Executive Summary The purpose of this study is to develop timely and informed answers to a series of guiding research questions and subquestions to identify the risks and barriers that are associated with Internet of Things implementations. These types of studies are important today because the Internet of Things is changing the manner in which companies of all sizes and types operate their businesses, and current trends indicate that these implementations are increasing exponentially. The Internet of Things allows conventional computer-based networks to incorporate data collected from everyday objects to provide real-time analyses and new applications for these technologies are being developed every day. Indeed, there are already more mobile devices in use around the world than there are people, and most authorities agree that the Internet of Things deployments will continue to increase well into the foreseeable future. Chapter one of the study provides the rationale in support of this research together with the guiding research questions and subquestions followed by a review of the relevant literature in chapter two. Chapter three provides a detailed description of the study’s qualitative methodology and chapter four presents the results of the data analysis. Finally, chapter fives provide a summary of the research together with answers to the study’s guiding research questions and subquestions.

The Implementation of Internet of Things (IoT): A Case Study of the Barriers that Prevent Implementation of IoT within Small Businesses

Chapter 2: Literature Review

Chapter Introduction

The review of literature will be critical to establishing the current scope of innovation related to the IoT as well as its potential for expansion, especially into use by SMEs. To this end, this chapter describes more fully the study’s guiding Unified Theory of Acceptance and Use of Technology theoretical/conceptual framework followed by an overview of the Internet of Things (IoT) and an analysis of current trends that are having an impact on its proliferation. In addition, an examination of the risks that are associated with the implementation of IoT is followed by an analysis of other barriers that prevent the implementation of IoT by small businesses. Finally, a summary of the research and the key findings that emerged from a synthesis of the relevant literature conclude the chapter.

Theoretical/Conceptual Framework

The theoretical/conceptual framework that will be used in this study was originally developed by Venkatesh, Morris, Davis, and Davis (2003) by integrating a number of disparate elements from previous models to create a more accurate approach to understanding how and why technology-related decisions are made by organizations today. The Venkatesh et al. (2003) theoretical model draws on a number of key elements from eight previous theories or models in order to produce a more robust overview concerning the effects of different motivational factors on the technology-related decision-making process to identify how and why end users actually use different technologies.

The rationale in support of this more comprehensive model included identifying similarities between earlier models that could be applied in novel ways to gain fresh applicable insights that can be applied to similar situations involving the uptake of new technologies. This comprehensive model was termed the Unified Theory of Acceptance and Use of Technology (UTAUT) which was regarded as highly relevant for the purposes of this study as well. As noted in the introductory chapter, the topics selected for the questionnaire described further in chapter 3 below were based upon the UTAUT and were designed to explicate the respective levels of acceptance of technology acceptance and willingness to adopt innovations by stakeholders . Moreover, there is a growing body of research that confirms the effectiveness of the UTAUT model for guiding future research technology acceptance-related analyses (Venkatesh et al., 2003), including the acceptance levels for the adoption of the IoT.

The use of the UTAUT model is also highly appropriate for the purposes of this study because individual acceptance levels of information technology (IT) have been a key focus of many of the studies concerning new technology implementations to date (Venkatesh, Thong & Xu, 2016). Furthermore, the UTAUT draws on a growing body of scholarship that supports the logical notion that in order to enhance acceptance levels of new technologies, individuals must first have the opportunity to gain hands-on experience with them (Venkatesh et al., 2016). In this regard, Venkatesh et al. (2016) emphasize that, “There is also research on technology adoption by groups and organizations that holds the premise that one must first use a technology before one can achieve desired outcomes, such as improvement in employee productivity and task/job performance in organizations” (p. 328).

Four key factors comprise the UTAUT model as follows: (1) performance expectancy, (2) effort expectancy, (3) social influence, and (4) facilitating conditions as well as four moderators (1) age, (2) gender, (3) experience, and (4) voluntariness that can facilitate the analysis of behavioral intention levels to actually use a new technology, generally in organizational contexts (Venkatesh et al., 2016). An analysis of the accuracy of the four key factors of the UTAUT model in predicting new technology acceptance levels by Venkatesh et al. (2016) showed that performance expectancy, effort expectancy, and social influence influenced behavioral intention to use a technology were all predicted accurately. Likewise, various facilitating conditions and behavioral intention influenced actual technology usage (Venkatesh et al., 2016).

In addition, other researchers have also used the UTAUT model to examine the effects of the above-stated four moderators on acceptance of new technology levels and found that the model explained more than three-quarters (77%) of variance levels in respondents’ behavioral intention to use a technology and more than half (52%) of their variance in actual technology usage (Venkatesh et al., 2016). In sum, the UTAUT model provides a useful conceptual framework in which to develop timely and informed answers to the following guiding research questions and subquestions as stated in the introductory chapter:

RQ1. Why do SMEs view implementing and using IoT a risk?

RQ1a. What are the barriers (real or perceived) to implementation of IoT?

RQ2. How are IoT security risks and business risks related?

Under what conditions would SMEs adopt IoT implementation?
RQ3. Why is the IoT applicable and beneficial in an SME context?

RQ3a. What evidence is available to indicate that IoT will benefit SMEs?

Overview of the Internet of Things

The game-changing nature of the Internet is well documented and countless studies have examined the ways in which these technologies have changed how people learn, live, work, recreate and shop (Bok, 2014). Indeed, tens of thousands of new applications are introduced to the marketplace each year, and current signs indicate that these trends will continue well into the foreseeable future (Haghshenas & Richards, 2016). In other words, the Internet is here to stay – at least until the “next big thing” comes along to replace it – and software engineers and IT professionals are hard at work to exploit these technologies even further, including using cloud-based technologies and sensor-equipped devices to collect, aggregate and analyze a wide range of data in real time.

Although there are different IT platforms that are currently being used for these computing purposes, one of the main contenders for many businesses at present is the Internet of Things or IoT. For example, according to An and Wang (2018), “After the Internet and mobile communication network, the Internet of Things has become an important trend in the development of information technology, greatly promoting the reform of the information industry in the world” (p. 2386). The IoT can be conceptualized graphically as depicted in Figure 1 below.

Figure 1. Representative Internet of Things Configuration

Source: Cass, 2019

As can be easily discerned from Figure 1 above, the IoT can be applied to virtually anything with the right type of sensor (An & Wang, 2018), and the quality and extensiveness of the data that is collected in only dependent on the respective processing speeds of the host computer network and the sensors that are used in a given configuration (Davis, 2017). These attributes mean that the IoT can be applied by small businesses in innovative ways to achieve and sustain a competitive advantage, especially in an increasingly globalized marketplace (Schaffhauser, 2018).

Some of the most important features of IoT applications include the fact that conventional mobile devices such as smartphones, various types of personal computers, video systems and other handheld devices as well as objects that have traditionally not been viewed as being amenable can be incorporation into computer-based networks in meaningful ways. As Kaushik (2019) points out, “In the context of internet of things (IoT), the things may be anything like cell phones, iPods, mobile devices, resources, services, education, people, animal, any physical objects etc.” (p. 2).

Moreover, the IoT has made it possible to create and even remotely control so-called “smart buildings” as well as a myriad of other everyday objects with a dizzying array of IoT applications using radio frequency identification (RFID) tags and other sophisticated sensor devices. In this regard, Cubo, Nieto and Pimentel (2014) report that, “The Internet of Things is a technology based on the inter-connection of everyday life objects with each other, applications and database data” (p. 14071). In fact, the combinations of devices that are combined in a given IoT network appear to be infinite, and the utility of these technologies is limited only by the imagination of end users (Tucker & Bulim, 2018).

It is also important to point out that the IoT is not an abstract concept existing only on a software engineer’s drawing board, but is rather transforming the manner in which companies of all sizes and types are managing their information technology resources. As Cubo and his colleagues conclude, “This new Internet has led the evolution of the Ubiquitous Web 2.0, in integrating physical world entities into virtual world things, as some initiatives are already addressing” (p. 14072). Although precise figures are unavailable, it is reasonable to posit that the number of IoT deployments has increased exponentially in line with the proliferation of mobile devices together with powerful sensing devices that can be fitted to virtually any type of consumer product or artifact (Banham, 2016).

Many of the same attributes that make the IoT a valuable resource for businesses of all sizes and types, though, are the same attributes that create security risks for its implementation and administration (Banham, 2016). For example, a study by Celik, Fernandes, Tan and McDaniel (2019) noted that recent innovations in IoT technologies have made it possible to interconnect billions of devices in ways that not only facilitate the aggregation of data but enhance the ability of organizations to respond to changes in consumer preferences and demand. Further, new applications for IoT technologies continue to be developed on a near-daily basis, and most authorities agree that the IoT represents the “next big thing” in information technology for the foreseeable future (Cassidy & Nandaraj, 2019).

Notwithstanding these significant benefits, however, Celik and his associates (2019) also emphasize that, “IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces” (p. 1). Some of the digitally augmented spaces in IoT implementations that are most vulnerable to security risks include those depicted in Figure 2 below.

Figure 2. Smart objects that pose the greatest security risks

Source: Khvoynitskaya, 2019

Certainly, the objects depicted in Figure 2 above are only representative of the vast array of “things” that can be incorporated into IoT networks, but the respective percentages cited for the security risks for these objects do underscore the challenges that are involved in protecting these networks from unauthorized intrusions, including those security risks that are depicted in Figure 3 below.

Figure 3. IoT components vulnerable to hacking

Source: Khvoynitskaya, 2019

In fact, even the U.S. Department of Defense has taken notice of these trends and has stressed the need for additional security measures for potentially vulnerable IoT networks, most especially those that support the nation’s energy…