My speciality is IoT Security. Yes better Security is essential, but few will pay for it. They don’t want to spend the money, spearheading better IoT security at your company is a surefire way to have a career that goes nowhere — if you do a great job all you did was spend money, introduce delays and complicate the product…and the end result… nothing happens and thus nobody cares. And if the company gets hacked, that’s somebody else’s problem. And senior management doesn’t known the difference between good and bad security thus they won’t spend money for the good stuff and all the process and procedures required to do it properly…that is until they get burned really bad..and even then they’re not sure what to do.

It’s a similar situation to global warming. We won’t do anything until Washington is under water. Humans are really bad at managing risk that doesn’t directly affect them.