Security is hands down the greatest challenge currently facing the Internet of Things (IoT), but just how big are the stakes? According to a recent Ponemon Institute survey, released Wednesday, 94% of risk management professionals believe that a security incident resulting from unsecured IoT devices “could be catastrophic.”

The report, jointly released by the Ponemon Institute and the Shared Assessments Program, was built on the responses of 553 individuals from various industries. The Internet of Things (IoT): A New Era of Third Party Risk takes a look at the concerns around third-party risks in IoT security, and what business leaders are doing to address it.

SEE: Internet of Things policy template (Tech Pro Research)

As part of the survey, respondents were asked about their awareness and preparedness for the growth of enterprise IoT. They were also asked about their perception regarding third-party integration risks, and what practices they were putting in place to manage their own security.

One of the most surprising points was how many survey respondents expected to be the victim of an attack. Some 76% of those surveyed said that a DDoS attack resulting from an unsecured IoT device would be “likely to occur within the next two years,” the report said.

Despite this belief, only 44% said their organization would be able to protect either their network or other systems from “risky” IoT devices. However, not all of these professionals were looping their leadership in on this information. A whopping 69% said that they do not inform their CEO or board of directors about how effective their third party risk management program is.

When considering IoT deployments, 77% admitted that they don’t consider IoT risks in their due diligence of third-party systems. Additionally, 67% don’t even evaluate the IoT security and privacy practices of a third party before starting a business relationship with that entity.

“More and more enterprises are turning to IoT to improve business outcomes and this growth is creating a breeding ground for cyber attacks,” Ponemon Institute founder and chairman Larry Ponemon said in the report. “What’s shocking about these findings is the complete disconnect between understanding the severity of what a third party security breach could mean for businesses, and the lack of preparedness and communication between departments.”

Still, some leaders aren’t requiring stringent IoT security insights either. According to the survey findings, only 25% of respondents said that the board of directors at their organization requires that they be assured of proper IoT risk assessment before moving forward.

Current security efforts are also stale–94% still rely on a traditional network firewall to handle threats from IoT, the report said.

“In order to avoid becoming the next big headline, our security tactics have to evolve along with the threats,” Charlie Miller, senior vice president of the Shared Assessments Program, said in the report. “New technology and practices are needed to ensure security, and this starts by communicating the risks to the right people and acknowledging potential devastating outcomes when engaging with a third party. Avoiding these problems can no longer be the solution.”

The 3 big takeaways for TechRepublic readers

  1. IoT is growing in the enterprise, and 94% of risk professionals believe that a cybersecurity incident stemming from an unsecured IoT device could be “catastrophic.”
  2. An additional 76% believe a DDoS attack resulting from an unsecured IoT device will happen sometime “within the next two years.”
  3. Despite the risks, many security professionals aren’t communicating effectively with leadership and the board isn’t requiring stringent assessment of IoT risks before moving forward.