Most companies ‘worried about attacks due to unsecured IoT device’

Most companies ‘worried about attacks due to unsecured IoT device’ [Image: mikkelwilliam via iStock]

Companies are “deeply concerned” that the failure to prevent a data breach or cyber attack due to an unsecured IoT device would have “catastrophic consequences”.

This is according to a new report by the Ponemon Institute and the Shared Assessments Program.

The Second Annual Study on the Internet of Things (IoT): A New Era of Third-Party Risk report found that almost all those surveyed (97 per cent) said they believe it is likely that a data breach or cyber attack related to unsecured IoT devices could be catastrophic.

Concerns are timely, with the number of IoT devices in the workplace expected to increase significantly. More than two-fifths (44 per cent) of respondents say their businesses keep an inventory, and that the average number of devices in the workplace is 15,874. This is expected to rise to an average of 24,762 this year.

Respondents also think they will soon suffer related problems. It was found that, in the next 24 months, 81 per cent of respondents said a data breach caused by unsecured IoT devices was likely, while the likelihood of a cyber attack increased to 82 per cent.

In addition, although advancements have been made in third-party risk focused on IoT devices and applications since last year, risk management in this area is still at a comparatively low maturity level.

It was also found that worries about a potential breach or cyber attack have become a reality. Those who reported that their organisation experienced a data breach specifically because of unsecured IoT devices or applications rose from 15 per cent to 21 per cent between 2017 and 2018. Meanwhile, the number of respondents reporting IoT-related cyber attacks increased from 16 per cent to 21 per cent.

Charlie Miller, senior vice president at the Shared Assessments Program, said: “The rapid adoption of IoT devices and applications is not slowing down and organisations need to have a clear understanding of the risks these devices pose, both inside their own and outside their extended networks.”