58% of UK business can’t detect IoT security breach – study

Digital security vendor Gemalto claims the IoT euphoria might be hitting the UK before its ready, as research shows 58% of businesses are not able to detect a breach.

First and foremost, we need to put a disclaimer on this report. Gemalto is a security company and is thus incentivised do its best scaremongering to drive revenues. The more scared companies are about potential data breaches, and the punishments which follow the incidents, the more likely they are to buy security software. Making the world a big, bad, horrible place is an effective marketing strategy for security vendors.

That said, considering the lax approach most of the industry takes towards security and data protection, we suspect many of the statistics being discussed are pretty accurate.

“The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices,” said Jason Hart, CTO of Data Protection at Gemalto. “At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.”

The most shocking figure from the report is the 42% of UK companies who are capable of detecting an IoT breach, with only France worse off at 36%. Considering the role IoT has been touted to play over the next few years as 5G hits the streets, this is an incredibly worrying statistic.

While spending on IoT security has increased from 11% of the overall IoT budget to 13%, you have to wonder what direction this money is heading. Perhaps even more concerning for those companies involved, is that 90% of them accept this will be a major buying motivator for customers. At least they are aware that security can have a direct impact on the revenues of the business now, a concept which has taken years to hammer home.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Hart. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

IoT is set to be one of the biggest winner of the 5G bonanza, while the segment is also predicted to be the major catalyst of 6G. If predictions are anywhere near accurate, 5G networks will soon not be able to cope with the strain of IoT, driving the case for 6G due to the sheer number of ‘things’ connected to the network.

Looking at the predictions, IDC believes the IoT market will grow to be worth more than $1.2 trillion by 2022, with consumer devices expected to account for the largest share at 19%. Ericsson has forecasted the number of cellular IoT connections to reach 3.5 billion in 2023, increasing at a CAGR of 30%.

Security remains a major challenge for the industry, though the buzz around blockchain could provide a suitable means to meet the expectations of the consumer. In the absence of regulation, Gemalto notes the adoption of blockchain technologies has doubled from 9% to 19% in the last 12 months, with 23% of the respondents to this survey believe the technology would be an ideal solution to use for securing IoT devices. 91% who are not using blockchain are considering it for the future.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” said Hart.

“But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

While research like this does indicate security is becoming a more serious topic in the world of telecoms and technology, it also confirms there is a very wide gap to close. Security has long been the ugly duckling of the industry, many seemingly choosing to ignore the challenges because they are too difficult to solve, though new regulations such as GDPR has perhaps forced the issue up the agenda.

Interestingly enough, should the telcos get serious about security there would certainly be a revenue generating opportunity to capitalise on. With cyber security incidents and data breaches becoming more prominent in the news, consumers are gradually becoming more aware of the risks of the internet and the emerging digital society. While the industry has played down the risk in recent years, the incidents speak for themselves.

An excellent example of turning this scenario into a business opportunity lies with Orange, the master of the convergence strategy. Here, the team have invested heavily in cyber security capabilities and are now offering security services to customers as a bolt on to other connectivity packages. The move has proven to be a success as while it is generally becoming accepted that 100% secure is impossible nowadays, more people are willing to do something about it.

Security is a topic which has always been in and around the news, but few want to do anything proactive about it. Unfortunately, with the perimeter expanding so rapidly as IoT penetration grows, these statistics are incredibly worrying. Perhaps regulators will get the chance to swing the GDPR stick before too long after all.