The Internet of Things surrounds us. We live within it. We traverse its digital pathways. People are connected. Businesses are too. The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to connect and exchange data.
There’s no getting away from IoT. Particularly for business. Digitisation is developing at pace and, as such, is fast becoming a top priority for boardrooms. Take the typical office. From mobiles, desktops, laptops to multifunction printers, they are all connected to the internet (of things). Cybersecurity skills and processes are developing within these companies but at a much slower pace.
The tectonic shift in the digital landscape is moving security challenges away from a company’s traditional IT infrastructure into its connected products in the field. These challenges rumble through the entire product life-cycle, even after a product has been sold and changes hands. As the security gap continues to widen, the shadowy space within is filled with ever-burgeoning threats.
Are CEOs promoting cybersecurity in the IoT age?
In a bid to understand boardroom preparedness for cybersecurity, McKinsey & Company has produced compelling research. McKinsey conducted a multinational expert survey with 400 managers from Germany, Japan, the United Kingdom, and the United States.
The results indicate that businesses have some way to go in order to promote cybersecurity in the IoT.
Key highlights from McKinsey, include:
- 75% of the IoT-involved experts surveyed say that IoT security is either important or very important and that its relevance will increase. But only 16% say their company is well prepared for the challenge.
- The survey also indicated that low preparedness is often linked to having insufficient budget allocated to IoT cybersecurity.
- Interviews by McKinsey revealed that companies are ill-prepared at every step of the IoT security action chain (predict, prevent, detect, react). Especially weak are prediction capabilities; 16% feel well prepared, compared with 24 to 28% on prevent, detect, and react.
- More than one-third of companies lack a cybersecurity strategy that also covers the IoT. The rest have some sort of strategy, but many report a struggle to implement it.