But that’s not the worst news coming out of this survey. No, not by any stretch of the imagination is that the bad news. Sit down and strap in, because it gets much worse.

In spite of pushing vulnerable applications into production (and into the hands of consumers), a staggering 44% admitted they aren’t doing anything to prevent an attack. Oh, they’re concerned about a breach occurring through those apps—58% fingered IoT apps and 53% mobile—but they aren’t doing anything about it.

Let us pause and reflect on that for a moment while we pick up our jaws off the floor.

We certainly might take the perspective that the risk doesn’t justify a red alert from the bridge, and certainly from a business perspective, it could be catastrophic to put on the brakes and slow down (or halt) the push to production because there might be a breach. That’s risk management, after all, and it’s an admittedly complex set of variables that factor into the decision.

But in light of reports regarding the prevalence of IoT-based attacks, these firms risk being hoisted by their own petards in a terribly expensive and embarrassing manner. With analysts predicting major growth in the inclusion of IoT components in new business processes and systems⁴, this laissez faire approach to securing both the devices and apps is bound to attract those seeking to exploit them. Whether to gain access to corporate environments or harness the albeit limited compute power of distributed devices, attackers proved in multiple incidents throughout 2016 that they are targeting this nascent technology and taking advantage of the lack of attention vendors are paying to the security of these devices. The world’s most powerful botnet, Mirai, launched multiple Tbps attacks in 2016, proving to us all that the threat to the Internet of Things was beyond measure. F5 Labs, with our data partner Loryka,⁵ has been tracking the hunt for IoT devices by hackers for over a year now,⁶ and the attraction (to hunting and exploiting) isn’t subsiding by any means. In fact, Telnet brute force events shot up 110% just between Q3 and Q4 during (and after) Mirai. (Spoiler alert: the rate for all of 2016 was more than 10 times that amount. Exact numbers will be published in F5 Labs’ next IoT report.)