No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Ponemon on Third-Party IoT Risk: Companies Don’t Know What They Don’t Know

by Corporate Compliance Insights
May 7, 2019
in Risk
vintage B&W photo of man and woman in office with man looking confused

Third-Party Risk Factors Require More Board Level Attention on IoT Security

Santa Fe, NM (May 7, 2019) – The Santa Fe Group, authorities in risk management and the managing agent of the Shared Assessments Program today released the results of the Third Annual Ponemon Institute’s study on Third-Party Risk for the Internet of Things (IoT). Ponemon reports a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017 – from 15 percent to 26 percent – and the results might actually be greater, because most organizations are not aware of every unsecure IoT device or application in their environment or from third-party vendors.

More alarmingly, organizations surveyed have no centralized accountability to address or manage IoT risks. Less than half of company board members approve programs intended to reduce third-party risk and only 21 percent of board members are highly engaged in security practices and understand third-party and cybersecurity risks in general. More than 80 percent of respondents believe their data will be breached in the next 24 months.

“This study proves it’s no longer a matter of if, but when, and board members of organizations need to pay close attention to the issue of risk when it comes to securing a new generation of IoT devices that have found their way into your network, workplace and supply chain,” said Cathy Allen, Founder and CEO of The Santa Fe Group. “The study shows that there’s a gap between proactive and reactive risk management. The time to address this issue is now, and not later.”

This year’s study shows where improvements are critically needed in the following areas:

  • While respondents believe a positive tone at the top is important to minimizing business and third-party risks, few companies represented in this study are making board-level governance an essential part of their risk management program.
  • The IoT threat landscape is expanding rapidly, yet many companies are not assigning accountability or ownership to the management of IoT risks.
  • Staffing and budgets are not adequate to manage third-party IoT risks.
  • Third-party risk management (TPRM) programs should include IoT risks in order to evolve and mature their practices.
  • IoT risk assessment and due diligence must move from TRUST assurance to VERIFY control validation techniques.
  • Companies should be prepared for IoT regulatory oversight to rise.
  • Most companies do not conduct employee training programs on the risks created by IoT devices. Such training must begin now.

A complete copy of the study can be downloaded here.

About the Ponemon Institute

Founded in 2002 by Dr. Larry Ponemon and Susan Jayson, Ponemon Institute conducts independent research on data protection and emerging information technologies. Our goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in regulations and the threat landscape that will affect the collection, management and safeguarding of information assets. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.

Ponemon Institute is the parent organization of the Responsible Management (RIM) Council. The RIM Council draws its name for the practice of Responsible Information Management, an ethics-based framework and long-term strategy for managing personal and sensitive employee, customer and business information. Members of the RIM Council represent a cross-section of Fortune 500 companies and are champions of privacy and data protection in their organizations.

About the Shared Assessments Program

As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third-party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups and special projects. Join the dialogue with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk sensitive environment in your organization.

About The Santa Fe Group

The Santa Fe Group’s risk management experts work collaboratively with organizations worldwide to identify valuable trends, risks and vulnerabilities and to advise, educate and empower organizations in the areas of cybersecurity, third-party risk, emerging technologies and program management. The Santa Fe Group is the managing agent of the membership-based Shared Assessments Program, which helps many of the world’s leading organizations manage and protect against third-party IT security risks.


Tags: Data BreachInternet of Things (IoT)Risk AssessmentThird Party Risk ManagementTone at the Top
Previous Post

Cynet Announces Free Incident Response Tool to Validate, Understand and Remove Active IT Security Threats

Next Post

How CISOs Can Effectively Convey Information Security Risk to the Board

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

circular lake in middle of forest

Why Transparency Matters in Sustainability: A CEO’s Insights

by Ian Spaulding
December 5, 2023

Time for companies to start showing meaningful progress on climate initiatives

broken piggy bank

Fines, Penalties & Litigation Don’t Have to Bankrupt

by Ash Klass and Carolyn McDonnell
December 5, 2023

Ability-to-pay analysis can reduce fines by 80% or more

man bringing plants to his office

New Challenges Arise as Workers Return to the Office — or Don’t

by Chris Hoyle and Ksenia Ioffe
November 7, 2023

Fraud, erosion of compliance practices among biggest risks amid workplace revolution

clouds on blue background

Gartner: Cloud Concentration Rising on List of Risks

by Staff and Wire Reports
November 2, 2023

Third-party viability remains top emerging risk

Next Post
woman in profile speaking jumbled letters

How CISOs Can Effectively Convey Information Security Risk to the Board

Available SQ

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT