Despite this concern, majority of the respondents from this sector said that they do not have everything they need to address cybersecurity challenges.
Eight out of 10 organizations in the transport and automotive sector have experienced an IoT-focused cyberattack in the past 12 months, according to a new research by Irdeto, a software security and media technology company.
Of those that experienced a cyberattack, 91 percent had an impact on the organization, including operational downtime and compromised customer data and/or brand or reputational damage.
What is most alarming is that many organizations are not properly prepared for future threats, with only 7 percent of the respondents indicating that their organization has everything it needs to tackle cybersecurity challenges. In addition, 46 percent stated they need additional expertise/skills within the organization to address all aspects of cybersecurity.
The Irdeto Global Connected Industries Cybersecurity Survey of 700 enterprises in five countries (China, Germany, Japan, UK and US) also found that organizations in transport, manufacturing and healthcare have suffered substantial losses due to IoT-related vulnerabilities. The average financial impact as a result of an IoT-focused cyberattack was identified as more than $330,000 USD.
Organizations looking at security beyond protection
Of those surveyed, 99 percent agree that a security solution should be an enabler of new business models, not just a cost. These findings, however, suggest that the previous mindset of IoT security as an afterthought is changing. This shift in mindset could lead to further innovation across this sector, resulting in new connected and autonomous business models with security built-in, the company pointed out.
Niels Haverkorn, General Manager, Connected Transport, Irdeto, said, “Through robust security, transport and automotive organizations can construct a foundation that not only realizes the benefits of fully connected and autonomous vehicles, but also enables profitable new business models. Through this approach, they will be able to balance safety, convenience and customization throughout their business and products.”
While the security mindset may be changing, the research also suggests a distinct lack of optimism about the future security of IoT devices within these organizations. 82 percent of organizations that manufacture IoT devices are concerned that the devices they develop are not adequately secured from a cyberattack.
Further, a total of 93 percent of manufacturers and 96 percent of users of IoT devices stated that the cybersecurity of the IoT devices that they manufacture or use could be improved either to a great extent or to some extent.
Many organizations do not have robust cybersecurity strategy in place
Despite this concern, the study found that more than one-in-four organizations (26 percent) do not have software protection technologies implemented into their business.
In addition, fewer organizations have mobile app protection (52 percent) implemented and even fewer still make security a part of the product design lifecycle process (49 percent). The study also found that only just over half of the organizations surveyed (53 percent) conduct continuous security and/or code reviews.
But these statistics is likely to improve soon, as many organisations are planning on incorporating multiple layers of security into their defences.
Of the businesses surveyed, 18 percent plan on adding software protection next year, while 29 percent plan on adding mobile app protection, 30 percent plan on making security part of the product design lifecycle and 29 percent plan on implementing continuous security and/or code reviews by next year.