Consumers struggle with privacy vs. convenience factors while everyday objects increasingly share data via the Internet.
As the connected devices that together make up the Internet of Things play a greater role in business and daily life, findings from ISACA’s 2013 IT Risk/Reward Barometer indicate that consumers are conflicted about the trade-offs among privacy, security and convenience factors. The survey shows that only 1% of Americans named the makers of their mobile phone apps as the institution they would most trust with personal data collected by Internet of Things devices, yet most (81%) don’t always read privacy policies before downloading apps to their phone or tablet. This apparent gap between belief and behavior is likely to matter even more in the future, as consumers use mobile apps to interface with everyday objects that increasingly share data via the Internet. Fifty billion devices are expected to be connected to the Internet by 2020.*
The term “Internet of Things” refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other. According to the survey, 92% express concerns about the information collected by Internet-connected devices.
Conducted by ISACA, a global association of 110,000 IT security, assurance, governance and risk professionals, the IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD.
The 2013 Barometer consists of two components:
- A survey of 2,013 ISACA members from around the world, including 591 in the US
- A survey of more than 4,000 consumers in four countries, including 1,216 in the US
The findings from this year’s US consumer segment of the IT Risk/Reward Barometer study suggest that there are major gaps between beliefs and actions as Americans struggle to manage privacy and security in an increasingly connected and sensored world:
- Ninety percent are concerned that their online information will be stolen, yet half (51%) use the same two to three passwords across multiple sites and four in ten (40%) write down their passwords to remember them.
- Half (50%) don’t feel they have control over how web sites use their information—but one in four (25%) have not checked the privacy settings on their social network profiles in the past six months.
- Although only 6% are aware of the term Internet of Things, many report using Internet-connected devices such as a GPS system (62%), electronic toll devices on their cars (28%) or smart TVs (20%).
IT professionals see benefit in the Internet of Things. In the related survey of 591 US-based IT professionals who are members of ISACA, almost all (99%) believe the Internet of Things poses governance issues, but 42% say the benefits outweigh the risk and more than one quarter (26%) say the benefits and risk are appropriately balanced for their enterprise. Thirty percent, in fact, say their enterprises have already benefited from greater access to information and 29% have improved services as a result of the Internet of Things.
Close to half of the IT professionals (48%) surveyed believe that for consumers, the benefit of the Internet of Things outweighs the risk. But the average American and members of the IT department do not see eye-to-eye on what the greatest risks are: according to the consumer study, people are most concerned about someone hacking into their connected devices and doing something malicious (31%). IT professionals, however, believe that what consumers should be most concerned about is not knowing who has access to their information (48%) or how it will be used (25%).
Jeff Spivey, international vice president of ISACA, said:
“Internet-connected devices are already delivering powerful business and lifestyle benefits, but organizations using these need to proceed with transparency and with the consumer at the forefront of their decisions.”
“The deep concerns about privacy and security uncovered by this year’s IT Risk/Reward Barometer show that enterprises need to establish and openly communicate policies around use of personal data to preserve trust in information.”
5 Steps to Being Agile in a Connected World
ISACA recommends five steps enterprises can take to be agile in the Internet of Things era:
- Act quickly; enterprises cannot afford to be reactive.
- Govern the initiative to ensure that data remain secure and risks are managed.
- Identify expected benefits and how to measure them.
- Leverage internal technology steering committee to communicate benefits to the board.
- Embrace creativity and encourage innovation.
- Download Global Survey Report
- For survey results by geography, including related infographics, visit http://www.isaca.org/risk-reward-barometer