When enterprises embark upon their IoT implementation projects, one of the most vital decisions they must make is how much of their IT budgets to allocate to securing IoT projects. While IoT solutions can improve organizational connectivity and operations, they also represent a certain amount of risk. For example, IoT-specific malware infections increased by 700% after the pandemic and targeted more than 500 different types of IoT devices.

To make the most out of their investments in IoT, enterprises must devote enough spend to securing their solutions. According to research from ABI Research, proper spending in cellular IoT security has resulted in up to 30% savings in remediation efforts.

Last week, Aeris and ABI hosted a webinar on the topic of IoT security spending, walking audiences through concrete steps they can take to properly secure their IoT networks and devices. The webinar unveiled new, exclusive research based on a survey of the security spending habits of 150 European and North American companies. Here are some highlights from the webinar and the research.

Gap Between IoT Providers and Security Providers

One of the biggest insights to come from the research was how vulnerable many respondents are to threat actors, despite implementing security solutions. One of the most prominent security challenges to IT departments was a lack of adapted security solutions on the market (25% said this was “very challenging,” while 32% indicated it is “challenging”).

Additionally, research also illustrated that most organizations lean on two to three different providers for their security needs. 47% of respondents leverage solutions from communication service providers, 42% use solutions from original equipment manufacturers (OEMs), and 40% use a dedicated cybersecurity vendor. Michela Menting, Research Director at ABI Research, noted during the webinar that many companies cover their IoT security with their general IT cybersecurity solutions.

Closing this gap takes effort. Organizations must collaborate and take the necessary steps to meet their security needs. Ritesh Patel, Head of Strategic Marketing at Aeris, recommended that attendees have conversations with internal and external stakeholders, and dedicate regular time to discuss security needs.

“Collaboration between security and business functions needs to happen more frequently,” he said.

Key Spending Drivers

The webinar and research also focused on the main factors influencing security spending among the respondents.

Patel further commented on the increasing threat landscape facing enterprises leveraging IoT solutions, most notably an increase in IoT attack vectors.

“Because [attack vectors] have increased, there has been an increase in attacks against enterprises,” he said.

Patel noted there were 1.5 billion attacks against IoT devices in the first half of 2021, costing enterprises an average of $4.4 million to remediate.

“We no longer have any doubt that security investments are absolutely essential for IoT applications,” said Syed “Z” Hosain, Aeris Co-Founder and Chief Evangelist. “If you have a highly successful application, you are going to have tens of thousands, hundreds of thousands, or potentially millions of deployed units. If you have a flaw or newly-discovered flaw after those devices have been deployed, then all units are available as a potential target.”

The research illustrates the importance of protecting IoT projects from these threats, with the top deciding factor among respondents for security solutions being based on internal risk assessments conducted by each program. Menting noted that organizations seek security elements in their solutions and that these are important features for client retention.

Related to the importance of security capabilities, another major driver is industry compliance –with Menting calling it the “stalwart for the security industry.” Organizations are obviously looking for security solutions that cover their security compliance necessities, industry standards, and guidelines.

Budget Allocations

As organizations look to secure their IoT programs, there are three main levels where security costs can be spread: device, network, and cloud. One of the main highlights of the research was the split of security spending among respondents.

On average, organizations spent 33.1% of their budgets at the device level, 23.3% at the network level, and 43.6% at the cloud level.

Menting noted this wasn’t a surprising spread. On the network side, many organizations often extend IT security solutions to cover IoT network security needs. Meanwhile, she indicated the high average at the cloud level is likely due to the fact that cloud deployments are often outside the purview and control of organizations, so they pay more to protect data there.

While the spend average is lower at the network level, there are effective security measures enterprises could – and should – take to protect their IoT investment. In particular, network visibility is essentially, especial as threats against IoT devices increase. If organizations can see the traffic into and out of devices, through the network, they can see which traffic is approved, and which is nefarious.