Understanding the digital security of products
This report prepared by the OECD Working Party on Security in the Digital Economy (SDE) shows that economic factors play an important role in the relative “insecurity” of smart products. It provides an analytical framework based on smart products value chain and lifecycle and applies it to three case studies: computers and smartphones, consumer Internet of Things (IoT) devices and cloud services. This analysis shows that complex and opaque value chains lead to a misallocation of responsibility for digital security risk management. Further, significant information asymmetries and externalities often limit stakeholders’ ability to behave optimally.