Security breaches hit nearly half US firms using IoT
June 8, 2017
Nearly half of US firms using an IoT network have been hit by a recent security breach, which can cost up to 13% of smaller companies’ annual revenues, according to survey data from consulting firm Altman Vilandrie.
From teddy bears to cars to warehouse equipment, anything with an internet connection can be hacked, creating serious financial and legal exposure for companies and safety concerns for workers and consumers.
The survey, which polled approximately 400 IT executives across 19 industries, showed that 48 per cent of firms have experienced at least one IoT security breach. The survey revealed the significant financial exposure of leaky IoT security for companies of all sizes: the cost of the breaches represented 13.4% of the total revenues for companies with revenues under $5m annually and tens of millions of dollars for the largest firms. Nearly half of firms with annual revenues above $2bn estimated the potential cost of one IoT breach at more than $20m.
“While traditional cyber security has grabbed the nation’s attention, IoT security has been somewhat under the radar, even for some companies that have a lot to lose through a breach,” said Altman Vilandrie director Stefan Bewley, who co-directed the survey. “IoT attacks expose companies to the loss of data and services and can render connected devices dangerous to customers, employees and the public at large. The potential vulnerabilities for firms of all sizes will continue to grow as more devices become internet dependent.”
The data indicated that preparedness helps: companies that have not experienced a security incursion have invested 65% more on IoT security than those that have been breached. The survey also showed that IT decision-makers often chose IoT security based more on provider reputation and product quality rather than focusing on cost as a primary decision driver.
“We see it being critical for security providers to build a strong brand and reputation in the IoT security space,” said Altman Vilandrie principal Ryan Dean, who also co-directed the survey. “There are lots of providers developing innovations, but when it comes to purchasing decisions, buyers are looking for a brand and product they trust. Price is a secondary concern that buyers tend to evaluate after they have narrowed their options down to a few strong security solutions.”
More than two-thirds (68%) of respondents think about IoT security as a distinct category, yet only 43% have a standalone budget. Despite the fact that separate business units may have different needs, 74% of firms centralise IoT security decisions for the entire organisation.
After “preventing loss of control over IoT devices”, traditional cyber security concerns such as “preventing breaches of customer information” and “preventing breaches of company data” are ranked as the next most important reasons to adopt IoT security.
The survey was conducted in April 2017 and includes responses from 397 IT decision-makers that have purchased some form of IoT security. Respondents represented 19 industries and companies ranging from start-ups to multinational corporations with billions of dollars in annual revenues. Topics covered in the survey included IoT use cases, IoT security adoption, problems solved by IoT security, exposure to IoT security incidents, demand for specific functionality, spend and budgeting for IoT security, vendor selection criteria, and bundled purchasing behaviour.
Altman Vilandrie is a strategy consulting group that focuses on the telecoms, media, technology and investor sectors. The company’s consultants are experienced in strategy, marketing, finance, M&A, technology, regulatory and operations disciplines. The consultancy is based in Boston, with offices in New York and San Francisco.