The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the enterprise IoT is forcing almost every aspect of a business to rethink their processes as this technology augments the abilities of the organization. IoT devices are hitting the market at a staggering rate - having exceeded the world’s population, it is expected that there will be over 20 billion connected devices by 2020 (Gartner).
New technology, new risk
The rise of this transformative technology and new ways to interact with the world brings a host of new risks of attack. The rapid release of more and more new connected devices to market with little regard for the security of those devices once they’re in the wild has left organizations and consumers alike open to a host of new threats.
With the topics of security and privacy entering the zeitgeist with the Facebook and Google breaches and the rise of legislation like GDPR, IoT security is soon to emerge from the peripheral as a product differentiator in the market.
Research by Bain & Company finds that enterprise customers would buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might otherwise buy. What’s more, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security.
"Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices"
Many of the challenges these organizations face is how to secure legacy devices that are already in the wild. In the interim, device manufacturers will continue to produce devices with varying amounts of security.
What the Bain study shows us is that security is no longer a nice-to-have feature. As IoT devices become more integrated to critical aspects of our daily lives, the security of those devices becomes non-negotiable.
More questions than answers
How can a business use security as a selling point without raising its profile?
To date, many CISOs shy away from sharing too much about their security program as it would raise their profile and potential for attack. However, if customers are willing to pay an average of 22% more based on the security program, is the opportunity worth the risk?
Where will we see security as a critical feature?
Hospitals are one of the biggest consumers of enterprise IoT. With the FDA actively working to develop medical device cybersecurity practices, we assume that the medical device and biotech industries will be the first to see IoT security as a selling point and potential price driver.
The next wave of innovation will be in security
While there may be more questions than answers about the future of IoT security, what we do know is the next wave of innovation in IoT will be around security. As risk management becomes a core business function and security becomes a focal point in the buying process, device manufacturers will be faced with the choice to integrate better security into their products or lose business.
* "IIoT Cybersecurity Risk Modeling for SCADA Systems" , Faclco Greg et al, IEEE Internet of Things Journal , to appear 2019