Executives who manage cybersecurity are understandably concerned about the risks of weak security for their devices that make up the Internet of Things. Compromised devices can serve as gateways for intruders into sensitive industrial and commercial environments. Or, they can be commandeered to launch attacks like the Mirai malware attack that hijacked thousands of sensors, cameras and other devices to wreak havoc on popular websites in October 2016.
But companies take vastly different approaches to protecting their IoT devices and systems against such intrusions. Those with the most advanced cybersecurity practices tend to develop their own security solutions not only because they may have more complex needs but also because they are more likely to have the talent and capabilities to do so. Companies at the other end of the spectrum, with inconsistent or ad hoc security capabilities, have the most gaps across all IoT layers that we tested. Only about a third of IoT cybersecurity solutions used today are from IoT device vendors, indicating that vendors are either not offering the comprehensive solutions that their customers need or they are not promoting them well enough.
Syed Ali is an expert vice president with Bain & Company in the Houston ofﬁce. Ann Bosche is a partner with Bain in San Francisco, and Frank Ford is a Bain partner in London. Ali and Ford are experts in cybersecurity and partners with the Global Information Technology practice, and Bosche works with Bain’s Global Technology practice.