ROLLING MEADOWS, Ill.--(EON: Enhanced Online News)--As the connected devices that together make up the Internet of Things play a greater role in business and daily life, findings from ISACA’s 2013 IT Risk/Reward Barometer indicate that consumers are conflicted about the trade-offs among privacy, security and convenience factors. The survey shows that only 1% of Americans named the makers of their mobile phone apps as the institution they would most trust with personal data collected by Internet of Things devices, yet most (81%) don’t always read privacy policies before downloading apps to their phone or tablet. This apparent gap between belief and behavior is likely to matter even more in the future, as consumers use mobile apps to interface with everyday objects that increasingly share data via the Internet. Fifty billion devices are expected to be connected to the Internet by 2020.*
“Internet-connected devices are already delivering powerful business and lifestyle benefits, but organizations using these need to proceed with transparency and with the consumer at the forefront of their decisions”
The term “Internet of Things” refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other. According to the survey, 92% express concerns about the information collected by Internet-connected devices.
Conducted by ISACA, a global association of 110,000 IT security, assurance, governance and risk professionals, the IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD. The 2013 Barometer consists of two components:
- A survey of 2,013 ISACA members from around the world, including 591 in the US
- A survey of more than 4,000 consumers in four countries, including 1,216 in the US
The findings from this year’s US consumer segment of the IT Risk/Reward Barometer study suggest that there are major gaps between beliefs and actions as Americans struggle to manage privacy and security in an increasingly connected and sensored world:
- Ninety percent are concerned that their online information will be stolen, yet half (51%) use the same two to three passwords across multiple sites and four in ten (40%) write down their passwords to remember them.
- Half (50%) don’t feel they have control over how web sites use their information—but one in four (25%) have not checked the privacy settings on their social network profiles in the past six months.
- Although only 6% are aware of the term Internet of Things, many report using Internet-connected devices such as a GPS system (62%), electronic toll devices on their cars (28%) or smart TVs (20%).
IT professionals see benefit in the Internet of Things. In the related survey of 591 US-based IT professionals who are members of ISACA, almost all (99%) believe the Internet of Things poses governance issues, but 42% say the benefits outweigh the risk and more than one quarter (26%) say the benefits and risk are appropriately balanced for their enterprise. Thirty percent, in fact, say their enterprises have already benefited from greater access to information and 29% have improved services as a result of the Internet of Things.
Close to half of the IT professionals (48%) surveyed believe that for consumers, the benefit of the Internet of Things outweighs the risk. But the average American and members of the IT department do not see eye-to-eye on what the greatest risks are: according to the consumer study, people are most concerned about someone hacking into their connected devices and doing something malicious (31%). IT professionals, however, believe that what consumers should be most concerned about is not knowing who has access to their information (48%) or how it will be used (25%).
“Internet-connected devices are already delivering powerful business and lifestyle benefits, but organizations using these need to proceed with transparency and with the consumer at the forefront of their decisions,” said Jeff Spivey, international vice president of ISACA. “The deep concerns about privacy and security uncovered by this year’s IT Risk/Reward Barometer show that enterprises need to establish and openly communicate policies around use of personal data to preserve trust in information.”
5 Steps to Being Agile in a Connected World
ISACA recommends five steps enterprises can take to be agile in the Internet of Things era:
- Act quickly; enterprises cannot afford to be reactive.
- Govern the initiative to ensure that data remain secure and risks are managed.
- Identify expected benefits and how to measure them.
- Leverage internal technology steering committee to communicate benefits to the board.
- Embrace creativity and encourage innovation.
For full survey results, including related infographics, visit http://www.isaca.org/risk-reward-barometer.
About the 2013 IT Risk/Reward Barometer
The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of 110,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2013 online polling of 2,013 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,216 consumers in the US, 1,001 consumers in India, and 1,001 consumers in Mexico. The US survey ran 16–18 September 2013, and the India and Mexico surveys ran 25 September–5 October 2013. At a 90 percent confidence level, the margin of error for each individual country sample is +/- 2.8 percent. A UK survey of 1,000 employed consumers was conducted by OnePoll on 2 October 2013 with a margin of error of +/- 3.9 percentage points at the 95 percent confidence level. To see the full results, visit http://www.isaca.org/risk-reward-barometer.
With 110,000 constituents in 180 countries, ISACA® (www.isaca.org) is a global association that helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. ISACA advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials. ISACA also developed and continually updates COBIT®, a business framework that helps enterprises govern and manage their information and technology.
Follow ISACA on Twitter: https://twitter.com/ISACANews
*Source: Cisco: http://blogs.cisco.com/news/cisco-connections-counter/