What Do IoT Security-Savvy Companies Know That Others Don’t?
Guest WriterGuest Writer
The gap between companies that are the most security-savvy about the Internet of Things (IoT) and those that are the most security-challenged is huge, according to a recently released 2018 State of IoT Security Survey. That lack of knowledge of IoT security risks has led to costly security missteps.
Just 32 percent of top-tier companies reported making a security misstep, but every single bottom-tier company had made a few, highlighting how IoT security best practices—including authentication, encryption and integrity—impact business success.
How costly are those security missteps? Among those companies that are the most challenged by IoT security, 25 percent lost at least $34 million over the past two years, in contrast to top-tier companies.
Most of these reported losses came in five expensive areas:
The DigiCert-commissioned survey, which was conducted by ReRez Research in September 2018, involved surveying 700 organizations in five countries: the United States, the United Kingdom, Japan, France and Germany. The represented industries included healthcare, industrial commerce, consumer products and transportation.
These survey results revealed a major divide among companies. Some are doing incredibly well at tackling IoT while others are seriously struggling. Based on this, we divided these enterprises into three categories based on their expertise with IoT security.
Before delving further into the differences between those success stories at the top and those in trouble at the bottom, let’s look at what the study revealed about the extent to which enterprises are prioritizing IoT, and why they’re doing it.
An impressive 83 percent of survey respondents said IoT is somewhat to extremely important to their business, and 92 percent believe that IoT will be somewhat or extremely important by 2020.
[bctt tweet="IoT security missteps are extremely costly, but #IoT is becoming a key driver of business growth. Therefore, effective security measures must be put in place to avoid costly mistakes. || #IoTForAll #cybersecurity #IoTSecurity #DataQuality @kennethholley" username="iotforall"]
Enterprises have four goals in mind when they adopt IoT, according to survey respondents:
While two-thirds of companies are engaged with IoT in some capacity, just a third have implemented IoT strategies across the organization, according to DigiCert’s survey. Security is, and should be, a priority for all companies developing an IoT initiative.
Most companies realize this. Security topped the list of concerns, surpassing concerns about privacy, cost and regulations. An overwhelming 82 percent said they were somewhat to extremely concerned about security challenges.
There’s a big confidence gap between top-tier and bottom-tier companies on how to meet these security challenges. Bottom-tier enterprises were 38 percent more likely than top-tier enterprises to rate a lack of appropriate IoT security-specific skillsets within their organizations as somewhat to extremely challenging.
Other statistics that illustrate this company confidence difference reveal that bottom-tier companies surveyed are:
The popular business maxim is “change or die.” A lack of confidence can lead to inaction. It’s a serious problem because treading water, technologically speaking, does no favors for enterprises striving to innovate.
Lacking the solid IoT security practices of top-tier companies, bottom-tier companies report more security missteps that lead to those costly losses I mentioned earlier. In the survey, we asked companies to consider any IoT security missteps their company has made within the past two years.
The bottom-tier companies pointed to a few particularly troublesome spots. In comparison to top-tier companies, bottom-tier companies are:
As mentioned earlier, such IoT security missteps are extremely costly, with monetary damages, lost productivity, lost reputation, legal/compliance penalties and stock price fluctuations topping the list of negative consequences. In addition, 26 percent of bottom-tier companies had to pay mitigation costs, 21 percent experienced business closures, and 22 percent faced criminal prosecution.
In contrast, none of the top-tier companies had to pay mitigation costs or had business closures as a result of IoT security missteps, and much fewer experienced stock price fluctuations (16 percent), lost productivity (14 percent), monetary damages (5 percent), legal/compliance penalties (4 percent), lost reputation (3 percent) and criminal prosecution (1 percent).
What do these top-tier companies know that bottom-tier companies don't? Several best practices came to light that contribute to these companies’ successes with IoT security.
Here are the five big ones:
IoT is on everyone’s minds—and for good reason. It’s paramount for business growth. The survey indicates the most common security measures practiced by the highly successful enterprises are authentication and identity, encryption, and data integrity. The results present a strong testimony: good security practices have a real impact. These security successes are due to the following practices:
Written by Mike Nelson, Vice President, IoT Security at DigiCert.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Recent Articles