SYDNEY– In a world where the growing use of connected devices, such as smart watches and connected cars, is occurring at the same time that massive data breaches are making headlines around the world, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.
“A dramatic conclusion from this year’s study is the gap between people’s concerns about protecting their data privacy and security versus the actions they take”
The 2014 ISACA IT Risk/Reward Barometer shows that the majority of consumers in Australia (84%) have heard about major retailer data breaches in the past year. More than half (57%) characterise the way they manage data privacy on connected devices they own as Take Charge rather than Reactive or Passive, 30% and 13% respectively. Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN (45%), made fewer online purchases using mobile devices (15%), or shopped less frequently at one or more of the retailers that experienced a data breach (10%). Interestingly, those 65 and older (46%) were more likely to change their passwords than 18-24 year olds (39%).
“A dramatic conclusion from this year’s study is the gap between people’s concerns about protecting their data privacy and security versus the actions they take,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Businesses need to address this gap by aggressively educating customers and employees about how they can help reduce the risk or minimise the impact of data breaches or hacks.”
According to Sydney-based ISACA International Vice President and Governance Advisory Practice Lead at Vital Interacts, Garry Barnes, “Across Australia, the results suggest that Millennials, having grown up with technology may be more trusting and accepting or have an ‘it won’t happen to me’ approach, whereas Baby Boomers are skeptical and perhaps more vigilant regarding their personal online security.”
In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software and verify that online transactions are secure by looking for a padlock icon displayed in the browser.
ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer has two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, and a survey of more than 4,000 consumers in four countries.
The risk caused by this gap between individuals’ knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. Australian consumers own or regularly use smart TVs (42%) or connected cars (45%), for example, and nearly two-thirds (64%) of people will add connected devices to their wish lists..
Among the top consumer concerns about the Internet of Things—devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (28%) and not knowing how the information collected by the devices will be used (26%).
Wearables at Work
Despite privacy and security concerns, wearables are entering the workplace:
- 75% of men would consider using a wearable device at their workplace compared with 66% of women, according to the consumer survey.
- Almost half (45%) would consider using an employee access card and one-third (30%) a wireless fitness tracker, but few would consider wearing smart glasses, such as Google Glass, in their current workplace (12%).
- More than half of ISACA members in Australia/New Zealand (ANZ) (58%) believe having a wearable in the workplace is risky. But there are also opportunities—35% believe the benefit of the Internet of Things outweighs the risk for enterprises.
IT Departments Not Ready for the Internet of Things
The 110-country survey of ISACA members, who are business and IT professionals, shows that few IT departments or workplaces in general are ready for the invasion of wearables. More than one-third (37%) of ANZ members say their organisation has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (56%) say their BYOD policy does not address wearable tech and another 35% do not even have a BYOD policy.
“The Internet of Things is here, and we are likely to see a surge in wearable devices in the workplace,” said Barnes. “These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”
ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice. Additional information is at www.isaca.org/cyber.
For survey results and infographics, visit www.isaca.org/2014-risk-reward-barometer.
About the 2014 IT Risk/Reward Barometer
Conducted by ISACA, a global association of more than 115,000 IT security, assurance, risk and governance professionals, the study is based on September 2014 online polling of 1,646 ISACA members from 110 countries. Additional online surveys were fielded in September by M/A/R/C Research among more than 4,000 consumers in the US, UK, India and Australia. Full results are at www.isaca.org/risk-reward-barometer.
With 115,000 constituents in 180 countries, ISACA® (www.isaca.org) is a global association that helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals.