 88–97 (2014). https://doi.org/10.1365/s35764-014-0388-6
Konrad, W. , Scheer, D.: Grenzen und Möglichkeiten der Verbraucherinformation durch Produktkennzeichnung. In: BfR-Wissenschaft, 05/2020, pp. 1–220 (2010). http://www.bfr.bund.de/cm/238/grenzen_und_moeglichkeiten_der_verbraucherinformation_durch_produktkennzeichnung.pdf
Schumacher, A.: Akkreditierung und Zertifizierung von De-Mail-Diensteanbietern. Datenschutz und Datensicherheit 34, 302–307 (2010). https://doi.org/10.1007/s11623-010-0092-5
Blomer, J., et al.: Software Zertifizierung. In: Interner Bericht 2008-4, pp. 1–221. https://doi.org/10.5445/IR/1000008070
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Factors | Definition | References |
---|---|---|
Increase consumer trust | Allows for a reconsideration of belief formation related to the trustworthiness of a manufacturer and its products | |
Increase transparency | Enable the seeking of hidden information about the manufacturer’s quality and its devices or services to their customers | |
Purchase behaviour | Persuades consumers to buy from them because the label shows that they are audited by a third party and are therefore trustworthy | |
Ensure legal conformity | Comply with the legal and regulatory requirements of its devices or services | |
Increase IT security | IT security standards can be assessed and improved | |
Use as a marketing tool | Exploit the popularity and credibility of the labels to improve their public image | |
Achieve competitive advantage | Allow them to differentiate themselves from their competitors to create strategic value or necessary to retain their reputation in the market | |
Internal Improvements | During the audit process, a manufacturer may learn from the practices specified in a label, which could trigger internal improvements | |
Increase privacy | The manufacturer complies with applicable data protection laws | |
Increase consumer satisfaction | The purchasing behaviour of consumers is based on their personal needs and desires | [69] |
Already certified | Some companies do not seek additional labels because they are already “certified” and therefore see no benefit in adding additional labels to their devices or services | |
Lack of experience and knowledge | Lack of experience and knowledge to obtain labels for devices and services | |
Strong brand | If a company already has a “strong brand” and a good reputation in the market (e.g., Amazon), labels are not necessary as marketing tools | |
No suitable label | No suitable label, only confirmation of the minimum standards | |
Limited management commitment | Due to insufficient training and support or the lack of willingness of staff and management to implement labels | |
Fear of failure | Some companies do not even try to introduce labels because they fear that they will not be able to comply with the requirements | |
Side effects | For some labels, consumer ratings are linked to the label (e.g., Trusted Shop), so the companies fear negative consumer reactions could neutralise the effect of the label | |
Costs | Direct costs are specifically related to the actual process and the costs it causes. The direct costs are related to the expenditures incurred | |
Expenditures | Indirect costs arise due to necessary changes in the product or the development process | |
Non-perceiving benefits | Usage of limited resources (e.g., financial, human resources) for other opportunities that are more capable ways to increase sales | |
Certification’s lack of credibility | Lack of credibility resulting from poor reputation of the independent institution or the low level of awareness of these institutions among consumers |
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pfannenberg, L., Schütz, F., Gronemann, S., Spils ad Wilken, E., Masuch, K., Trang, S. (2024). Understanding the Corporate Use of IT Security Labels for IoT Products and Services: A Literature Review. In: Kathuria, A., Karhade, P.P., Zhao, K., Chaturvedi, D. (eds) Digital Transformation in the Viral Age. WeB 2022. Lecture Notes in Business Information Processing, vol 508. Springer, Cham. https://doi.org/10.1007/978-3-031-60003-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-60003-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60002-9
Online ISBN: 978-3-031-60003-6
eBook Packages: Computer ScienceComputer Science (R0)