CISOs need to pay attention to IoT security spending

Enterprises should start planning ahead for a secure IoT and cyberphysical infrastructure.

internet of things 2015

Research firm Gartner released a new report this week which summarized Internet of Things (IoT) security spending at $281.54 million in 2015 -- and projects that to double and reach $547.20 million by 2018.

"The market for IoT security products is currently small but it is growing as both consumers and businesses start using connected devices in ever greater numbers," said Ruggero Contu, research director at Gartner. A small IoT market is an understatement in the context of the worldwide cybersecurity market, which is expected to grow from $75 billion in 2015 to $170 billion by 2020.

The "Forecast: IoT Security, Worldwide, 2016" report predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.

Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

If these IoT security spending forecasts and cybercrime figures prove out, then CISOs and IT security executives will have some explaining to do. The big question they'll have to answer: Why did they underspend on protecting IoT devices -- which led to data breaches and incident response costs that could have been avoided?

A Business Insider story reports mobile and IoT devices are still not a factor in real-world data attacks, according to Verizon’s 2016 Data Breach Investigation Report (DBIR). That being the case, CISOs walk a fine line between the current DBIR statistics and the growing number of cyber threats involving IoT devices which Gartner expects to hit over the next five years.

"IoT requires security for both software and hardware, often referred to as cyberphysical security" blogs Microsoft in a post on how enterprises can enable IoT security. "Securing an IoT infrastructure requires a rigorous, in-depth security strategy". CSOs and CISOs who haven't developed an IoT security strategy may want to start on it now.

While the Gartner numbers focus on corporate networks, there are broader forecasts which peg the overall IoT security market -- including consumer and home security, and embedded device security -- at $29 billion by 2020.

The saving grace for ITers may be the IoT device makers. If vendors embed security into their Things in the first place (the broader IoT security forecasts suggest they are), then it will dramatically reduce the cyber threat risk to corporate networks.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)