The survey comes as IoT malware spreads worldwide. The United States and other countries have been targeted in large-scale cyber-attacks carried out remotely.
In Japan, telecommunications companies are working to identify infected devices to prevent them from being used in cyber-attacks.
Mamoru Saito, who heads IIJ's Advanced Security Division, warns of a serious problem. "Based on the assumption of a further increase, we have to be prepared for cyber-attacks and leakage of information," he says.
Japanese firms targeted
Cyber-attacks often involve IoT equipment, and financial firms are frequent targets.
Criminals send emails demanding money. In one example in Japan, more than 600,000 pieces of IoT equipment were held to ransom.
A US-based online security firm, Arbor Networks, reports that during the first nine months of this year, Japanese firms were targeted in more than 190 attacks using infected IoT equipment. It warns the number could increase.
"Dark Web" behind the spread of attacks
Experts have highlighted the influence of the so-called "Dark Web" in the recent surge of IoT cyber-attacks.
The Dark Web is special area of cyberspace accessible only through dedicated software. It hosts a variety of criminal activities, including offers to wage an attack by remotely controlling virus-infected IoT equipment.
Hiroki Iwai, a cyber investigator at Deloitte Tomatsu Consulting, says the Dark Web makes it is easier than before to mount a cyber-attack, at a relatively low cost.
Expert calls for coordinated response
Hayato Sasaki, an expert at the Japan Computer Emergency Response Team Coordination Center, says Japanese firms are experiencing a global problem.
He says infected IoT equipment has been used in large-scale cyber-attacks overseas, and now Japan is a target.
Sasaki urges communication carriers, equipment manufacturers, and the government to work together to strengthen IoT equipment and make it safe.