Request Demo

Digital Risk Management

The Next Wave Of Innovation For The Internet of Things Is Security



 The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the enterprise IoT is forcing almost every aspect of a business to rethink their processes as this technology augments the abilities of the organization. IoT devices are hitting the market at a staggering rate - having exceeded the world’s population, it is expected that there will be over 20 billion connected devices by 2020 (Gartner).


“A common theme in cyberattacks today is that many are driven by a lack of security awareness, and this is accentuated with IoT security,” said Kevin Simzer, chief operating officer for Trend Micro in a press release.

In a survey carried out by Vanson Bourne, 1,150 IT and security decision makers across the US, UK, France, Germany and Japan recognized that the security teams lack an awareness of cybersecurity needs in relation to internet of things projects. 

New technology, new risk

The rise of this transformative technology and new ways to interact with the world brings a host of new risks of attack. The rapid release of more and more new connected devices to market with little regard for the security of those devices once they’re in the wild has left organizations and consumers alike open to a host of new threats.

With the topics of security and privacy entering the zeitgeist with the Facebook and Google breaches and the rise of legislation like GDPR, IoT security is soon to emerge from the peripheral as a product differentiator in the market.

Research by Bain & Company finds that enterprise customers would buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might otherwise buy. What’s more, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security.

While governing bodies like NIST and ENISA are actively working on standards to secure the IoT, we are still a ways off from security being an IoT industry standard.

"Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices"  

- Dr. Greg Falco, Research Scientist, MIT Sloan and MIT CSAIL*

Many of the challenges these organizations face is how to secure legacy devices that are already in the wild. In the interim, device manufacturers will continue to produce devices with varying amounts of security.

What the Bain study shows us is that security is no longer a nice-to-have feature. As IoT devices become more integrated to critical aspects of our daily lives, the security of those devices becomes non-negotiable.

More questions than answers

How can a business use security as a selling point without raising its profile?

To date, many CISOs shy away from sharing too much about their security program as it would raise their profile and potential for attack. However, if customers are willing to pay an average of 22% more based on the security program, is the opportunity worth the risk?

Where will we see security as a critical feature?

Hospitals are one of the biggest consumers of enterprise IoT. With the FDA actively working to develop medical device cybersecurity practices, we assume that the medical device and biotech industries will be the first to see IoT security as a selling point and potential price driver.

The next wave of innovation will be in security

While there may be more questions than answers about the future of IoT security, what we do know is the next wave of innovation in IoT will be around security. As risk management becomes a core business function and security becomes a focal point in the buying process, device manufacturers will be faced with the choice to integrate better security into their products or lose business.

* "IIoT Cybersecurity Risk Modeling for SCADA Systems" , Faclco Greg et al, IEEE Internet of Things Journal , to appear 2019

You may also like

Contextualize Quantified Cyber ...
on April 11, 2019

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT ...

NYDFS Implementation Grace Period ...
on April 9, 2019

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial ...

CEO's - Do You Know Where That ...
on April 5, 2019

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. With headlines dominated by breaches and hearings of information ...

Jerry Layden
Carbon Black Report Indicates ...
on April 2, 2019

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning ...

Legacy GRC And The Sunk Cost ...
on March 28, 2019

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to ...

Alison Furneaux
What To Expect From The Imminent ...
on April 6, 2019

While the NIST Privacy Framework may be the headliner for the most anticipated new publication from the National Institute of Standards and Technology, there are two imminent ...