Unsecured Internet of Things (IoT) devices are causing major problems for organizations nationwide, according to a recent report from the Ponemon Institute and the Santa Fe Group.

IoT-related data breaches specifically caused by an unsecured IoT device or application increased from 15% in 2017 to 26% in the last year, the report found. It’s possible that this number is actually larger, as most organizations said they are not aware of every unsecure IoT device or application in their environment, or introduced by third-party vendors, it noted.

SEE: Securing IoT in your organization: 10 best practices (free PDF) (TechRepublic)

Despite these risks, only 9% of companies said their organizations currently inform and educate employees and third parties about the dangers created by IoT devices.

The majority of organizations surveyed lack centralized accountability to address and manage IoT risks, according to the report. Only 21% of board members report that they are highly engaged in security practices, and understand third-party and cybersecurity risks in general. About one-third (32%) of the organizations surveyed said no single person or department is responsible for managing or implementing corrective actions to manage IoT risks, the report found.

Perhaps because of this, more than 80% of organizations said they believe their data will be breached within the next two years, the report found.

“This study proves it’s no longer a matter of if but when and board members of organizations need to pay close attention to the issue of risk when it comes to securing a new generation of IoT devices that have found their way into your network, workplace and supply chain,” Cathy Allen, founder and CEO of the Santa Fe Group, said in a press release. “The study shows that there’s a gap between proactive and reactive risk management. The time to address this issue is now and not later.”

For more, check out How to secure IoT devices: 6 factors to consider on TechRepublic.