A Deloitte report presents poll results on perceptions of cybersecurity in the Internet of Things (IoT) sector, revealing that 69% of respondents feel somewhat to very confident about the security of their connected products. The report outlines key responsibilities for product security, identifies guidance sources for security by design, and highlights notable risks such as a lack of security awareness and ineffective incident response. Additionally, it emphasizes the importance of integrating security throughout the product lifecycle to mitigate cybersecurity threats.

1. The Internet of Things
(IoT) and cybersecurity:
A secure-by-design approach
Deloitte Cyber poll results May 30, 2019

2. Copyright © 2019 Deloitte Development LLC. All rights reserved. 2The Internet of Things and cybersecurity:
A secure-by-design approach
Methodology
professionals across industries and positions
participated in and responded to poll questions
during the Deloitte Dbriefs webcast, The Internet of
Things and cybersecurity: A secure-by-design
approach, held May 30, 2019.
Data totals for certain questions may not equal
100.0% due to the rounding of raw data to the
nearest tenth of a percentage.
The statements in this report reflect the
aggregation of poll responses and are not intended
to reflect facts or opinions of any entities. All data,
charts and statistics referenced and presented, as
well as the representations made and opinions
expressed, unless specifically described otherwise,
pertain only to the participants and their responses
to the Deloitte poll. The information obtained
during the poll was taken “as is” and was not
validated or confirmed by Deloitte.
4200+
EU General Data Protection Regulation:
Practical steps for compliance
2

3. Copyright © 2019 Deloitte Development LLC. All rights reserved. 3The Internet of Things and cybersecurity:
A secure-by-design approach
IoT and cybersecurity: A secure-by-design approach
Very
confident
18%
Somewhat confident
51%
Uncertain, or
somewhat not
confident
23%
Not
confident
at all
8%
How confident are you that your organization’s connected
products, devices, or other “things” are secure today?
Results reflect
3,221 responses

4. Copyright © 2019 Deloitte Development LLC. All rights reserved. 4The Internet of Things and cybersecurity:
A secure-by-design approach
Research and
development
7%
Information security
81%
Manufacturing
organization
5%
Product
cybersecurity
7%
Who is accountable for the securing of connected products in
your organization?
Results reflect
3,062 responses
IoT and cybersecurity: A secure-by-design approach

5. Copyright © 2019 Deloitte Development LLC. All rights reserved. 5The Internet of Things and cybersecurity:
A secure-by-design approach
Do you have a defined set of product cybersecurity requirements that
product teams use as input for requirements selection?
Yes, we use an
industry defined
framework, 28%
Yes, we have a
custom
framework, 51%
No, 31%
Results reflect
2,007 responses
IoT and cybersecurity: A secure-by-design approach

6. Copyright © 2019 Deloitte Development LLC. All rights reserved. 6The Internet of Things and cybersecurity:
A secure-by-design approach
What sources of guidance do you use to drive security by design?
Industry and
professional
organizations that
help to set the
guidelines, 41%
Regulatory bodies and
agencies that set the
standards, 28%
Leading practices
developed
internally, 22%
Other, 9%
Results reflect
2,705 responses
IoT and cybersecurity: A secure-by-design approach

7. Copyright © 2019 Deloitte Development LLC. All rights reserved. 7The Internet of Things and cybersecurity:
A secure-by-design approach
Where do you believe your greatest strengths are in developing or deploying
secure-by-design connected products and/or devices?
DevSecOps embedded throughout
the design/acquisition,
implementation, and deployment
lifecycle, 11%
Cross-functional
technology, legal,
procurement, and
compliance teaming
across pre- and post-
market deployments,
27%
Both of the
above, 48%
None of the above,
14%
Results reflect
1,812 responses
IoT and cybersecurity: A secure-by-design approach

8. Copyright © 2019 Deloitte Development LLC. All rights reserved. 8The Internet of Things and cybersecurity:
A secure-by-design approach
Top 10 cyber and privacy risks in the IoT world
Not having a security and
privacy program
02
01
03
Lack of ownership/
governance to drive
security and privacy
Security not being incorporated
into the design or products and
ecosystems
Insufficient security awareness
and training for engineers and
architects04
05
Lack of IoT and product security
and privacy resources
Insufficient monitoring of
devices and systems to detect
security events
07
06
08
Lack of post-market/
implementation security and
privacy risk management
Lack of visibility of products
without having a full product
inventory.
Identifying and treating risks of
fielded and legacy
devices/products09
10 Inexperienced/immature
incident response processes

9. Copyright © 2019 Deloitte Development LLC. All rights reserved. 9The Internet of Things and cybersecurity:
A secure-by-design approach
Media contact
Nicole Hockin
Public Relations
Deloitte & Touche LLP
nhockin@deloitte.com
Full press release available on
Deloitte.com
8

10. Copyright © 2019 Deloitte Development LLC. All rights reserved. 10The Internet of Things and cybersecurity:
A secure-by-design approach
This presentation contains general information only and Deloitte is not, by
means of this presentation, rendering accounting, business, financial,
investment, legal, tax, or other professional advice or services. This
presentation is not a substitute for such professional advice or services, nor
should it be used as a basis for any decision or action that may affect your
business. Before making any decision or taking any action that may affect
your business, you should consult a qualified professional advisor. Deloitte
shall not be responsible for any loss sustained by any person who relies on
this presentation.

11. About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities.
DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United
States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective
affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about
our global network of member firms.
Copyright © 2019 Deloitte Development LLC. All rights reserved.