Study uncovers vulnerable IoT devices and facilities: Medical, manufacturing and CRITIS

IoT security report 2022 reveals significant gaps in cybersecurity

Düsseldorf/Germany, July 06, 2022 – Cybersecurity is still thought of in silos – that is the conclusion of a study by IoT security specialist ONEKEY. “In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. In doing so, the directly grown risk of many different firmware versions in IoT systems is often overlooked,” warns Jan Wendenburg, CEO of ONEKEY. Areas of highest risk include IoT devices and facilities in health (47 percent), in critical infrastructure (45 percent) and in manufacturing (39 percent). More than 300 senior-level company representatives were surveyed for the “IoT Security Report 2022.” “All areas of industry are vulnerable – because hackers consistently exploit every vulnerability, not just those requested by industry representatives,” says Jan Wendenburg. The particular risk in the IoT sector is that every device and every system have their own firmware – in other words, software that controls the device or facility itself. Since hardly any guidelines or binding specifications exist in this area, many manufacturers have put little emphasis on seamless security against attacks so far.

Liability of the management

The CEO of ONEKEY also points to the increasing liability of company managers: “It is foreseeable that in the very near future, the management will be directly held liable for omissions in IT security,” says Wendenburg. This was also loudly demanded during the Hannover Messe by the VDE (German Association for Electrical, Electronic & Information Technologies). Therefore, every component of an IT system – especially the software – must be completely verifiable and traceable, according to Wendenburg of ONEKEY. The company, which specializes in IT security, runs an automated analysis platform for operating software of all devices and facilities with a network connection, but especially intelligent control systems in manufacturing, medical technology, critical infrastructures and many other industrial sectors.

Manufacturers could do more to protect

The company representatives surveyed at least agree on the security provided by manufacturers for IoT systems: only 12 percent consider the measures taken to protect against hacking to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient, and 5 percent even as deficient. “The key to greater security lies in using automated security and compliance checks very early in the development of new smart devices, plants and machines. This can also involve the simultaneously automated generation of “software bills of materials.” “This way, a great deal of security and transparency is achieved with little effort,” explains Jan Wendenburg.

All results of the study “IoT Security Report 2022” can as of now be downloaded online.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150