《Keyfactor:2024互联世界中的数字信任-应对物联网安全状况报告(英文版)(54页).pdf》由会员分享,可在线阅读,更多相关《Keyfactor:2024互联世界中的数字信任-应对物联网安全状况报告(英文版)(54页).pdf(54页珍藏版)》请在三个皮匠报告上搜索。
1、Digital Trust in a Connected World:Navigating the State of IoT SecurityExecutive summaryHowever,as IoT continues its rapid expansion and becomes increasingly integrated into business activity,the need for digital trust becomes a chief concern.Digital trust is quickly becoming both the framework and
2、backbone of modern technological integrations and inventions.From remotely updating the software in smart cars to ensuring life-saving pacemakers are designed safely and securely,it all starts with a founda-tion of digital trust.The undeniable benefits of IoT and connected device technology,such as
3、helping to digitize business models and provide insights into opera-tions,cannot overshadow the potential risks and vulnerabilities.From data breaches and privacy invasion to manipulation of critical infrastruc-ture,the security of IoT devices demands attention and improvements.With digital trust,co
4、mpanies can build long-term relationships in the connected world in innovative ways without it they face multiple consequences.To better understand how organizations are addressing the rising challenges brought by IoT,we analyzed survey responses from 1,200 individuals across North America,EMEA,and
5、APAC.These include OEMs(original equipment manufacturers)and those who are using and operat-ing connected devices within their organization.Please see“Research methodology”on pages 5253 for additional details on the audiences surveyed.In this report we will explore the challenges faced in securing I
6、oT and connected products,delving into the potential consequences of inade-quate security measures.We will examine key factors contributing to the vulnerability of organizations using IoT and connected devices,including the rapid proliferation of connected devices,the cost of inadequate cyber defens
7、e,and the complexity of where liability lies for successful cyber breaches.In todays interconnected world,the Internet of Things(IoT)has emerged as a groundbreaking phenomenon.It promises to revolutionize industries,enhance efficiencies,and transform the daily experiences of businesses.2Executive su
8、mmary Looking in depth at OEMs for IoT and connected devices;what methods and priorities are they leveraging for optimal security for their IoT and connected products,and their specific challenges surrounding cyber breaches and the costs they are facing Delving deeper into organizations that use or
9、operate IoT and connected devices;considering their pain points and needs for additional supportAdditionally,we will explore two specific organization types:Ultimately,the aim of this report is to shed light on the need for heightened security in IoT and connected products used in businesses and to
10、provide insights into the efforts being made to tackle the associated challenges.It equips readers with a deeper understanding of the vulnerabilities in IoT and connected devices and the measures required to enhance their security,to ensure the long-term viability and success of this transformative
11、technology within their enterprises.Moreover,we will discuss the pressing need for improvements in IoT security and the current initiatives taken by professionals working with IoT and connected devices in their day-to-day activities to address these challenges.We will delve into how organizations ar
12、e manag-ing their digital identities,exploring how PKI solutions and certificate lifecycle automation platforms are sought-after solutions for success.We will also highlight the importance of user awareness and education in empowering individuals to make informed decisions regarding their connected
13、IoT device security.SUBJECT MATTER EXPERTEllen BoehmSVP,IoT Strategies and OperationsKeyfactor3ContentsExecutive summary 2Key findings 5Complete findings 10Section 1:The state of security in IoT and connected devices 10Section 2:IoT and connected device security challenges 16Section 3:OEM organizati
14、ons 27Section 4:Operator and user organizations 37Conclusion 50Additional resources 51Methodology 52About Keyfactor and Vanson Bourne 544Key findingsThe key findings described here are based on the research data compiled by Vanson Bourne.Forty-eight percent believe that the manufacturer of IoT or co
15、nnected devices should be at least mostly responsible for cyber breaches on their products.48%of organizations are using PKI solutions to issue digital identities and/or manage certificates with most using a hybrid of active third-party and internal solutions.of organizations face challenges in secu
16、ring their IoT and connected products to some degree which begs the question,are they securing them in the right way or are they leveraging the wrong tools?Yet,93%97%5Key findingsOver a third(37%)report that significant improvement is needed in the security of the IoT/connected products in their org
17、anization,with 60%reporting that a little improvement is needed.Budgets for IoT device security are increasing year over year,with an anticipated increase of 45%in the next five years.of their budget is at risk of being diverted to cover the cost of successful cyber breaches on their IoT and connect
18、ed products.45%However,52%6On average,there has been a 20%increase in the number of IoT and connected products used by organizations in the past three years.Key findingsof organizations have experienced certificate outages in the last 12 months.The total average cost to OEM organizations for certifi
19、cate outages on their manufacturing lines in the last 12 months was over98%$2.25million.(USD)7Key findingsof organizations that operate and use IoT and connected products have faced cyber attacks in the past twelve months at an average cost of a quarter million dollars.89%of organizations using or o
20、perating IoT devices have seen an increase in cyber attacks on their IoT devices over the past three years.and,69%On top of covering the cost of successful cyber breaches and certificate outages,the financial burden has potential to become insurmountable its vital to invest today,to avoid paying tom
21、orrow.8Key findingsOrganizations dont necessarily understand what being“fully”protected from cyber attacks entails with 43%believing they are as protected as they can be.Over half(56%)agree that their organization doesnt have the proper awareness and expertise to prepare for cybersecurity attacks th
22、rough IoT devices organizations need support and guidance to move forward.Looking for a product?Find out how to create and maintain trust in your IoT products by protecting and managing their identities at scale with Keyfactor Command for IoT.View datasheet Ready to learn more?The complete findings
23、described below are based on the research data compiled by Vanson Bourne.9The state of security in IoT and connected devicesSection 1In this section,we explore the state of security and IoT and connected devices.We have organized topics in the following order:1.Security compliance vs security compla
24、cency2.Growing demand for external PKI solutions3.Vendor demand10Security compliance vs security complacency As organizations seek to harness the power of IoT and connected devices to streamline operations and gain a competitive edge,failing to comprehend the immense vulnerability that such connecti
25、vity brings can be devastating to an organizations success.Whilst organizations may tout their security measures and reassure stakeholders,the truth remains that there are shortcomings in the protective strategies employed.Many organizations agree that overall improvements are needed in the security
26、 of IoT and connected products ranging from a little improvement(60%)to significant improvement(37%),but crucially,very few report that no improvements are needed which suggests there is an awareness that the current level of protection is insufficient for the ever-changing nature of digital threats
27、.Figure 1To what extent do you agree or disagree with the following statements?Showing the combination of“strongly”and“slightly”responses.Split by region,omitting some answer options.The state of security in IoT and connected devicesTotalNorth AmericaEMEAAPACImprovements are needed in my organizatio
28、ns IoT securityI dont feel that my organization is as protected from cyber attacks on IoT/connected products as it could be88%94%85%84%12%6%14%16%56%38%66%58%43%62%33%40%AgreeAgreeDisagreeDisagree11The state of security in IoT and connected devicesHowever,there is a marked sense of complacency with
29、product security regionally for those that operate and use IoT and connected devices.Demonstrating this,almost all organizations in North America(94%)agree that improvements are needed in their organizations IoT security,but almost two thirds(62%)believe they are as protected as they could be from c
30、yber attacks on IoT and connected products.This is creating a juxtaposition;organizations believing they are as protected as possible but also needing further improvements.Its suggesting that some businesses have reached a level of protection where they feel satisfied but havent further investi-gate
31、d or sought solutions to really delve into what“full”protection might be.And similarly,in the EMEA and APAC regions,a minority of organizations(33%and 40%respectively)still report their belief of being as protected as possible.Its clear that further education is needed on what being“fully protected”
32、in terms of IoT and connected device security means,with organizations perhaps unaware of what other stronger options are out there.Growing demand for external PKI solutions The demand for PKI solutions is evident,with almost all(93%)surveyed organizations reporting that they have one in place to is
33、sue digital identities or manage certificates.Largely being driven by the US with the largest respondent pool,the UK is lagging behind with only three quarters of organizations having PKI in place.Third-party vendors are at the forefront of this,with many organizations turning to vendor support to m
34、anage this functionality.In most cases globally,active third-party solutions are paired with internal solutions to effectively manage these elements on their IoT and IIoT(Industrial IoT)devices,showing a keen uptake of external support.With outsourcing providing benefits including the freeing of int
35、ernal resources,support,and maintenance over time,and cost efficiencies when considering the total cost of ownership,its no surprise that one in two(49%)organizations are using third-party suppliers to manage digital identities(certificates and keys)of IoT or connected products.Considering that most
36、 organizations report that improvements are needed in their IoT and connected product security page 11,working with vendors to either support their internal PKI solutions or to entirely outsource the solution seems to be a logical step to provide additional security to devices.With 4 in 10 organizat
37、ions that operate and use IoT and connected products reporting that they strongly agree they would benefit from using a PKI to issue digital identities on the IoT and IIoT devices in their environment,there is an opportunity to partner with a vendor for their PKI solution and experience the advantag
38、es that it offers.12The state of security in IoT and connected devicesYes,we have a hybrid of active third-party and internal solutionsYes,we have an active third-party solution onlyNo,but we are evaluatingNo,we dont see the need for a PKI solutionYes,we have a native internal solution onlyTotalUSUK
39、FranceGermanyAustraliaJapanChina44%27%23%5%1%46%26%26%2%0%44%15%15%16%1%36%35%20%4%2%43%29%23%4%1%62%9%24%6%0%73%12%12%3%0%36%15%36%9%3%Figure 2Is your organization utilizing a Public Key Infrastructure(PKI)solution to issue digital identities and/or manage certificates on the IoT and IIoT(Industria
40、l IoT)devices in your environment/on the IoT devices that you design/manufacture?Split by country,omitting some answer options.13Vendor demand With IoT and connected product usage increasing in the past three years page 39,organizations are seeking further support with the management of these device
41、s.The state of security in IoT and connected devicesFigure 3Why does your organization use third parties to manage the digital identities of its IoT/connected products?Asked to respondents that use third parties to manage the certificate lifecycle of its IoT devices.Split by respondent type,omitting
42、 some answer options.FlexibilityCost:outsourcing versus hiring internal dedicated resourcesFull visibility of certificates in one placeReduce internal workloadAuditabilityTime savingsLack of in-house experience/skillsAccountability41%47%36%41%38%43%38%40%37%37%38%37%35%35%36%34%34%34%33%34%33%32%34%
43、30%TotalOperators/UsersOEMs14The state of security in IoT and connected devicesWhen experiencing a significant increase in device numbers or usage,organizations are more likely to be managing their digital identi-ties through third parties compared to those that have seen their product usage stay th
44、e same or decrease.Vendor support being more significantly sought as device numbers increase demonstrates that organizations are struggling to manage this growth.With maintaining a high level of security for their devices of upmost importance,having a dedicated supplier to manage the devices and ass
45、ume some responsi-bility for security elements will ease the minds of those organizations.The demand for third-party vendors is clear,however there are variances in what organizations are seeking from their suppliers.Typically,flexi-bility,cost saving benefits,and having full visibility of certifica
46、tes in one place are among the top priorities.However,organizations size and function when thinking of IoT and connected products have differing priorities for vendors.Those that operate and use IoT and connected products find flexibility of more importance,and cost-saving benefits are of primary im
47、portance for OEM organizations.The key areas that each organization type is seeking from their vendors indicates particular pain points that they are experi-encing and therefore why they are seeking this externally to ease their frustrations.Of similar popularity is utilizing vendors for a certifica
48、te lifecycle automa-tion platform to manage certificates,with almost 9 in 10 agreeing that they would benefit from using one.Smaller organizations(those with 500 to 4,999 employees)are more likely to strongly agree there are benefits to their organization using this platform,and this is shown in wha
49、t they are seeking in external suppliers.As is often found with smaller organiza-tions,they tend to experience internal workload concerns,and therefore are more likely to report associated challenges,such as time savings(36%)and reducing the internal workload(38%)as reasons for using third parties t
50、o help with digital identity management.This indicates that those with lower employee counts,and therefore likely lacking certain skills internally,benefit from having close assistance from external support.89%of users/operators agree their organization would benefit from utilizing a certificate lif
51、ecycle automation platform to manage certificates46%of users/operators in smaller organizations(under 5,000 employees)strongly agree their organization would benefit from utilizing a certificate lifecycle automation platform to manage certificates15IoT and connected device security challengesSection
52、 2In this section,we examine the security challenges presented by IoT and connected devices.We have organized the topics in the following order:1.Areas of challenge for organizations IoT and connected product security2.Security budgets:2023 and beyond3.The impact of industry standards and regulation
53、s4.Cyber breach responsibility5.But it depends on the breach?16Areas of challenge for organizations IoT and connected product security The constant-threat nature of IoT or connected product security is leaving organizations with many sizeable concerns and challenges,compounded by almost all organiza
54、tions stating they face challenges in securing IoT/connected products.IoT and connected device security challengesFigure 4What challenges,if any,does your organization face when looking to secure the IoT devices that you design/manufacture?Omitting some answer options.Inability to quantify the threa
55、t impact of third-party IoT devicesLack of visibility and management of devicesLimited solution integrationInsecure or weak application programming interfaces(APIs)Lack of internal skillsLack of testingCostMy organization does not face any challenges in securing IoT/connected products/products that
56、we design/manufacture43%42%40%39%34%31%28%3%50%36%*36%*48%42%44%45%59%*joint top answers Top answers,by country17IoT and connected device security challengesThose who havent experienced any cyber attacks on their IoT and connected products in the past 12 months are more likely to say that they do no
57、t face any challenges in securing their products or those that they design and manufacture(22%)compared to those that have experienced attacks(2%)theres a clear level of naivety among those who havent experienced attacks.Those who have experienced attacks recognize the multi-faceted aspects of prote
58、cting their devices,and therefore are knowledgeable of what challenges occur because of this.We explore further the experiences of those that have experienced cyber attacks on pages 44-46.However,despite what we have seen with the desire for vendor support,organizations are having to make a compromi
59、se.They are needing to use third-party devices as a necessity,and outsourcing their security elements is also becoming evidently more important.But,many(42%)dont have the visibility and transparency that they are craving,causing high levels of concern surrounding how protected these devices are(43%)
60、.This is generating an overall feeling of wariness of how organi-zations feel towards securing their IoT products,which needs to be overcome in order to fully realize a successful working partnership with vendors.Creating a trusting and open relationship with a vendor will provide clarity surroundin
61、g the security of devices,which will help to alleviate any feelings of concern.Curiously,less than a third of organizations are feeling challenged by cost in relation to IoT and connected product security,which is a concern.Perhaps it is that organizations feel that cost is irrelevant,and they are r
62、ecognizing that there is a need to put increasing budget towards securing their IoT and connected devices seeing it as a non-negotiable element,and therefore it isnt viewed as a challenge.Or,cost is being pushed to the back of the list when it comes to think-ing about concerns and challenges with Io
63、T security.If organizations become complacent when it comes to putting money towards IoT product security,it elevates the risk of any cyber attack being successful.Regardless,organizations need to carefully consider the best way to invest in security for their connected products and ensure that this
64、 is of priority when setting budgets every year,to protect against the ever-in-creasing cyber threat on IoT devices as well delve in to,on page 42.97%of organizations face challenges in securing IoT/connected products18Security budgets:2023 and beyond There is recognition that spending in the area o
65、f IoT and connected device security is imperative,with budgets expecting to increase year on year for the next five years.With a planned 45%increase in budgets for that time period,organizations are aware that they need to spend in this area to protect their organizations devices from threat.Its ack
66、nowledged that this investment is crucial and demonstrates that product security is being prioritized.Delving further into this,driving the year-on-year budget increase is OEM organizations,with an average increase of 52%in five years,showing a more substantial investment from the product manufactur
67、er and design side in the security of their IoT and connected products.As well see on page 23,the liability for cyber breaches on connected products is a complex area and therefore OEM organizations are increasing their budget to help protect against responsibility.IoT and connected device security
68、challengesFigure 5Please estimate how much budget your organization has for the security of IoT/connected products this year?Showing average budget.In five years timeIn two years timeThis year$647,177$529,944$446,015this year vs five years45%22%19%19IoT and connected device security challengesFigure
69、 6Please estimate how much budget your organization has for the security of IoT/connected products this year?Showing average budget,split by respondent type.Budget increases for operator/user organizations are also planned for,with an average increase of 38%,which is primarily due to an increase in
70、cyber threat(45%)and an increase in the number of IoT and smart devices(45%).With the increase in device numbers likely raising the level of cyber threat that devices are exposed to,increasing budget is a rational step for organizations to take to ensure their devices are protected.Similarly,the mor
71、e devices there are,the more potential there is for user error to cause cyber breaches,so organizations should be preparing their employees to follow procedures and updating security as frequently as possible.Of note too is that a quarter of smaller organizations(26%)see their budget increasing due
72、to experiencing certificate outages(in comparison to 9%of larger organizations),highlighting an area of struggle for smaller organizations and therefore something which vendor support could be sought to mitigate the need for increased budgets.In five years timeIn two years timeThis year$626,313$518,
73、158$454,422this year vs five years38%Operators/Users21%14%In five years timeIn two years timeThis year$667,058$541,275$437,918this year vs five years52%OEMs23%24%20The impact of industry standards and regulations Alongside budgetary concerns and challenges working with third-party suppliers and devi
74、ces,organizations are also feeling under pressure when it comes to considering industry standards,compliance requirements,and regulations that they have to adhere to.These elements are having a clear influence on the development of connected and IoT products,with conforming to standards and regulati
75、ons having noticeable impacts on how organizations can advance in this area.Almost all(98%)organizations report that regulations do impact the development of IoT and connected products,which demonstrates how much these have influence over how a device can progress and be used within the market.Vetti
76、ng the supply chain for cybersecurity,being required to meet an industry cybersecurity standard in order to continue to sell products to the market,and adding personnel to more directly handle product security are reported as the top impacts of satisfying regulations and standards.Such standards inc
77、lude:Smart Home:Matter Automotive:UNECE 155/156,ISO 15118,ISO 21434 Industrial:IEC 62443 Multiple Industries:IEEE 802.1AR In particular,having to vet the supply chain for cybersecurity is a top impact of conforming amongst both organization types,and considering the costs of having inadequate cybers
78、ecurity for their products,its no surprise that organizations are taking measures to ensure that all aspects of their supply chain are up to par.This ties to the potential lack of trust and transparency that there is with suppliers or vendors that organizations are working with page 17 and is an are
79、a that will be beneficial to all involved if improvements can be made.And with almost 4 in 10 organizations that operate and use IoT and connected devices(38%)expecting their budget increases to be due to changes in government or other regulations that they will need to comply with,this dynamic area
80、 is something that organizations need to be prepared to keep pace with.IoT and connected device security challenges21We are having to vet our supply chain for cybersecurity(or passing security down to our suppliers)We are being required to meet an industry cybersecurity standard in order to continue
81、 to sell our products in the marketWe have had to add personnel to more directly handle product cybersecurityWe have to modify our risk assessment processes(PFMEA,DFMEA,etc.)to incorporate cybersecurityWe have to modify our production facilities to incorporate a new processOur development verificati
82、on and validation processes have changedOur warranty has changed due to cybersecurity concernsOur development tools have changedOur coding standards have changed41%41%42%38%34%41%34%35%33%33%31%36%31%32%31%31%33%29%27%24%30%24%26%22%22%25%20%TotalOperators/UsersOEMsFigure 7How are industry standards
83、,compliance requirements,and regulations impacting the development of connected/IoT products?Split by respondent type,omitting some answer options.IoT and connected device security challenges22IoT and connected device security challengesCyber breach responsibility When cyber breaches occur,one of th
84、e foremost questions is,“Who is responsible for this?”With IoT and connected products,the answer is not always clear.Almost half(48%)of respondents reported that the manufacturer of the IoT or connected product should be held at least mostly responsible for any cyber breaches,with this increasing to
85、 53%in North America.This perhaps helps to explain the complacency spoken about on page 5.If organizations in North America on the whole believe that the manufacturer should take responsibility for any cyber breaches on their devices,then this could be why they feel theyre“fully”protected from cyber
86、 attacks.Figure 8If an organization was to experience a cyber breach on its IoT/connected products,who do you believe should be held responsible?Omitting some answer options.The manufacturer should be completely responsibleThe manufacturer should be mostly responsibleThe manufacturer and user should
87、 be equally responsibleThe user should be mostly responsibleThe user should be completely responsibleIt depends on the breach16%31%38%7%1%6%23IoT and connected device security challengesBut it depends on the breach?When further probing respondents who believe there is a grey area with liability for
88、cyber breaches(respond-ing it depends on the breach),many report that manufacturers have a responsibility to take actions such as releasing security patches and ensuring that any known vulnerabilities or flaws are covered.This would allow them to make certain that they have done all they can to prot
89、ect the devices and provide confidence to users that they are protected.However,there is also the view that manufacturers can only do so much.With end users being close to the products in their daily use,they must check for software updates and security patches that manufacturers release.They must a
90、lso ensure that they are using the devices with the correct procedures and being alert to any possible cyber threat avenues;therefore continuous education for employees is critical.Without organizations being able to provide evidence of this,many believe that liability cannot be assumed upon the man
91、ufacturers and end users bear much of the responsibility.However,considering that 85%of organizations believe the manufacturer has responsibility at some level(whether total,most,or equal responsibility with users),this signifies that manufacturers should be prepared for a majority believing they ha
92、ve accountability when cyber breaches occur.This can lead to a negative association for manufacturers if a large-scale cyber breach occurs on one of their designed or manufactured products,so its important to keep in mind the public perception of liability,as well as actual liability.There is,howeve
93、r,a small proportion of respondents who believe that it depends on the breach when it comes to being held responsible for breaches on IoT and connected devices.This is explored further on page 25.believe the manufacturer should be at least mostly responsible48%North America53%EMEA46%APAC41%The manuf
94、acturer should be at least mostly responsibleSplit by region24IoT and connected device security challengesFigure 9In the previous question,you indicated that it would depend on the breach as to who is responsible for cyber breaches on organizations own IoT/connected products.Please can you expand on
95、 the reasons for selecting this?I think it is essential to know how an application is used before looking for the person responsible.This can come from improper use as well as from a flaw in production.”Operator/userIf a vulnerability is known and the manufacturer has not issued a patch then it woul
96、d be the manufacturers fault.However if the user hasnt deployed a patch in a timely fashion then it would be the user.”Operator/userIf the violation is due to negligence on the part of the user(non-compliance with the procedures for use or safety)it cannot be attributed to the manufacturer.”OEM25In
97、reality,the liability incurred will mainly depend on the actual cause of this violation.This may be human error on the part of an employee or a software problem attributable to the manufacturer of the object in question.”Cyber security is a mixture of people,technology and process the manufacturer c
98、an only be responsible for the technology aspects not the people or process related ones.”Operator/userOperator/userUltimately,there is an element of responsibility on both sides to ensure a device is“fully”protected,by both the manufacturers/designers and the operators/users.Organizations need to b
99、e assured that they have taken the proper precautions and proactive steps so that the impact of cyber breaches are mitigated,or avoided altogether.IoT and connected device security challenges26OEM organizationsSection 3In this section,we dive deeper into insights from original equipment manufacturer
100、(OEM)respondents.We have organized the topics in the following order:1.OEM security priorities2.The challenges faced by OEM organizations3.Industry standards and regulation impacts4.The true cost of certificate management5.Lifetime responsibility of IoT and connected products27OEM organizationsOEM s
101、ecurity prioritiesOEM organizations have a unique role in the security of IoT and connected devices.Developing products that are secure from the very foundation is crucial in safeguarding sensitive data,protecting user privacy and mitigating the risk of cyber attacks.However,achieving adequate secur
102、ity in IoT devices is far from straightforward.The diverse range of IoT applications,each with its own unique requirements and constraints,elevates the complexity of devising effective security protocols that can be universally applied.To this point,OEMs have varying methods of securing connected de
103、vices and IoT products that they design and/or manufacture,and this varies by organization and by region.Only 1%are not looking to secure their devices,for the reason that the data isnt sensitive,therefore indicating that security is top of mind for OEM organizations and there are consid-erations in
104、 the methods they are utilizing.However,with an average of three methods used,are organizations doing as much as they can to protect their products?With OEM organizations withstanding the majority view that liability for cyber breaches on devices is directed towards them page 23,the priority that th
105、ese organizations place on security is fundamental to their success.9 in 10 OEMs(91%)overall agree that they should prioritize security over overall functionality or product design,with 4 in 10(42%)agreeing to this strongly,making it a fundamental part of the product and one that organizations shoul
106、d be,and are,prioritizing.Further to this,46%of OEM organizations strongly agree that secur-ing brownfield on already deployed devices is of importance,and this vision is increasingly valuable considering the length of time to deploy brownfield IoT hardware or capabilities.Time is of the essence whe
107、n security threats are identified,and therefore considering the quickest way to deliver solutions to their customers is imperative.Having this as a strategy that could provide quick relief to any possible cyber-threat could help OEM organizations reduce their liability and elevate their status as to
108、p manufacturers.28OEM organizationsFigure 10What methods do you utilize today to ensure the connected devices and IoT products you design and/or manufacture are secure?Respondents selected three answer options,on average.Omitting some answer options.Respondents organizations are OEMs of IoT/connecte
109、d devices.49%47%45%42%40%39%1%0%0%52%62%51%59%*59%*59%*51%56%*56%*joint top answers*note low base sizes in Australia,Japan,and ChinaTop answers,by countryWe assign a unique identifier and use a PKI to verify the device before assigning a public identifierWe sign our code and check it at boot and at
110、intervals during executionWe put a key and lifetime certificate on the device for communicationOur shell access is limited by username/passwordWe hide a secret button on the device to prevent technician accessWe sign our code and verify it at every bootWe dont secure our products because the data is
111、nt sensitiveWe dont secure our products for another reasonWe dont know how to secure the products we design and/or manufacture29OEM organizationsThe challenges faced by OEM organizations The challenges OEMs experience extend beyond technical aspects of connected device security.The lifecy-cle of IoT
112、 devices is extensive,encompassing various stages such as design,development,manufacturing,distribution,and ongoing updates.Each of these stages presents its own set of vulnerabilities and potential entry points for cyber threats.With these multifaceted challenges for OEM organizations,understanding
113、 the intricacies of these challenges can lay a solid foundation for implementing robust security measures and forti-fying their products against potential vulnerabilities and threats and there are considerations in the methods they are utilizing.However,with an average of three methods used,are orga
114、nizations doing as much as they can to protect their products?Almost all OEM organizations face challenges when considering the security of manufacturing/production/supply chain lines,and crave clarity and support surrounding best practices,equipment downtime,and the increase in potential of cyber a
115、ttacks.And with additional challenges being a lack of skills or talent to manage complex struc-tures(29%),or lack of appropriate digital infrastructure(30-32%),its evident that external support is desired to be able to ease as many of these challenges as possible.This links to the feeling of unprepa
116、red-ness referenced throughout sections one and two of this report,and supplier support will allow a portion of these challenges to be relieved from OEMs,freeing time and allowing more focus on designing,devel-oping,and manufacturing the products.Having a lack of budget being the lowest reported cha
117、llenge(28%)ties to our previous sentiment that organizations are aware that putting funding towards the security of IoT and connected devices is not something that can be compromised on page 19.We see the same here when considering the security of manufacturing,production,or supply chain lines;budge
118、t is required for security and therefore organizations will fund it as it is critical.30Figure 11What challenges,if any,does your organization face when considering the security of manufacturing/production/supply chain lines?Respondents organizations are OEMs of IoT/connected devices.42%39%34%32%30%
119、29%28%19%1%Lack of clarity around best practices to implement security across multiple global manufacturing sitesConcern with equipment downtime impacting production output if an outage related to security or connected devices occursGreater/increased potential of cyber attacksLack of appropriate dig
120、ital infrastructure we have the systems in place,but it will not support change on the scale requiredLack of appropriate digital infrastructure it would require an entire transformation of our digital systemsLack of skills or talent to manage complex structuresLack of budget/appropriate fundingIt is
121、 not a top priority for our organizationWe do not experience any challenges when considering the security of our manufacturing/production/supply chain linesOEM organizations31OEM organizationsIndustry standards and regulation impacts Further to the challenges experienced with the security of manufac
122、turing and supply chain lines,almost all OEM organizations also have to navigate stringent industry standards and regulations which have a weighted impact on how they are able to move forward with the products that they design and manufacture.Figure 12How are industry standards,compliance requiremen
123、ts,and regulations impacting the manufacturing processes that produce connected/IoT products?Respondents organizations are OEMs of IoT/connected devices.50%45%41%39%34%28%1%We are having to vet our supply chain for security(or passing security to suppliers)We have to modify our risk assessment proce
124、sses to incorporate securityWe have to modify our production facilities to incorporate a new processOur warranty has changed due to security concernsOur development verification and validation processes have changedOur coding standards have changedMy organization is not experiencing any impacts32Ess
125、entially all(99%)OEM organizations report impacts to their manufacturing processes when conforming to industry standards,compliance requirements or regulations,with having to vet supply chain lines for security(or passing this to suppliers)the top-rated challenge.This extends to the earlier explorat
126、ion of impacts on the development of IoT and connected devices pages 2122 where the sentiment and top challenge reported is relating to the supply chain and its security.This is evidently an area where organizations are feeling pressure to get right,with the impacts of insufficient cybersecurity,or
127、any gaps in security,a deep concern.With many of these impacted areas,organizations could seek to work with an external vendor to support and navigate these challenges presented by compliance to standards and regulations.By having a guiding hand from a vendor with expertise and experience,OEM organi
128、zations can spend more of their valuable time in designing and developing security elements for the products themselves.The true cost of certificate management For some organizations,a large proportion of their manufacturing lines are supported by IoT devices and connected products,so being able to
129、maintain production without certificate outages is a necessity to prevent further cost incurrence.However,this in itself is presenting a challenge,with 98%of organizations having experienced certificate outages in the last 12 months.The total average cost to organizations for certificate outages on
130、their manufac-turing lines in the last 12 months is staggering,at over$2,250,000.This represents a significant cost to many organizations,which will have severely impacted their ability to direct budgets towards preventing security incidents on their devices.The cost is also higher in APAC($2,843,88
131、8)and North America($2,610,714),demonstrating a challenge felt in these regions in particular.The good news is that there are obvious solutions on the market,with PKI solutions prominent in assisting organi-zations with certificate management.A proportion of organizations are not yet using PKI(6%),a
132、nd many OEMs are using internal solutions only(27%).With this being a widely outsourceable solution,it begs the question as to why more organizations arent considering an external PKI solution to ease the concern and inevitable financial risk surrounding certificate outages.OEM organizations33Figure
133、 13For certificate outages experienced on your organizations manufacturing line,what was the total cost to your organization in the last 12 months?Showing average cost,split by region.Respondents organizations are OEMs of IoT/connected devices.OEM organizationsLifetime responsibility of IoT and conn
134、ected products When designing and manufacturing IoT or connected products,OEM organizations recognize they have multiple areas of responsibility for security of devices across the entire lifecycle of a product.All(100%)OEM organizations agreed that the responsibilities listed below are important to
135、their organization when manufacturing IoT and connected products,with lifecycle management of cybersecurity components in the product being the top responsibility(70%).Its important that organizations have this level of awareness that their obligation does not end as the product is sold,and that ong
136、oing support and development against the increasing cyber threats is vital.As we have seen,continuing to develop security for already existing devices is key for OEMs to prevent possible liability when cyber breaches occur page 23.Global$2,302,278APAC$2,843,888+$541,610 vs totalNorth America$2,610,7
137、14+$308,436 vs totalEMEA$2,056,405-$245,873 vs total34Figure 14As a manufacturer of IoT/connected products,what are the top responsibilities to the customer that your organization has over the security of the final product?Combination of responses ranked first to third.Respondents organizations are
138、OEMs of IoT/connected devices.However,its not to be forgotten that keeping an open and transparent line of communication with operators and users of their products will help to ensure that the products are protected as much as possible.Over half of OEMs(54%)believe that disclosing security risks is
139、a responsibility,however if more organizations took this approach,it would provide the potential for more collaborative work with operator and user organizations,working together to take steps to prevent any known security risks,and ultimately protect products to a greater extent.With approaching ha
140、lf(45%)of OEM organizations strongly agreeing that IoT security should be consid-ered at the product design stage,its clear that more need to demonstrate they are vigilant and proactive in the security of their devices over their entire lifecycle,from design conception to their final use.OEM organiz
141、ations70%62%59%56%54%0%Lifecycle management of the cybersecurity components in the productOffering up security or software bill of materialsReview operating systemsProvide software updatesDisclose any security risksNone of the above responsibilities are important to my organization when manufacturin
142、g IoT/connected products35OEM organizationsSummary for OEM organizationsMaintaining the position of security at the heart of product design and development is vital for IoT and connected products to withstand the elevated security threats towards these devicesUsing many of the methods available to e
143、nsure the connected devices and IoT products they design and manufacture are secureWorking with a third-party supplier to mitigate the challenges of certificate outages or production line downtime will reduce financial concerns with PKI solutions a recognizable solution that would assist with this c
144、hallengePlacing the product lifecycle as a top priority is key to ensure that their products will appeal to organizations that look to use and operate IoT and connected devicesContinuing to support devices with security patches and software updates will reduce possible liability,and provide assuranc
145、e that products are as protected as they can beSecuring already deployed devices(brownfield)is a quick way to deliver heightened security to potential flaws that exist in productsOEM organizations should consider:36Operator and user organizationsSection 4In this section,we take a closer look at insi
146、ghts shared by respondents representing operator and user organizations.We have organized the topics in the following order:1.IoT and connected product usage and investments2.Diving into the increase in product usage 3.The risk of cyber attacks on IoT and connected devices 4.The cost of inadequate d
147、evice security 5.The consequence of device attacks 6.Moving from naivety to cyber resilience37Operator and user organizationsIoT and connected product usage and investments Across many industries and sectors,organizations have embraced IoT and connected product technology,and actively operate and ut
148、ilize them in their day-to-day work.Usage has developed significantly in the past few years,driven by substantial investments made by organizations to capitalize on the promise of connected devices.However,alongside this rapid expansion comes a host of security concerns that must be addressed by org
149、anizations that are falling short of adequately protecting their IoT infrastructure.Though to start with,its important to begin by understanding what organizations have seen as the most critical elements of this technology and where they have been placing their investments.All organizations that ope
150、rate and use IoT and connected devices have invested further in this area in the past three years,with hybrid working technologies,security cameras,and real time monitoring and location tracking being the top investment areas.Perhaps unsurpris-ingly,hybrid working continues to be an area in which or
151、ganizations are seeking support from devices as changes in working patterns and location continue to be in demand following the pandemic.The use of security cameras is being driven primarily by larger organizations(with over 5,000 employees),with smaller organizations pursuing real-time monitoring a
152、nd location tracking(53%)as their top investment.With an overall increase of 20%on average for the number of IoT and connected products used by organizations in the past three years,this is a substantial area of growth,and one where organizations will be feeling a need to not get“left behind”.Increa
153、sing investments in IoT and connected products that can help organizations with their daily challenges allows organizations to free their time,however,as their device usage is growing,their security needs will also be growing increasing the need for external support.3853%53%52%46%43%40%38%35%0%Hybri
154、d work technologiesSecurity camerasReal-time monitoring and location trackingInventory and asset managementDoor locks or physical securitySmart lightingSpace utilization technology/toolsIndoor air quality monitoringWe have not invested in any IoT/connected products in the past 3 yearsFigure 15In the
155、 past three years,what types of IoT/connected products has your organization invested in?Respondents organizations are operators or users of IoT/connected devices.Omitting some answer options.Operator and user organizations39Operator and user organizationsDiving into the increase in product usage It
156、 makes sense that as time goes by,organizations seek to use connected products for different reasons,especially as technological advances and changes in the products capabilities will help to solve different challenges experienced by organizations.The 20%average increase in IoT and connected product
157、 usage is largely driven by organizations with a higher employee count,who have experienced an average increase of 26%in the number of devices in the past three years,compared to smaller organizations at 19%on average.Similarly,the increase has also been driven in large part by safety and security c
158、oncerns,alongside digital transformation and the increase in hybrid working.Perhaps it is the perception that IoT and connected devices are relatively secure,and a good way for organizations to enhance their safety and security which is why organizations are turning to them in recent years.However,t
159、his view can certainly be challenged,as we see on pages 4546.And again,we see the impact of hybrid working causing a change in habits.Evidently,it is of huge relevance to many organizations who are turning to devices to help with security and other concerns.As usage is growing,organizations will be
160、keenly aware that their security needs will also grow.With larger organizations seeing this growth more so in recent years,it is an area where they are seeking support to help manage this growth.Most organizations are looking to their budgets to help support the increased product usage,with 55%repor
161、ting an increased cyberse-curity budget has been central to managing this.However,additional to this,ensuring there has been increased training and awareness for employees around cybersecurity best practices has also been pivotal(53%)alongside investing in new cybersecurity solutions(51%).Looking to
162、 ensure that employees are appropriately trained and aware of threats towards devices is a necessity when considering responsibility for cyber breaches pages 2324,therefore almost half of organizations that are not prioritizing this are placing their devices at risk with the potential for financial
163、consequences page 44.40Operator and user organizationsFigure 16Which of the following,if any,has driven your organizations use of IoT/connected products in the workplace?Respondents organizations are operators or users of IoT/connected devices.Split by organization size,omitting some answer options.
164、Safety and securityDigital transformationHybrid workingIndustrial automationSupply chain managementData aggregationSpace utilizationEnvironmental reasons(e.g.climate change)52%52%54%51%48%68%49%49%44%41%42%36%37%39%27%34%35%25%33%34%23%32%31%42%Total5004,999 employees5,000 or more employees41Operato
165、r and user organizationsThe risk of cyber attacks on IoT and connected devices The safety and security concerns that organizations using and operating IoT products experience is valid.A difficult landscape of increased cyber attacks targeted towards IoT and connected products means that organization
166、s have increasing concern over how to protect their devices effectively,and with a vast array of attack vectors,security needs to be all-encompassing.69%of organizations have seen an increase of cyber attacks on their IoT devices in the last three yearsIts clear that most will not escape their devic
167、es being targeted,with cyber attacks appearing almost inevitable almost 9 in 10 organizations have experienced attacks towards their IoT and connected devices in the past 12 months.And further to this concern,is the multiple attack vectors that these attacks are coming from;with phishing/pharming/sm
168、ishing(51%),malware(43%),and ransomware(41%)the top experi-enced by those that have experienced a cyber attack in the past 12 months.Therefore,its no wonder that organizations have high concerns when it comes to device security.Over two thirds(69%)report that their IoT devices have seen an increase
169、in cyber attacks in the last three years,and it doesnt look as though this will change going forward.Organizations therefore need to be a step ahead when thinking about their product security,ensuring that their device security covers many possible avenues of attack.Simple actions such as ensuring m
170、ulti-factor authentication(MFA)is active to verify users identities and ensuring employees are trained and aware of attack vectors are initial steps to take.With 73%of organizations agreeing that ransomware poses a considerable threat to their organizations IoT devices,ensuring that anti-malware sof
171、tware is up to date and monitored can help to ease this concern.42Figure 17Of the following attack vectors,which if any,has your organization experienced in the last 12 months on IoT/connected products?Showing the results of those that have experienced a cyber attack in the past 12 months.Respondent
172、s organizations are operators or users of IoT/connected devices.Omitting some answer options.51%43%41%39%34%32%31%Phishing/pharming/smishingMalwareRansomwareDistributed denial-of-service(DDoS)attacksMan-in-the-middle(MitM)attacksFirmwareBrute force attack89%of respondents said their organizations Io
173、T/connected products have faced cyber attacks in the last 12 months.89%Operator and user organizations43Operator and user organizationsOver half of organizations annual budget for securing their IoT and connected devices is vulnerable to being diverted to cover the cost of successful breaches.On pag
174、es 1920 we explored average annual budgets for IoT device security,and 52%of the 2023 budget could be diverted to the cost of cyber breaches on IoT and connected devices should they be successful($236,035).This is considerable for organiza-tions and demonstrates that the cost of cyber breaches is in
175、creasingly severe.It is leaving organizations with less than half of their original budget to spend on securing the devices in the first place,and if more than one breach is successful then organizations will struggle to place any budget in this area.Organizations therefore need to be increasingly v
176、igilant with their IoT and connected device security,otherwise financial consequences have the potential to be very damaging.With most believing that users of IoT The cost of inadequate device security With cyber attacks an increasing risk for IoT and connected devices pages 4243,the cost of cyber b
177、reaches has the potential to be substantial and very damaging for organizations looking to use IoT and connected devices to their full potential.43%of the cyber attacks experienced in the last 12 months were on IoT/connected products,on average43%is the average total cost of cyber breaches experienc
178、ed through organizations IoT/connected products in the last 12 months$236,035and connected devices have an element of responsibility alongside the organizations that manufacture these devices,organizations need to take responsibility in ensuring that their device security is up to date,and that thos
179、e that use these devices are aware and compliant when it comes to avoiding falling victim to any attacks.Implementing training,clear processes,and procedures will ensure compliance and reduce liability should any cyber attacks be successful.(USD)44The consequence of device attacks As well as fearing
180、 the financial cost of cyber attacks,organizations also have other concerns should an unsecured IoT or connected product result in a cybersecurity intrusion.External reputation damage,losing customer data,and losing employee data are the top concerns,however it is interesting to consider the top imp
181、acts by those that have experienced cyber attacks on their IoT or connected devices in the past 12 months,compared to those that have not.For organizations that have experienced cyber attacks,they are more likely to report concerns in all areas,with relatively high scoring across the board.Comparing
182、 this to those that have not experienced attacks,the concern varies in different areas,with higher concern for losing customer data and low concern for employees losing confidence.It indicates that there is a preparedness that comes with experience of having experienced a cyber attack.These organiza
183、tions understand that all the areas are important and can be of consequence,and this is a learning for organizations yet to experience an attack on their IoT devices.Being prepared in a multi-faceted way is essential to avoid the potential consequences of a cyber attack.Further to this,seeing that r
184、evenue loss is reported as the least concern-ing impact,this suggests a level of naivety for many organizations.It could be that there is not a full understanding of the financial impact of a cyber breach and the consequences that it could have.It could be that there is not a full understanding of t
185、he financial impact of a cyber breach and the consequences that it could have.This ties to some areas that we have already explored,with organiza-tions considering themselves“fully”protected against attacks pages 1011.Organizations may consider themselves fully protected,as they have considered the
186、attack avenues and consequences that they may experience should a cyber breach occur.However,if an element hasnt been fully protected,or an attack avenue not fully explored,perhaps the consequence of not protecting this isnt fully realized.Organizations can take the experiences of those that have fa
187、ced attacks and ensure that all consequences are considered and prepared for,to lessen the impacts should a cyber breach be successful.Operator and user organizations45Figure 18If your organization were to experience a cybersecurity intrusion resulting from an unsecured IoT/connected product,what im
188、pact most concerns you?Combination of responses ranked first to fifth.Respondents organizations are operators or users of IoT/connected devices.Split by those that have or have not experienced cyber attacks in the past 12 months,omitting some answer options.Operator and user organizationsExternal re
189、putation damageWe lose customer dataWe lose employee dataOrganizational downtimeEmployees lose confidence in our organizationRegulatory finesCustomers leave us and move to a competitorReduction/removal of our organizations IoT/connected device usageRevenue loss60%58%69%58%56%75%57%56%61%57%56%66%57%
190、60%29%55%56%41%54%55%51%53%55%36%50%48%64%TotalThose that have experienced cyber attacksThose that have not experienced cyber attacks46Moving from naivety to cyber resilience With it being increasingly evident that organizations that operate and use IoT and connected devices are struggling under the
191、 weight of increased devices,increased targeted attacks towards these devices,and the consequences following,its clear that there is a need for improvement.Over half(56%)agree that their organization doesnt have the proper awareness and expertise to prepare for cybersecurity attacks through IoT devi
192、ces,with 1 in 5(21%)strongly agreeing to this.Operator and user organizationsFigure 19To what extent do you agree or disagree with the following statements?Respondents organizations are operators or users of IoT/connected devices.Showing split of those that have/have not experienced a cyber attack i
193、n the past 12 months.Omitting some answer options.My organization doesnt have the proper awareness and expertise to prepare for cybersecurity attacks through IoT devicesTotalHas experienced a cyber attackHas not experienced a cyber attackAgree stronglyDisagree slightlyAgree slightlyDisagree strongly
194、21%22%35%37%22%25%23%44%18%17%29%5%47Operator and user organizationsFurthermore,the view that organizations that have not experienced cyber attacks have a level of naivety regarding attacks is compounded with almost three quarters reporting a disagreement with the statement that they dont have prope
195、r awareness and expertise to prepare for cybersecurity attacks on their devices(73%).With these organizations feeling they have awareness and have the ability to deal with attacks,it is clear that they arent considering the far-reaching effects that other organizations are considering.For those that
196、 have experienced attacks,more respondents strongly agree that they do not have full awareness and expertise to prepare for attacks compared to those that have not experienced attacks,suggesting they are more realistic and aware of the ever-changing nature of attacks and the ways in which they can i
197、nfiltrate IoT and connected devices.Perhaps some organizations are resigned to the fact that an increase in devices comes with additional threat and associated impacts,however many do recognize that support can provide relief.Many report that introducing a PKI solution to issue digital identities on
198、 IoT and IIoT devices will provide them with benefits(87%),and also utilizing a certif-icate lifecycle automation platform to manage certificates(89%)is seen as a realistic solution.Reviewing the suitability of these solutions for organizations could help to provide a key advantage when trying to ge
199、t ahead of cyber threats and manage the security of their devices.48Summary for operator/user organizationsHow their product usage has changed in the past year,and the reasons for these changes would they benefit from support in managing the security of additional devicesPossible attack vectors,and
200、how cyber-criminals are attempting to attack their devices.Do they have full protection across all possible avenues?Ensuring that their employees are appropriately aware of attack vectors,and the proper processes and procedures to follow when using devices to ensure their securityThe impacts of inco
201、mplete security on their devices;from financial consequences to reputational damage,to losing data,and beyondPlacing a focus on all impacts of a successful cyber breach,ensuring that all areas are considered and prepared forTaking the experiences and lessons learned from organizations that have expe
202、rienced successful cyber breaches in recent years.How theses breaches occurred,and the impacts experienced can help organizations be vigilant with this knowledge they can prepare for and prevent future attacksOperator/user organizations should consider:Operator and user organizations49ConclusionOrga
203、nizations are battling an increasingly threatening world when it comes to protecting their IoT and connected products.They know they need to secure their devices,but a level of complacency is concerning;organizations believe that they are protected,without fully considering if they are.With the secu
204、rity of IoT devices being of prominent importance,organizations cannot afford to not adequately protect their devices,whether they design,manufacture,operate,or use them.The significant costs to annual security budgets for IoT and connected products are at risk of being diverted to the cost of succe
205、ssful cyber breaches,or to the cost of certificate outages on manufacturing or production lines.Organizations cannot be complacent in allowing these to occur,as it takes from the initial budget to protect the devices in the first place causing a potential cyclical effect whereby attacks happen as bu
206、dget hasnt been forthcoming.With the liability for cyber breaches thought to be equal responsibility for users and manufactures of devices,security must be prioritized at both ends.Ensuring that product security is managed throughout its lifecycle is necessary to prevent the risk of new threats from
207、 the varying attack vectors.A marked area in which organizations can further improve their device security is through third-party vendor support,which is sought after by many organizations.Having additional support to face the challenges they are experiencing could be crucial for organizations that
208、are struggling with the increased threat of cyber attacks.PKI solutions to manage certificates and digital identities,or certificate lifecycle automation platforms are recognizable sources of support and can undoubtedly eliminate costly certificate outages.However,seeking support with vendors brings
209、 a new set of challenges.Finding a trusted supplier who will provide transparency and clarity will establish a thriving working relationship and ease many of the challenges that organizations are currently juggling.50Additional resourceseBook:Eight Steps to IoT SecurityImplementing cybersecurity for
210、 IoT devices doesnt have to be complex.Discover an eight-step framework to help you plan for security at the onset of your next project.Keyfactor for Smart Home:Making Matter-compliant devices with security by designDiscover how to establish trust and compliance in Smart Home and consumer IoT device
211、s with identity-first security.White paper:Five Guiding Tenets of IoT SecurityLearn why the potential of IoT security hinges on our ability to build a solid foundation across the IoT ecosystem,consisting of devices built with security and the necessary properties to ensure it endures.Keyfactor Comma
212、nd for IoT:Protect and manage IoT identities at scaleFind out how to create and maintain trust in your IoT products by protecting and managing their identities at scale.Learn more Learn more Learn more Learn more 51Research methodologyKeyfactor commissioned independent market research agency Vanson
213、Bourne to conduct research into the state of IoT security.The study surveyed 1,200 IoT and connected product professionals in June and July 2023,all of whom had some responsibility or knowledge of IoT or connected products within their organization.Respondents were from the US,UK,Germany,France,Aust
214、ralia,China,and Japan.North AmericaEMEAAPAC400300300100343333USGermanyFranceUKAustraliaChinaJapanIoT and connected product professionals surveyed1,20052Research methodologyRespondents were from organizations with 500 to 5,000 or more employees,across the following sectors:manufacturing and productio
215、n,IT,technology&telecoms,energy,oil/gas&utilities,retail,distribution&transport,media,leisure&entertainment,construction&real estate/property,financial services,business&professional services,consumer services,and the public sector.Respondents were from organizations who were either manufacturers(OE
216、Ms)of IoT and connected products,or were operators or users of IoT and connected products.Operators/UsersOEMsRespondent type50%50%All respondents had an element of knowledge or respon-sibility for IoT or connected products in their organization,including setting the strategy or being involved in str
217、ategic decision making.All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.OEM organizations were from the manufactur-ing sector,who were involved in designing IoT or connected products,manufac
218、turing them,or both Operator/user organizations were from any sector(including manufacturing),who operate or use connected products in their factory,facility,or enterprise(no involvement in design or manufacture)53About Keyfactor and Vanson BourneKeyfactor brings digital trust to the hyper-connected
219、 world with identity-first security for every machine and human.By simplifying PKI,automating certificate lifecycle management,and securing every device,workload,and thing,Keyfactor helps organizations move fast to establish digital trust at scale and then maintain it.In a zero-trust world,every mac
220、hine needs an identity and every identity must be managed.For more,visit or follow keyfactor.Built on a foundation of trust and security,Keyfactor is a proud equal opportunity employer,supporter,and advocate of growing a trusted,secure,diverse,and inclusive workplace.Vanson Bourne is an independent
221、specialist in market research for the technology sector.Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions,in all business sectors and all major markets.For more information,visit .54