Survey Discovers Just 36% of Organizations Allocate Sufficient Resources to Product Security
COLUMBUS, Ohio — Oct. 13, 2021 — More than half (59%) of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations have lost business due to product security concerns for connected devices and embedded systems, according to a new survey. The results highlight a growing need to strengthen supply chain security by securing connected devices, including those connected to the Internet of Things (IoT).
Nearly half of respondents’ customers (45%) want detailed information about the components of their devices, but only 11% of organizations have high confidence in their ability to respond to those requests. The research, published today by Finite State, the product security leader for connected devices, was conducted by the Ponemon Institute.
The survey found that visibility is low into potentially impacted systems: only 27% of respondents say their organizations conduct software composition analysis (SCA) for all connected products’ software and only 30% say their organization can easily generate a software bill of materials (SBOM) for each product.
“Hackers are finding new ways to exploit IoT/connected device vulnerabilities, and this data shows the troubling realization that many organizations are not prepared,” said Matt Wyckhouse, CEO of Finite State. “It can be easy to overlook the risk, which many companies do until they face a breach or cyberattack. But, the data here shows that security concerns affect organizations’ bottom lines, and a more serious approach to protecting devices is imperative.”
Organizations are finding obstacles to developing secure products. Respondents point to a lack of resources (62%), lack of in-house expertise (60%), and lack of industry standards (46%) as main reasons they’re having trouble, and only 21% of respondents report that their organization has a security supply chain policy.
Other key findings include:
Read the full report on the survey’s findings.
About Finite State
Finite State empowers organizations to gain control of product security for their connected devices and supply chains. Backed by a team of seasoned experts, our automated product security platform arms our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. For more information, visit www.finitestate.io.
Matt McLoughlin
Gregory FCA on behalf of Finite State
Phone: 610.996.4264
matt@gregoryfca.com