Study on third party IoT risk: companies don’t know what they don’t know

Published: Wednesday, 08 May 2019 07:28

The Santa Fe Group has published the results of the Third Annual Ponemon Institute’s study on Third Party Risk for the Internet of Things (IoT). Ponemon reports an increase in IoT-related data breaches specifically due to an unsecured IoT device or application. These have increased from 15 percent to 26 percent since 2017, and the results might actually be greater because most organizations are not aware of every unsecure IoT device or application in their environment or from third party vendors.

More alarmingly, organizations surveyed have no centralized accountability to address or manage IoT risks. Less than half of company board members approve programs intended to reduce third party risk and only 21 percent of board members are highly engaged in security practices and understand third party and cyber security risks in general. More than 80 percent of respondents believe their data will be breached in the next 24 months.

“This study proves it’s no longer a matter of if but when and board members of organizations need to pay close attention to the issue of risk when it comes to securing a new generation of IoT devices that have found their way into your network, workplace and supply chain,” said Cathy Allen, founder and CEO of The Santa Fe Group, Santa Fe, NM. “The study shows that there’s a gap between proactive and reactive risk management. The time to address this issue is now and not later.”

The study shows that improvements are critically needed in the following areas:

A complete copy of the study can be downloaded here.