In a world where the growing use of connected devices, such as smart watches and connected cars, is occurring at the same time that massive data breaches are making headlines around the world, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.

The 2014 ISACA IT Risk/Reward Barometer shows that the majority of consumers in Australia (84%) have read or heard about major retailer data breaches in the past year. More than half (57%) characterise the way they manage data privacy on connected devices they own as “take charge” rather than reactive or passive (30% and 13% respectively). 

Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN code (45%), made fewer online purchases using mobile devices (15%), or shopped less frequently at one or more of the retailers that experienced a data breach (10%).  Interestingly, Baby Boomers (65+) were more likely to change their passwords (46%) than Millennials (18-24 years old) (39%).

“One of the most dramatic conclusions from this year’s study is the gap between people’s concerns about protecting their data privacy and security versus the actions they take,” said Robert Stroud, international president of ISACA.

“Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimise the impact of data breaches or hacks.”

According to ISACA International Vice President and Vital Interacts Practice Lead, Governance Advisory, Garry Barnes, who is based in Sydney, “Across Australia, the results suggest that Millennials, having grown up with technology may be more trusting and accepting or have an ‘it won’t happen to me’ approach, whereas Baby Boomers are still skeptical and perhaps more vigilant and responsible regarding their personal online security.”

In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviours related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, and a survey of more than 4,000 consumers in four countries.

The potential risk caused by this gap between individuals’ knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. More than one-third of Australian consumers now own or regularly use smart TVs (42%) or connected cars (45%), for example. With nearly two-thirds (64%) of people adding connected devices to their wish lists for this year, it is expected to continue growing.

Among the top consumer concerns about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (28%) and not knowing how the information collected by the devices will be used (26%). 

Wearables at Work

Despite these privacy and security concerns, wearables are making their way into the workplace:

• Three quarters of men (75%) would consider using a wearable device at their current workplace compared with two-thirds (66%) women, according to the consumer survey.
• Almost half (45%) would consider using an employee access card and one-third (30%) a wireless fitness tracker, but very few would consider wearing smart glasses, such as Google Glass, in their current workplace (12%).
• And, more than half of ISACA members in Australia/New Zealand (ANZ) believe (58%) having a wearable in the workplace is risky. But there are also many opportunities—35% believe the benefit of the Internet of Things outweighs the risk for enterprises.

IT Not Ready for Internet of Things

The 110-country survey of ISACA members, who are business and IT professionals, shows that few IT departments or workplaces in general are ready for the invasion of wearables. More than one-third (37%) of ANZ members say their organisation has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (56%) say their BYOD policy does not address wearable tech and another 35% do not even have a BYOD policy. 

ISACA members are evenly divided as to whether the benefit of the Internet of Things outweighs the risk for enterprises (35%) or the risk outweighs the benefit (33%), and only 35 per cent describe themselves as very concerned, though 51% are somewhat concerned, about the decreasing level of personal privacy. 

“The Internet of Things is here, and we are likely to see a surge in wearable devices in the workplace,” said Barnes. “These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”

ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice. Additional information is at www.isaca.org/cyber. For a full survey report, including related infographics, video and global results, visit www.isaca.org/2014-risk-reward-barometer.