A recent Ponemon Institute study found, there has been a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017.
The study found these breaches account for 26 percent of incidents, up from 15 percent, although the actual number may be greater as most organizations aren’t aware of every unsecured IoT device, application, or third party platform, according to the firm’s “Third Annual Party IoT Risk: Companies Don't Know What They Don’t Know” report.
Researchers found respondents’ companies experienced a data breach were up from 14 percent and 18 percent respectively in the previous year’s findings as 18 percent of them reported incidents while 23 percent experienced a cyber-attack caused by a third party’s unsecured IoT devices in the last year..
And the study found staffing an budgets aren’t adequate to manage third party IoT risks as respondents agreed third party risk management (TPRM) programs should include IoT risks in order to evolve and mature their practices.
Future prospects look bad as well, with 87 percent of respondents believing it’s likely their own organizations will experience a cyber-attack caused by unsecured IoT devices or applications in the next 24 months, and 84 percent expecting their organizations will experience a data breach due to the same threats.
The study also noted the an accountability gap with less than half of company board members approving programs intended to reduce third party risk and only 21 percent of board members highly engaged in security practices and understanding third party and cybersecurity risks in general.