Pretending the Internet of Things risk does not raise exposure to investor-backed enterprises is also cosmically naive. Last year, there was a hack of the automated hotel locks, of all things, made by global conglom Onity that went surprisingly underreported. Pretty much anybody with a spare Magic Marker, some cheap circuit boards and access to a few YouTube videos could create a master key that opens millions of hotel rooms around the world.
What really stokes the security flames singeing the Internet of Things, Turner says, is that companies do not share information about attacks as they should. That creates a vacuum where the tested, private market tools of risk management cannot flourish. "Some sort of information compromise insurance should be available by now," he said. "But since nobody fully discloses, it's tough to create the basics, such as actuarial tables for information security risk." And get ready for the final investor insult: Considering the downside, it's not like addressing the Internet of Things risk is prohibitively expensive. "At most we are talking about a 2% to 5% bump in the total cost to produce a product. That is far less than marketing or R&D," Turner said. "I am baffled by the apathy in the space."