The Japanese IT security company Trend Micro published the results of a global survey on the Internet of Things and its security at the end of July. Over 1,150 IT and IT security decision-makers took part in the survey and provided information on investments made and planned, implementation strategies and technological challenges.

The growing number of networked devices makes companies vulnerable to a variety of cyber threats. Nevertheless, for 43 percent of respondents, IT security only plays a secondary role in the implementation of IoT projects. Among respondents from Germany, this figure was the highest in the world at 46 percent. While almost two thirds of respondents (63%) stated that cyberattacks in connection with IoT applications have increased in the past 12 months, only half (53%) of them classify networked devices as a threat to their company.

The results also highlight that inadequate security testing may be carried out before new devices are added to corporate environments. In addition, companies have recorded an average of three attacks on networked devices in the last 12 months. Only just over a third of companies (38%) that have implemented or are in the process of implementing IoT solutions have involved IT security experts in the implementation process. Of these, around a third (32 percent) are in the areas of smart factories, smart utilities (31 percent) and wearables (30 percent). However, this also means that a considerable proportion of companies worldwide are opening the door to a variety of threats.

"Many companies see IoT systems as the future and are therefore deploying new types of networked devices in their network environments," says Udo Schneider, Security Evangelist at Trend Micro. Although this improves their business processes, it also poses a major problem in terms of new cyber risks, as the built-in operating systems cannot usually be patched easily. Investments in IT security measures should therefore be geared towards investments in the expansion of systems. This is the only way to reduce the risk of data loss, which could have a major impact on sales and customer confidence.

Security, accountability, reputation and impact on affected companies

According to the respondents, the worst consequences of a data loss are the loss of customer trust (52%), closely followed by financial losses (49%). Although the EU General Data Protection Regulation (GDPR), which recently came into force, is a high priority for many, the penalties resulting from it were rated as much less significant. According to respondents, a security-related IoT incident would have a negative impact on the following areas, among others

• Customer trust (52 percent)
• Financial losses (49 percent)
• Loss of personal data (32 percent)
• Penalties from authorities (31 percent)
• Violations of data security regulations (28 percent)

Data loss can have a major impact on business processes: For example, they can put companies' GDPR compliance at risk or paralyze critical networks. The study confirms that IT security must not just be a footnote. Instead, it must play a key role in the implementation of IoT projects and processes from the outset.

Udo Schneider continues: "The considerable investments in technology show that IoT solutions offer many advantages for companies. However, IT security must be incorporated into the design of the solutions and IT experts must be involved in the development and implementation process. Otherwise, companies may incur losses that far exceed the potential gains of the technology."

The results also show that there is currently a high level of investment in IoT technologies: Companies are spending an average of 2.5 million US dollars per year. Given the significant financial outlay and the serious impact a cyber-attack can have on businesses, IT security should be prioritized to mitigate risk.