• 50% of attacks are internal, with 64 gigabyte memory sticks an increasing threat
• Only 4% believe they are doing enough to address security issues

Deloitte, the business advisory firm, has today launched a report which argues that the reliance of the technology, media and telecoms (TMT) industry on digital information and technology has made it vulnerable to attack. Over 50% of companies surveyed reported security breaches in the last 12 months, with a third of those breaches resulting in significant financial losses.

Mike Maddison, leader of Deloitte’s Security & Privacy Services, comments: “TMT companies are becoming more aware of the impact of technical security attacks because their businesses revolve increasingly around digital information and technology. Everything from voice telephony to prime time television is now created and transmitted as a series of zeros and ones – making it vulnerable to infection, attack and theft. Protecting the confidentiality and integrity of data, as well as ensuring its available when required is now an important aspect of effective operational management.”

The report is based on an in-depth survey of security practices at TMT organisations around the world, and reveals that many companies are underestimating the need for security. Most are not investing enough time, money and resources to protect themselves adequately. While the potential for financial losses is acknowledged, intangible factors such as brand damage, customer dissatisfaction, market erosion and lost productivity are often overlooked.

James Alexander, technology director at Deloitte, comments: “TMT companies must recognise that they represent an increasingly attractive target. Media companies’ content represents the basis of a global market in illegal downloads and counterfeit goods; telecommunications operators increasingly represent the gateway into the digital home and office.”

The enemy within
External security threats such as viruses and worms get most of the attention, as well as the lion’s share of resources when it comes to digital security. Yet the risks from internal threats such as fraud, employee misconduct and human error are just as great. Among those companies whose security had been breached in the last 12 months, 50% were attacked from within. This is not surprising given that portable media devices, such as memory cards, can now hold huge amounts of confidential data.

This might explain why many TMT companies are not very confident in the security of their internal IT infrastructure, with 83% concerned about employee misconduct involving information systems.

Open to attack
Most TMT companies limit their security policy to the basics, such as firewalls, anti-virus applications, spam-filtering and virtual private networks. Yet more advanced threats are not being adequately addressed. For example, phishing (identity theft carried out through the creation of a website that seems to represent a legitimate company) is considered to be a major threat to TMT companies, yet only 18% have currently implemented anti-phishing technologies.

Staying in business
Security-related business disruptions are a major concern now that TMT companies have become so reliant on digital information and technology. Businesses such as digital television and radio, online music sales, and VoIP telephony systems can be completely shut down by security attacks. The same goes for web advertising and digital media distribution. In these businesses, service disruption translates directly into loss of customers and revenue.

Despite the widespread threat of business disruption, our survey shows that only 48% of TMT companies have an enterprise-wide program to manage business continuity. This is well below the average in other industries. For example, in a recent survey across multiple industries in the United States, 83% of respondents had formal business continuity plans.

Alexander concludes:
“Carefully structured and managed security may not be a substantial source of sustainable competitive advantage, but it is certainly a critical part of any mature and well managed business in the 21st Century. The fact that just 4% of those surveyed believed they were doing enough to address security issues, with 54% citing budget constraints and lack of management support as the main challenges to achieving security goals, is of concern.

“Customers place a great deal of trust in contemporary technology companies, and are likely to migrate increasingly towards those which are able to demonstrate a comprehensive and credible approach to securing all of their digital assets, processes and transactions.

“The increasing vulnerability of the TMT sector to attack means that security is no longer a minor operating detail best left to the IT department. The industry needs to address security as a fundamental business requirement – and a strategic imperative.”

Ends

Notes to editors

About the survey
Deloitte undertook this survey to help TMT companies benchmark their security activity investments and efficacy compare to their peers around the world. Data was gathered through structured, mostly face-to-face discussions between Deloitte TMT security specialists and 150 TMT companies. Respondents were typically: Chief Information Security Officers (CISO), Chief Security Officers (CSO) or security management teams.
The survey identified the types of security threats giving greatest concern and the level of resources being used to address them. It also examined which technologies are being implemented to improve security and the value TMT companies are deriving from their security investments.

The global survey included technology, media and telecommunication companies from more than 30 countries, covering every major region.

About Deloitte
In this press release references to Deloitte are references to Deloitte & Touche LLP which is among the country’s leading professional services firms, providing audit, tax, consulting and corporate finance services. Known as an employer of choice for innovative human resources programmes, it is dedicated to helping its clients and people excel. Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu (‘DTT’), a Swiss Verein whose member firms are separate and independent legal entities.  Neither DTT nor any of its member firms has any liability for each other’s omissions.  Services are provided by member firms or their subsidiaries and not by DTT. 

Deloitte & Touche LLP is authorised and regulated by the Financial Services Authority. 

The information contained in this press release is correct at the time of going to press.