Nearly Half of Organisations Can’t Tell If Their IoT Devices Were Breached, Finds Study


The Internet of Things (IoT) is on the rise. According to Statista, the number of IoT devices are expected to increase from 23.14 billion to 30.73 billion in 2020. By 2025, that number is expected to more than double to 75.44 billion.

Such projected growth highlights the need for organizations to harden their IoT devices. But are companies adequately prepared to meet the challenges of IoT security?

To answer that question, Gemalto surveyed 950 IT and business decision makers globally for its report, The State of IoT Security.

On the one hand, we found that many organizations consider IoT security to be a priority. Nearly a quarter of survey respondents said they think IoT security constitutes a secure foundation for offering new services, for example. That figure was down from 32% a year earlier. At the same time, nearly two-thirds (57 percent) of survey participants said that their organizations had adopted a security by design approach for creating their own IoT devices, while slightly less than that (46%) said they thought that security is the main consideration for their customers when choosing an IoT product or offering.

On the other hand, the international digital security company discovered that many companies are struggling against several challenges to adequately secure their IoT devices. Thirty-eight percent of companies admitted that they struggled to ensure data privacy when trying to secure their IoT products and services, for instance. Approximately a third (34%) of IT and business decision makers said that their employer struggles under the large amounts of data collected by IoT devices, while slightly less than that (31%) revealed that they struggle to balance security with the user experience.

These challenges have subsequently shaped organizations’ IoT security posture. With less than 14% of IoT budgets currently going towards security, it’s no surprise that less than two-thirds (59%) of respondents said their organization encrypts all of the data they capture or store via IoT. It’s also no wonder that companies have a difficult time detecting a security incident with respect to their IoT assets. Indeed, just forty-eight percent of survey respondents said that their organizations could detect when an IoT device had been breached.

Reflecting on the security gaps identified above, many IT and business decision makers do see a way forward for IoT security. A majority of respondents (59%) specifically said it’s “very important” that there be regulations in place regarding IoT security. The same percentage of survey participants said that those regulations should make clear who is responsible for securing data at each stage of its journey as well as identify what methods should be used for data storage. Sixty-percent of individuals also noted that IoT security providers and cloud service providers should be responsible for abiding by IoT security regulations when implemented, with nearly 80% of respondents vocalizing support for government intervention.

Interested in learning more about the state of IoT security? Download Gemalto’s report today.

View the original post from Gemalto.