Calls for increased security around the Internet of Things are nothing new. The Z-Wave Alliance tackled the issue back in December with a new security framework requirement for certification, and the U.S. Federal Trade Commission offered a $25,000 bounty for IoT security solutions in January. And in February, AT&T teamed up with IBM, Nokia and a handful of other companies to form the Internet of Things (IoT) Cybersecurity Alliance to address top IoT security challenges. But a new report from consulting firm Altman Vilandrie & Company has highlighted the impact of lacking security on early adopters.
According to the firm, a whopping 48 percent of U.S. companies using an IoT network have been hit by a security breach. And the hacks weren’t benign. The survey, which polled approximately 400 IT executives across 19 industries, also indicated that these breaches exposed the companies to significant financial impacts. The cost of the breaches represented 13.4 percent of the total revenues for companies with revenues under $5 million annually. Nearly half of firms with annual revenues above $2 billon estimated the potential cost of one IoT breach at more than $20 million.
Some of the issue is related to investment in security solutions. Data indicated companies that hadn’t experienced a breach invested 65 percent more on IoT security than those who were hacked. The survey also showed that IT decision-makers often chose IoT security solutions based more on provider reputation and product quality rather than focusing on cost as a primary decision driver (only 43 percent of companies had a standalone budget for IoT security).
But a lack of full attention on the problem of IoT security even in the face of a proliferation of devices is also a main contributing factor.
“While traditional cybersecurity has grabbed the nation’s attention, IoT security has been somewhat under the radar, even for some companies that have a lot to lose through a breach,” Altman Vilandrie & Company Director Stefan Bewley observed. “IoT attacks expose companies to the loss of data and services and can render connected devices dangerous to customers, employees, and the public at large. The potential vulnerabilities for firms of all sizes will continue to grow as more devices become internet dependent.”
