Some analysts have predicted that by 2020, there will be 20 billion Internet of Things (IoT) connected devices worldwide, which could grow to over 80 billion by 2025. Sales of IoT devices were $80 billion in 2017, and are predicted to grow to $1.4 trillion by 2021. With the exponential growth of IoT devices, experts are concerned about the security of these devices, and companies and consumers are taking note.

A new report from DigiCert, called State of IoT Security, found that 82 percent of the 700 companies surveyed said that security was their primary concern when implementing IoT into the company system, and 78 percent cited privacy as a top concern. 83 percent of those surveyed said IoT was already important to their business while 92 percent said it will be important to their business by 2020. 2020 is only 13 months away. The report concluded that although security and privacy is a top concern today, and 2020 is looming, companies are struggling with the security of the IoT devices being introduced into the business.

According to DigiCert, organizations spend money due to either pain or opportunity. Some organizations are prioritizing IoT security “because they see and understand the risks of not doing it,” and others “have made the decision to not prioritize security or privacy.” Those organizations that have not experienced a data breach, ransomware or malware are more reluctant to spend money on security. Those that have suffered these consequences are prioritizing security and getting executive support to build a robust security program, which is key to developing a robust IoT security program. Those prioritizing security are the 25 percent of the companies that lost approximately $34 million in the past two years from security related issues, including financial damages, lost productivity, declining valuation, and loss of reputation.

DigiCert lists steps companies can take when developing an IoT security program, including security software-based encryption key storage, encrypting sensitive data at rest and in transit, scaling security measures and securing over-the-air updates.