The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

59% of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations have lost business due to product security concerns for connected devices and embedded systems, according to a Ponemon Institute survey. The results highlight a growing need to strengthen supply chain security by securing connected devices, including those connected to the Internet of Things (IoT).

connected product security concerns

45% of respondents’ customers want detailed information about the components of their devices, but only 11% of organizations have high confidence in their ability to respond to those requests.

The survey found that visibility is low into potentially impacted systems: only 27% of respondents say their organizations conduct software composition analysis (SCA) for all connected products’ software and only 30% say their organization can easily generate a software bill of materials (SBOM) for each product.

“Hackers are finding new ways to exploit IoT/connected device vulnerabilities, and this data shows the troubling realization that many organizations are not prepared,” said Matt Wyckhouse, CEO of Finite State.

“It can be easy to overlook the risk, which many companies do until they face a breach or cyberattack. But, the data here shows that security concerns affect organizations’ bottom lines, and a more serious approach to protecting devices is imperative.”

Obstacles to developing secure products

Organizations are finding obstacles to developing secure products. Respondents point to a lack of resources (62%), lack of in-house expertise (60%), and lack of industry standards (46%) as main reasons they’re having trouble, and only 21% of respondents report that their organization has a security supply chain policy.

connected product security concerns

Other key findings include:

  • Only half of respondents report that their organizations assess the security of its products before shipping to customers.
  • There’s little consensus about who’s responsible for security, with 40% of respondents saying third-party vendors are most responsible, 31% saying it’s the manufacturers, 15% pointing to end users, and 12% choosing the government.
  • 74% of organizations either have or plan to hire a Chief Product Security Officer (CPSO) within the next two years.
  • Only 10% of respondents report having full confidence their organizations know all vendors in the supply chain for each of its devices.

 

Source: HelpNetSecurity

Protect your environment from Ransomware attacks.

Educating yourself and your employees with Cyber Security Awareness Training is the best way to start ensuring your business is protected from cyber-attacks.

Learn more about how The Cloud Consultancy can address and manage your businesses Cyber Security headaches. We can now provision boutique, pro-active, IT support services 24/7/365