ISACA survey shows security disconnect for breaches, wearables

Consumers aware of breaches, but don't care

sony wearables 7915
Credit: Florence Ion

"This year was the year of the breach," ISACA international president Robert Stroud told CSO Online.

ISACA, a global association of risk and cybersecurity professionals, released its global IT Risk/Reward Barometer today, a survey of  over 1,600 IT professionals and 4,000 consumers, in which 94 percent of Americans said they were aware of a major data breach at a retailer.

But they just didn't care.

"We saw some consistently risky actions," Stroud said. "Fewer than half changed their online passwords or pin codes."

Only 28 percent said they shopped less frequently at a retailer that experienced a data breach, and only 15 percent said they made fewer online or mobile purchases.

Consumers want wearables, companies concerned about risk

More than half of respondents said they wanted to get wearables as presents this year, said Stroud.

"That means we're going to see wearables coming into the enterprise," he said.  "Next year, wearable devices will become the face of the Internet of Things and become much more significant in terms of acceptance."

According to the survey, 68 percent of employed Americans would consider using connected wearable devices at work. In fact, one in 10 even said they would consider wearing smart glasses, such as Google Glass.

"Those wearables could be recording devices," said Stroud. "There are privacy concerns, and policies that need to be thought about and put into place."

However, only 11 percent of this year's enterprise respondents said that their BYOD policy addressed wearable devices.

"You need to have education," said Stroud. "You may need to put policies in place where you instruct staff to turn devices off in a meeting room."

In addition, these devices often try to connect wirelessly to the Internet.

"You need to ensure that appropriate connectivity processes are in place, so you can manage them the way you manage other devices," he said.

Wearables were likely to have a negative effect on their organizations, according to 31 percent of enterprise respondents, while only 17 percent thought the impact will be positive -- while 35 percent didn't know, and 16 percent didn't foresee any impact at all.


When it comes to the Internet of Things in general, individual consumers see the benefits as significantly outweighing the risks, at rate of 46 percent to 30 percent.

Enterprises, however, see it differently, with the risks outweighing the rewards by 35 percent to 31 percent.

This is down slightly from last year, however, when the same survey showed that 50 percent of consumers and 41 percent of enterprises thought that the benefits of the Internet of Things outweighed the risks, while 26 and 29 percent, respectively, felt the risks were more important.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.