Only 36% of organizations reported examining potential risks of new technology both before and after adoption, and just 5% said they evaluate cyber risk at every stage in the technology lifecycle.
Notably, the select group of organizations that evaluate cyber risks continuously throughout new technology implementation are also much more confident in their capabilities to manage or respond to cyber-attacks.
Armed with timely knowledge of potential security weaknesses or exposures, they are positioned to implement real-time improvements and develop contingency plans to manage risks involving these systems.
Trust in Technology Vendors
Assessment of new technology cyber risk is closely associated with the trust that organizations have — or lack — in the vendors that supply those technologies.
Innovative technologies do not necessarily add new cyber exposures to the organizations that adopt them.
Some innovative technologies may add new risks if they have not been built in accordance with optimal security standards, but in many cases, security is factored by design into the development of the technology or device.
One-third of organizations assume that technology vendors have already considered all relevant cyber risks and that further verification is unnecessary.
The converse view is not significantly greater: 40% of respondents said they “always perform their own due diligence” to verify security claims and built-in protections that vendors make regarding new technology.