Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach, which can cost up to 13% of smaller companies’ annual revenues, according to a survey from strategy consulting firm Altman Vilandrie & Company.
Anything with an internet connection can be hacked, creating serious financial and legal exposure for companies and safety concerns for workers and consumers.
The survey, which polled approximately 400 IT executives across 19 industries, showed that 48% of firms have experienced at least one IoT security breach. The survey revealed the significant financial exposure of leaky IoT security for companies of all sizes: the cost of the breaches represented 13.4% of the total revenues for companies with revenues under $5 million annually and tens of millions of dollars for the largest firms. Nearly half of firms with annual revenues above $2 billion estimated the potential cost of one IoT breach at more than $20 million.
“While traditional cybersecurity has grabbed the nation’s attention, IoT security has been somewhat under the radar, even for some companies that have a lot to lose through a breach,” said Altman Vilandrie & Company Director Stefan Bewley, who co-directed the survey. “IoT attacks expose companies to the loss of data and services and can render connected devices dangerous to customers, employees and the public at large. The potential vulnerabilities for firms of all sizes will continue to grow as more devices become Internet dependent.”
The data indicated that preparedness helps: companies that have not experienced a security incursion have invested 65% more on IoT security than those who have been breached. The survey also showed that IT decision-makers often chose IoT security solutions based more on provider reputation and product quality rather than focusing on cost as a primary decision driver.
“We see it being critical for security providers to build a strong brand and reputation in the IoT security space. There are lots of providers developing innovative solutions, but when it comes to purchasing decisions, buyers are looking for a brand and product they trust,” said Altman Vilandrie & Company Principal Ryan Dean, who co-directed the survey. “Price is a secondary concern that buyers tend to evaluate after they have narrowed their options down to a few strong security solutions.”
Other key findings of the survey include:
- 68% of respondents think about IoT security as a distinct category, yet only 43% have a standalone budget.
- Despite the fact that separate business units may have different needs, 74% of firms centralize IoT security decisions for the entire organization.
- After “preventing loss of control over IoT devices,” traditional cybersecurity concerns such as “preventing breaches of customer information” and “preventing breaches of company data” are ranked as the next most important reasons to adopt IoT security.