By Ramsés Gallego
Research conducted by global IT association ISACA shows that, of 1,000 employed consumers surveyed in the UK, only 4% named the makers of their mobile phone apps as the entity they most trust with their personal data. Yet, according to ISACA’s 2013 IT Risk/Reward Barometer, 90% don’t always read privacy policies before downloading apps to their devices. This apparent gap between belief and behavior is likely to matter even more in the future, as consumers use mobile apps to interface with everyday objects that increasingly share data via the Internet.
The term “Internet of Things” refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other. It is estimated that there will be 50 billion connected devices that make up the Internet of Things by the year 2020.
Conducted by ISACA, a global association of 110,000 IT security, assurance, governance and risk professionals, the IT Risk/Reward Barometer examines the risks and rewards of key trends, including the Internet of Things, Big Data and BYOD. The Barometer consists of two components:
• A survey of 2,013 IT professionals and ISACA members from around the world
• A survey of more than 4,000 consumers in four countries, including 1,000 in the UK
IT professionals worldwide say the benefits of the Internet of Things are many. In fact, about half (51%) of institutions have plans to capitalise on the Internet of Things and 31% say their enterprises already have benefited from the increased access to information it provides. More than half say they hope to achieve greater efficiency and increased customer satisfaction as a result of the Internet of Things.
As organisations embrace technologies whose success depends on collecting and sharing data, they need to proceed with the consumer at the forefront of their decisions. Clearly, consumers have mixed feelings about how connected devices are sharing information, so businesses need to establish policies and communicate them openly to preserve trust in information.
While 86% of UK consumers expressed concerns about the Internet of Things, half of IT professionals (50%) believe that, for average consumers, the benefit of the Internet of Things outweighs the risk. However, they do not agree with consumers about what the greatest risk is. Consumers are most concerned about people hacking into their connected devices (24%), but IT professionals surveyed believe consumers should be most concerned about not knowing who has access to the information (44%) or how their information will be used (29%).
The rapid increase in connectivity, via the Internet of Things, is fundamentally changing the way we live, work, play and behave. What this survey clearly shows is the shift in perception about risk and privacy as the world becomes increasingly connected. Consumers need to understand the personal implications of allowing applications to access our personal data on mobile devices. We need to check the terms and conditions, not only for what they allow in the present, but also for what our permissions might grant them the ability to do in the future. There are many benefits to using apps, but we need to ask ourselves what level of risk we are willing to accept for the benefits they provide.
5 Steps to Being Agile in a Connected World
ISACA recommends five steps enterprises can take to be agile in the Internet of Things era:
• Act quickly; enterprises cannot afford to be reactive.
• Govern the initiative to ensure that data remain secure and risks are managed.
• Identify expected benefits and how to measure them.
• Leverage internal technology steering committee to communicate benefits to the board.
• Embrace creativity and encourage innovation.
For full survey results, including related infographics, visit http://www.isaca.org/risk-reward-barometer .
About the 2013 IT Risk/Reward Barometer
The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of 110,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2013 online polling of 2,013 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,216 consumers in the US, 1,001 consumers in India, and 1,001 consumers in Mexico. The US survey ran 16–18 September 2013, and the India and Mexico surveys ran 25 September–5 October 2013. At a 90 percent confidence level, the margin of error for each individual country sample is +/- 2.8 percent. A UK survey of 1,000 employed consumers was conducted by OnePoll on 2 October 2013 with a margin of error of +/- 3.9 percentage points at the 95 percent confidence level. To see the full results, visit www.isaca.org/risk-reward-barometer .
About the author and ISACA
Ramsés Gallego is international vice president of ISACA and security strategist and evangelist at Dell Software.
With more than 110,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor®(CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™(CRISC™) credentials. ISACA also developed and continually updates COBIT®, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.
ISACA Knowledge Center: www.isaca.org/knowledge-center
ISACA on Twitter: https://twitter.com/ISACANews
ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
ISACA on Facebook: www.facebook.com/ISACAHQ