Out of the 5.7 million registered businesses in the UK, 2.7 million of them are at risk.
This is according to an independent survey by ForeScout and CensusWide. Included in the survey were 500 CIOs and IT decision makers, assessed on their preparedness for IoT cyber security.
The results showed 47% admitted to not updating default passwords on all IoT devices when they are added to corporate networks; 15% admitted to not keeping security patches up to date.
This is concerning but not altogether surprising – only 54% of respondents had complete confidence that they can identify every device on their network. Alongside this, 72% of IT managers are concerned about the security risks associated with adding further devices to the company’s network. This means the challenge will only worsen as 40% of respondents stated that they are planning to increase their operational technology spend on connected devices.
“The convergence between IT and OT is where businesses are looking to drive some major efficiency gains in 2018, but it makes the challenge of knowing exactly what devices are on your network that much harder,” explained Myles Bray, vice president of EMEA at ForeScout. “IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption. With GDPR just around the corner businesses need to act now.”