Only 4% of UK consumers consider the makers of their mobile phone apps as the entity they most trust with their personal data, a survey has revealed.
Yet, according to Isaca’s 2013 IT Risk/Reward Barometer, 90% of those polled do not always read privacy policies before downloading apps to their devices.
Isaca believes this gap between belief and behaviour will become increasingly important as consumers ramp up their use of mobile apps to interface with everyday objects that share data through the internet.
The internet of things is one of the trends examined in the Isaca IT Risk/Reward Barometer, which is based on responses from more than 2,000 IT professionals and Isaca members around the world and 4,000 consumers, including 1,000 in the UK.
According to IT professionals, there are many benefits of the internet of things, with 51% of respondents saying their companies plan to capitalise on the phenomenon and 31% saying their companies have already benefited from the increased access to information it provides.
Read more about the internet of things
More than half say they hope to achieve greater efficiency and increase customer satisfaction with the internet of things.
“Clearly, consumers have mixed feelings about how connected devices are sharing information, so businesses need to establish policies and communicate them openly to preserve trust in information,” said Ramsés Gallego, international vice-president of Isaca.
While 86% of UK consumers expressed concerns about the internet of things, half of IT professionals believe that, for average consumers, the benefits outweighs the risk.
However, they do not agree with consumers about what the greatest risk is.
Consumers are most concerned about people hacking into their connected devices (24%), but IT professionals believe it more important to know who has access to the information collected (44%) and how the information will be used (29%).
“This survey shows the shift in perception about risk and privacy as the world becomes increasingly connected,” said Gallego.
“Consumers need to understand the personal implications of allowing applications to access our personal data on mobile devices.”
Gallego said consumers need to check their terms and conditions for what they allow in the present – as well as what the permissions might grant suppliers the ability to do in the future.
“There are many benefits to using apps, but we need to ask ourselves what level of risk we are willing to accept for the benefits they provide,” he said.
Isaca recommends five steps enterprises can take to become agile as the internet of things becomes a reality.
- Act quickly – enterprises cannot afford to be reactive;
- Govern the initiative to ensure data remain secure and risks managed;
- Identify expected benefits and how to measure them;
- Use an internal technology steering committee to communicate benefits to the board;
- Embrace creativity and encourage innovation.
Read more on Privacy and data protection
CISOs face a range of cybersecurity challenges in 2020
Security Think Tank: Use flexible tech backed by security policy for competitive edge
Security Think Tank: Communication is key to cyber security in digital era
Security Think Tank: Penetration testing still relevant, but approach needs to change