Managing Third-Party Risks and Internet of Things

Karen A. Frenkel Avatar

Updated on:

Managing Third-Party Risks and Internet of Things

Categories:  security,Managing Third-Party Risks and Internet of Things IT ManagementManaging Third-Party Risks and Internet of Things

When it comes to dealing with third-party risks and the internet of things, many companies are relying on outmoded technologies and practices.

Major Barriers to Addressing IoT RisksMajor Barriers to Addressing IoT Risks

A lack of priority.
Insufficient resources.
Boards aren’t filling oversight responsibilities.
The need to make management accountable

Managing Third-Party IoT RisksManaging Third-Party IoT Risks

Only 30% of respondents said managing third-party IoT risks is a priority. Because it is not a priority—and leadership is not engaged—needed resources are not allocated.

IoT Devices Expected to DoubleIoT Devices Expected to Double

The number of IoT devices is expected to double in the next two years, from an average of 9,259 to 18,631 per organization. This is driven by the potential to increase efficiencies and improve business outcomes by collecting better data.

Pace of Innovation and StandardsPace of Innovation and Standards

72% of respondents said the pace of innovation in IoT and varying standards for security among third parties make it hard to safeguard the security of these devices and applications.

The Need for New ApproachesThe Need for New Approaches

The drive for innovation requires new approaches to IT strategies and tactics, respondents said, and 61% said cloud adoption is driven in part by the need to innovate in the IoT ecosystem.

Too Many CooksToo Many Cooks

42% of respondents said the large number of vendors they use makes it difficult to manage the complexity of IoT platforms.

Third-Party Risk Programs Need WorkThird-Party Risk Programs Need Work

56% of respondents have a third-party risk management program. Of these, only 24% rate theirs as highly effective.

Neglecting the CEO and BoardNeglecting the CEO and Board

69% of respondents don’t inform their CEO and board about the effectiveness of their third-party risk management program.

Causes for Lack of CommunicationCauses for Lack of Communication

Provide information only if a breach involves third-party management: 56%.
It’s not a priority for the CEO and board: 51%.
Decisions about third-party risk management aren’t relevant to the CEO and board: 47%

Problems With Third-Party IoT GovernanceProblems With Third-Party IoT Governance

56% of respondents said it is not possible to determine whether third-party safeguards and IoT security policies are sufficient to prevent data breaches.

Why Governance Programs Are Inadequate, Part IWhy Governance Programs Are Inadequate, Part I

Programs don’t include the secure use of IoT devices in training and awareness programs: 81%.
Programs don’t evaluate IoT security risks during onboarding: 80%.
Programs don’t consider IoT-related risks in the third-party due diligence process: 77%

Why Governance Programs Are Inadequate, Part IIWhy Governance Programs Are Inadequate, Part II

Programs don’t require third parties to have insurance for IoT security risks: 70%.
Programs don’t evaluate IoT security and privacy practices for engaging in a business relationship: 67%.
Programs don’t require third parties to identify IoT devices that connect to their network: 59%

Problems Tracking IoT-Connected ObjectsProblems Tracking IoT-Connected Objects

72% are aware of only some objects connected to the internet.
55% consider IoT devices to be endpoints.
Only 44% monitor the risk of IoT devices used in the workplace.

Karen A. Frenkel Avatar