A new report that looked at millions of connections from IoT devices present on enterprise networks found that over 40% of them do not encrypt their traffic. This means a large number of such devices are exposed to man-in-the-middle (MitM) attacks where hackers in a position to intercept traffic can steal or manipulate their data.

The new report released today by network security firm Zscaler is based on telemetry data collected from the company’s cloud. It covers over 56 million IoT device transactions from 1,051 enterprise networks over the course of a month.