From the very beginning of conceptualizing a cellular IoT project, enterprises must make security a priority. Given the difficulties associated with securing connected devices (including limited hardware resources and the accessibility and longevity of devices in the field), along with the increasing sophistication and cadence of cellular IoT attacks, enterprises must make cybersecurity a priority to ensure their investments are protected.
Recently, Aeris collaborated with ABI Research to examine the cybersecurity spending habits of 150 European and North American companies. The resulting report provides an in-depth look at how these organizations protect their IoT investments today as well as the associated costs and mitigation recovery hours required when they have had an IoT security breach.
Let’s take a look at some of the key highlights from the research on how respondents approach their IoT security investments and security precautionary protocols.
Frequency of Security Evaluations
As enterprises seek to improve their cybersecurity postures, one of the best ways to ensure their IoT investments are secure is by conducting frequent, consistent evaluations of IoT security. These “check-ins” give enterprises a consistent look at how well their current security systems and solutions are performing, and are crucial to judging the effectiveness of security.
Part of the research focused on the frequency of respondents’ cellular IoT security evaluations. These fluctuated from industry to industry, given the varied security requirements in each sector. For example, the energy industry – which requires stringent security protocols in place against threat actors – performed these emulations more than any other industry.
32% of respondents stated they evaluated their IoT security strategy and plan every week, and 13% cited on a daily basis. Only 7% of respondents conduct security evaluations quarterly, while a mere 2% do so every year.
Length and Cost of Event Remediations
One of the main benefits of regular IoT security evaluations is they shorten the average length taken to remediate an IoT security event and help drive down the average cost associated with tending to these events. The research conducted by Aeris and ABI Research examined both the length and cost of IoT remediation events.
In terms of the length, 40% of respondents indicated these events take them days to reconcile, while 28% said it takes hours, and 17% reported weeks. From a cost perspective, those surveyed stated their remediation events have cost their organization up to $250,000.
The Risk of IoT Security Inadequacies
The research also covered the costs and threats associated with not taking the necessary steps to secure cellular IoT solutions.
Loss of business and revenue loomed large among respondents, with 26% indicating it is a severe threat, and 41% saying it’s a somewhat severe threat. Regulatory liability is also a threat according to respondents. Just over one-fourth (28%) consider this a severe threat, while 46% count it as a somewhat severe threat.
Organizations were also concerned with unenforceable SLAs (service level agreements), with 28% saying it’s a severe threat, and 36% indicating it’s a somewhat severe threat. Finally, reputational damage was cited as a major concern, with 21% of respondents indicating its severe threat, and 38% considering it a somewhat severe threat.
Gain the Full Insights
In addition to insights on security investments, the research from Aeris and ABI Research also focused on spending drivers, buying personas, and where enterprises are spending their IoT security budget to maximize protection for the IoT connected device programs.
Register for the webinar covering the IoT Security Budget research, and watch on-demand here.