ISACA Survey: Wide Gap Between US Consumers and IT Professionals on Internet of Things Security

64% of consumers confident they can control information access of
Internet of Things devices, 78% of professionals say security standards
are insufficient

ROLLING MEADOWS, Ill.–(BUSINESS WIRE)–Is the Internet of Things safe? A new survey from global cyber security
association ISACA suggests a major confidence gap about the security of
connected devices between the average consumer and cyber security and
information technology professionals.

According to the consumer segment of ISACA’s 2015
IT Risk/Reward Barometer
, 64 percent of US consumers are confident
they can control the security on Internet of Things (IoT) devices they
own. Yet according to more than 2,000 US IT and cyber security
professionals who responded to a parallel survey, only 20 percent feel
this same confidence about controlling who has access to information
collected by IoT devices in their homes, and 77 percent say
manufacturers are not implementing sufficient security in devices.

More than three in four US consumers consider themselves somewhat or
very knowledgeable about IoT, and the average estimated number of IoT
devices in their home is five. Smart TVs, connected cameras, cars and
fitness trackers top the list of most-wanted devices.

The Hidden Internet of Things

ISACA’s survey of US IT and cybersecurity professionals depicts an IoT
that flies below the radar of many IT organizations – an invisible risk
that is underestimated and under-secured:

  • 50 percent believe their IT department is not aware of all of their
    organization’s connected devices (e.g., connected thermostats, TVs,
    fire alarms, cars)
  • 74 percent estimate the likelihood of an organization being hacked
    through an IoT device is medium or high
  • 62 percent think that the increasing use of IoT devices in the
    workplace has decreased employee privacy

“In the hidden Internet of Things, what is also invisible are the
countless entry points that cyber attackers can use to access personal
information and corporate data,” said Christos Dimitriadis, Ph.D., CISA,
CISM, CRISC, international president, ISACA, and group director of
Information Security, INTRALOT. “The spread of connected devices is
outpacing an organization’s ability to manage it and to safeguard
company and employee data.”

However, the business risk of not embracing IoT and falling behind
competitors may outweigh any potential cost of a cyberattack, noted
Dimitriadis. Organizations need to manage the risk to achieve the most

According to US cyber security and IT professionals, device
manufacturers are falling short. Seventy-seven percent do not believe
that manufacturers are implementing sufficient security measures in IoT
devices, and 78 percent don’t think security standards sufficiently
address the IoT and believe that updates and/or new standards are
needed. Also, 88 percent believe that device makers don’t make consumers
sufficiently aware of the type of information the devices can collect.

ISACA’s consumer research suggests that US consumers are likely to value
businesses that can demonstrate their expertise in and commitment to
cybersecurity best practices: fully 89 percent of US consumers say it is
important that data security professionals hold a cyber security
certification if they work at organizations with access to the
consumers’ personal information.

ISACA established Cybersecurity
(CSX) to help develop the cybersecurity workforce. Details on CSX
conference and the new CSX

Risk/Reward Barometer

ISACA’s annual IT Risk/Reward Barometer polls thousands of IT and
cybersecurity professionals and consumers worldwide to uncover attitudes
and behaviors, and the trade-offs to balance risk and reward. Results:


is a global nonprofit association of 140,000 professionals in 180


Kristen Kessinger, +1.847.660.5564