Understanding the IoT & IIoT Security Market

Published on Jul. 29, 2019

Over the past few years, the Internet of Things (IoT) has started creeping into most aspects of consumer and business life; from your smartwatch to your neighbor’s dog collar, anyone and anything with an internet-connected device contributes to the Internet of Things. 

The purpose of connecting physical devices to the Internet varies from one industry to another. For instance, large manufacturers are taking advantage of IoT by embedding sensors in factory equipment to detect potential breakdowns before they occur and avoid costly maintenance. In healthcare, patients can share health data from wearable devices, like a smartwatch, with providers for fast and personalized care. Given these various use cases, it’s not surprising that by 2021, the average American is expected to own around 13 internet-connected devices

Further enabling this trend is the rollout of 5G, which promises much more than faster downloads – the unique combination of high-speed connectivity (1Gbps speeds, up from 1K with 4G), ultra-low latency (under a millisecond in ideal conditions), and ubiquitous coverage will support everything from transportation infrastructure such as connected cars and trucks where even a split second delay can mean the difference between a smooth flow of traffic and an accident to control devices remotely in situations where real-time performance is critical such as manufacturing. 

Why are IoT and IIoT Security Needed? 

Every day the IoT attack surface expands as new devices get connected to the Internet. Research indicates that by 2020 there’ll be 20.4 billion Internet of Things devices, which means 20.4 billion new entry points for adversaries to exploit. However, IoT-based attacks are already a reality – a Gartner survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years. One of the most dangerous IoT attacks was the Mirai botnet attack in 2016, which infected numerous IoT devices that flooded DNS provider Dyn with a DDoS attack and took down Etsy, GitHub, Netflix, Shopify, SoundCloud, and other major websites. In addition to prevention, one of the main issues organizations face is detection – Gemalto recently revealed that a mere 48% of businesses can detect if any of their IoT devices suffers a breach, despite companies having an increased focus on IoT security. 

To protect against those threats, Gartner forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion. Given these conditions, it’s not surprise that many startups have emerged ready to defend IoT and OT systems and devices. 

What Does the Market Look Like? 

The below market map categorizes 49 promising early-stage IoT and IIoT startups based on core area of focus and scope. Categories are not mutually exclusive; Cybeats, for instance, both secures connected devices and offers firmware lifecycle management capabilities.

Startup IOT IIOT PNP market map

Critical Infrastructure

Critical infrastructure refers to systems in manufacturing, energy, chemical and other similar environments that are coming under an increasing number of cyberattacks. According to new figures from Kaspersky Lab's Threat Landscape for Industrial Automation Systems report, almost one in two industrial systems display evidence of attackers attempting malicious activity. Startups in this category including Indegy, Nozomi and Dragos offer solutions that provide operational visibility through network monitoring, threat detection, and risk assessment delivered via asset identification combined with vulnerability information. 

Connected Devices

Startups in this category focus on securing high valued connected devices from cyber-attacks. Typically these solutions offer discovery capabilities to map out device vulnerabilities, detection of malicious activity on devices, and firmware lifecycle management including updates. 


Firmware, the embedded operating software in the hardware of a device, is an often-overlooked component of devices that is highly vulnerable. Most firms allocate little budget to firmware and lack firmware monitoring and remediation processes. Companies such as Exein and ReFirm offer visibility through image scanning or installed agents, detection of known exploits and malware, and anomaly detection via machine learning algorithms.  

If you’d like to connect with any of these companies to learn more, please contact Rohit at rohit@pnptc.com.