IoT Cybersecurity Regulations Kick in With the Start of 2020

The News: As of January 1, 2020 both California and Oregon’s IoT cybersecurity laws (SB 327 and HB 2395 respectively) covering “smart” devices went into effect. These laws state that any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features. As IoT cybersecurity regulations begin on the local (state) level, federal regulation is looming. Depending on the IoT vendor’s point of view, regulatory change will either help or hinder innovation. Either way, such changes are already taking place and participants in IoT ecosystems should be prepared as it adds a layer of compliance into their operations. Firedome published a good overview on these new laws here if you’d like a deeper dive.

IoT Cybersecurity Regulations Kick in With the Start of 2020

Analyst Take: IoT cybersecurity regulations are kicking in as we move into 2020. That’s significant for device, automotive and sensor manufacturers, network, software and platform providers—all players in the Internet of Things (IoT) ecosystem who anticipate industry growth into the tens of billions as we launch into the 2020s. With IoT comes the promise of connected homes and cars, as well as smart cities, smart health, and more. However, as the number of things connected to the internet grows exponentially, so do the risks of cyber-attacks. Due to these risks, regulators are now stepping in.

What IoT Cybersecurity Regulation Means for the IoT Community

The main reasons for security breaches in IoT are due to vulnerabilities in hardware and software, like default admin passwords or less secure peer-to-peer (P2P) internet connections. A prime example is the disruptive Mirai botnet strain, which used hundreds of thousands of IoT devices (like DVRs and IP cameras) to launch widespread malware in October of 2016. Since then, there have been examples of very public and global IoT security breaches that occurred through devices such as smart watches, toys, and dated medical equipment in hospitals.

As a result, whether IoT vendors agree or not, IoT security legislation has either been passed or is currently in deliberation. How it impacts the IoT community and the technology that surrounds it is that it now means vigilance will be required in tracking new regulation to make sure that you and the partners in your ecosystem are compliant.

What’s Happening with IoT Cybersecurity Regulations on the Global Level?

In addition to laws in California and Oregon, on the federal level in the U.S., the Internet of Things Cybersecurity Improvement Act is a bipartisan effort that is still in deliberation and differs from local legislation in that it requires recommendations from the National Institute of Standards and Technology. Meanwhile globally, the UK and Japan are tackling IoT cybersecurity through regulations of their own, with Japan being more proactive with full-launch investigations to find IoT security breaches.

Critics of current and proposed IoT security regulations claim it is too vague, creates more cost, and stymies innovation. Proponents say it is a starting point, will foster standards amongst the tech industry, and is better than having IoT ecosystems open to an attack at any time over any network or device. At this point, it’s inevitable—IoT cybersecurity regulations are gaining momentum and as it evolves, IoT players will have to stay vigilant in tracking new laws.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other insights from the Futurum team:

IoT Cybersecurity Improvement Act Calls for Deployment Standards

Massive GDPR Fines Mean Investors, Board Members Rethink Cybersecurity

The Race for Data and the Cybersecurity Challenges This Creates

Image Credit: CSO

Author Information

Sarah most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.

Related Insights
CMMC Pause Signals Compliance Risks for Defense Contractors
July 17, 2026

CMMC Pause Signals Compliance Risks for Defense Contractors

The DoD's CMMC Phase 2 pause has not suspended core federal data protection obligations for Defense Industrial Base contractors. Magna5 urges DIB firms to use this window to close NIST...
Why Ignoring Security in AI Deployments Could Cost You More Than You Think
July 16, 2026

Why Ignoring Security in AI Deployments Could Cost You More Than You Think

Organizations deploying AI without robust security risk data breaches, regulatory failure, and reputational damage—Concentrix shows why integrating security from the start costs less than treating it as an afterthought....
Is F5's New Fleet Management the Key to Cyber Resilience in the AI Era?
July 16, 2026

Is F5’s New Fleet Management the Key to Cyber Resilience in the AI Era?

F5 launched F5 Insight for ADSP v1.2 with advanced fleet management workflows designed to streamline BIG-IP patching and software updates, directly addressing the compression of vulnerability response timelines in the...
FOXTRON's Adoption of Dimensity AX C-X1 Validates MediaTek's Automotive Ambitions
July 13, 2026

FOXTRON’s Adoption of Dimensity AX C-X1 Validates MediaTek’s Automotive Ambitions

Olivier Blanchard, Research Director at The Futurum Group, examines how FOXTRON's adoption of MediaTek's Dimensity AX C-X1 platform moves AI-defined vehicle ambitions from platform development into commercial automotive deployment....
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?
July 10, 2026

Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?

Exprivia announced partnership with ABI's WeSec summit as Main Partner, aligning with surging demand for cybersecurity and AI solutions across Italian banking. The move positions the company to capitalize on...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.