The government has put a 10-year price tag of $49.5 million on creating a security labelling scheme for consumer-grade Internet of Things (IoT) devices.
The government’s cyber security strategy, released late last month, promised a “voluntary labelling scheme for consumer-grade smart devices”, co-designed between industry and regulators.
That triggered an investigation by the Office of Impact Analysis (OIA), which this week released its finding that the 10-year regulatory burden of the measure would be $49.5 million – trivial in a market the OIA estimates to be $2.5 billion annually.
The OIA looked at two possible voluntary labelling schemes: a simple star rating, as is used in Singapore; and a label analogous to the “use by” dates applied to food.
The star rating was found to be the option favoured by both consumers surveyed for the study, and by manufacturers.
The analysis estimated the regulatory burden to industry would be $7.8 million in the first year, and $4.6 million a year thereafter, while the cost to government is estimated at around $5 million over four years.
Most of the industry costs would be in obtaining the star rating, which could be as high as $3700 per device; while the cost to government would be in administering the industry body to operate the scheme.
The assessment didn’t explore the costs of the other cyber strategy proposal for consumer devices, that the industry adopts mandatory security standards.