The report, “Digital Trust in a Connected World: Navigating the State of IoT Security,” highlights the concerns and challenges modern organizations face when it comes to building digital trust in today’s connected world.
The report shows that almost all companies (97%) are struggling to secure their IoT and connected products to some degree. The survey also found that 98% of companies experienced certificate outages in the past 12 months, costing an average of over $2,25 million.
Protection for IoT devices and connected devices
“Organizations around the world are under increasing pressure to protect their IoT devices and connected devices and navigate an increasingly complex digital landscape that requires absolute trust,” says Ellen Boehm of Keyfactor. “The results of this survey demonstrate the importance of identity-based security for those who manufacture IoT devices and those who deploy and operate them in their environment to build digital trust at scale. Most companies are implementing PKI solutions into their IoT security strategy, which is a big step in the right direction. However, it turns out that 97% of companies face IoT security issues and security teams struggle to use their tools efficiently. Ensuring that the security of IoT devices is managed throughout their lifecycle can both avoid costly certificate failures and improve the long-term viability of IoT in the enterprise.”
The costly outages companies faced last year are not the only costs incurred by inefficient IoT security. The report shows that 89% of surveyed companies operating and using IoT and connected products were affected by cyberattacks with an average cost of $250.000. Additionally, 69% of companies have seen an increase in cyberattacks on their IoT devices over the past three years. The attack on Amazon's Ring in March, which leaked sensitive customer data such as recorded footage and credit card numbers, is an example of the rise in IoT attacks.
Findings from the report
- Increasing penetration of IoT devices and connected products in companies: Over the last three years, the number of IoT devices and connected products in companies has increased by an average of 20%, according to respondents.
- IT professionals do not have complete trust in the security of their IoT and connected devices: Most organizations (88%) believe the security of the IoT and connected products used in their organization needs to improve, with more than a third of respondents saying significant improvements are needed and 60% that some improvements are needed. When it comes to specific strategies, 4 out of 10 companies say they would strongly agree with using a PKI to issue digital identities to the IoT and IIoT devices in their environment.
- The IoT security budgets are increasing, but are being used to cover the huge costs of certificate failures: While budgets for IoT device security are increasing every year and are expected to increase by 45% over the next five years, there is a risk that half of this Budgets are diverted to cover the costs of successful cyber breaches of IoT and connected products.
- Companies and manufacturers disagree About who is responsible for IoT security: Of those surveyed, 48% believed that the manufacturer of IoT or connected devices should be at least largely responsible for cyber breaches in their products.
About key factors
Keyfactor brings digital trust to the hyperconnected world with identity-based security for people and machines. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and object, Keyfactor helps organizations quickly create—and maintain—scalable digital trust. In a zero trust world, every machine needs an identity and every identity needs to be managed.