Cyber-attacks on IoT devices could cost the UK economy over £1 billion each year, according to new research from Irdeto.
The Dutch security vendor polled IT security decision makers at UK organizations in the transport, manufacturing and health sectors, finding that attacks on connected kit caused losses of £244,000 on average.
Along with the headline costs, over half of respondents claimed to have suffered downtime in the past year as a direct result of IoT attacks. Two-fifths (41%) said customer data had been compromised in these raids.
This could present a major compliance challenge if GDPR regulators judge the victim organizations haven’t taken suitable steps to protect customer data. It could also lead to attrition: a third (33%) of respondents said they’d lost customers and 29% claimed their brand's reputation had taken a hit.
Attacks on IoT devices can also have an impact on the physical world, given the increasingly vital role they play in a range of sectors: from drug infusion pumps to connected cars.
Worryingly, 28% of organizations told Irdeto they suffered compromised end-user safety as a result of attacks in the cyber domain.
Irdeto VP of strategic partnerships, Steeve Huin, argued that unsecured IoT endpoints are like low-hanging fruit for cyber-criminals.
“It’s clear that, if not addressed, a lack of IoT security could pose a serious financial threat to the wider UK economy. With so many devices entering the market, and being deployed in critical businesses, the need for improved security measures is without question,” he added.
“Connected device manufacturers must move away from the traditional mindset of ‘build, ship and forget’ and ensure that devices are secure from the very point of design, incorporating multiple layers of security as well as offering regular health checks and software updates. If unsure, consumers should also ask their manufacturers about device security and appropriate measures to keep their information secure.”
This should be easier to do in the future, once the government has introduced a new law designed to improve IoT security.
Announced at the start of May, the proposals aim to improve baseline security standards among manufacturers, and require retailers to add a label to each product explaining whether it has met the standards or not.