Many times the threat of not securing IoT devices is not an attack on the device itself, but an attack on the company's larger infrastructure resulting in financial and productivity loss. Gartner claims there are will be over 7 billion connected “things” for business use by 2020. International organizations in particular must now ensure they build security into every new IoT system, or face compliance issues from GDPR and NIS Directive regulators. US firms are going to invest the most in IoT in the coming 12 months: $2.8m. There’s a sizable minority (42%) of organizations involving security teams early on in IoT projects, but conversely the largest number globally (72%) who claim they always define their security needs during projects. However, just 34% said the CISO is ultimately responsible for IoT security, among the lowest worldwide. The company board may discuss the incident recovery plan but have little oversight of the way the company is securing IoT devices in the first place.