Principles and Recommendations

Author: The European Union Agency for Cybersecurity (ENISA)

The European Union Agency for Cybersecurity (ENISA) published a market analysis of IoT in the distribution grid. The report analyses the IoT cybersecurity market in distribution grids in the European Union. The report highlights the following conclusions:

(1) IoT cybersecurity spending within the distribution grids of the EU-27 is mainly driven by the adoption of electricity ‘smart’ metres. 

(2) From 2025 to 2030, the IoT cybersecurity market related to smart metres is expected to be mainly driven by Operational Expenditures (OPEX) rather than Capital Expenditures (CAPEX). According to this, more resources will be spent on maintaining IoT Cybersecurity than purchasing new cybersecurity hardware or software. 

(3) There are no IoT monopolies, but organisations tend to favour larger IoT vendors, limiting the option for smaller organisations to enter the market. 

(4) There are four main archetypes of suppliers within the IoT cybersecurity market:multi-domain industrial assets vendors, multi-domain IT vendors, specialist IoT vendors, and IoT cybersecurity specialist vendors, and each archetype exhibits different competitive dynamics. 

(5) One of the main trends in the energy industry is the increase in demand for cybersecurity tools and services to improve its IoT cybersecurity capabilities. 

(6) Embedded cybersecurity into IoT infrastructure and IoT management platforms represents one of the trends in the supply-side portfolios. 

The conclusions provided in the report are related to a possible predicted scope. They, therefore, do not cover the entire smart-grid infrastructure or encompass the complete picture of the EU IoT cybersecurity market.