Top Technology Companies to Strengthen Cyber Resilience This Year
"The results of the study show that the lack of awareness among employees and third-party risks are the most vulnerable elements in the security field"
- Zdeněk Křížek,
Partner in the ICT advisory and risk management function at Deloitte
New York/Prague, 7 March 2013 – Executives at the world's largest Technology, Media and Telecommunications (TMT) companies consider compliance with the implementation of a 2013 security strategy and roadmap to be the most significant driver for improving information security, according to the new TMT Global Security study released by Deloitte. The study also reveals that companies have started to recognise information security as a fundamental business issue, with companies increasingly focusing on cyber resilience, not just security.
"The results of the study show that the lack of awareness among employees and third-party risks are the most vulnerable elements in the security field. The study also implies that technology companies should invest in the training and awareness-raising of their employees in terms of information security so that they could help to reduce the risks arising from new technology," said Zdeněk Křížek, Partner in the ICT advisory and risk management function at Deloitte.
"Companies are convinced that the lack of funding ranks among the main obstacles to enhancing information security. In total, 45% of companies reported that the amount of information security expenditure is either insufficient or barely reaches the necessary level. This is one of the major issues companies will have to solve if they want to be ahead of threats," added Vlastimil Červený, Senior Manager responsible for ICT security services at Deloitte.
Partnering for Cyber Resilience
Additionally, the results of the study suggest overconfidence in protection against external threats, with 88 percent of executives not viewing their company as vulnerable. However, more than half of the survey respondents acknowledged experiencing a security threat in the last year. Less than half of the survey respondents reported having a response plan in place to address a security breach and only 30 percent believe third-parties are shouldering enough responsibility for cyber security. More than two-thirds (74 percent) of respondents rate security breaches at third parties as one of their top three threats, followed by employee errors and omissions and denial of service attacks. "It refers, for instance, to the DoS attacks on Czech news servers and bank websites we have seen in recent days," said Vlastimil Červený.
"Every organisation is vulnerable and absolute prevention does not exist. To help prevent attacks, or minimise their impacts, early detection and response is necessary. Ultimately, the public and private sector need to engage in a deeper collaboration in and jointly establish a more-efficient and more-flexible system of responses to attacks. I believe that the forthcoming Cybersecurity Act currently being discussed in expert circles will contribute in this context," Vlastimil Červený added.
Other major threats identified by respondents include advanced persistent threats (64 percent) and hacktivism (63 percent), new to this survey, which combines social or political activism with hacking. While more than half of those surveyed gather general intelligence information, only 39 percent gather information about targeted attacks specific to their organisation, industry, brand or customers.
People, Technology and Mobile Devices
According to the survey, innovations in technology and the people using this technology also rank among the biggest threats. "Seven out of 10 respondents listed the lack of security awareness of their employees as an "average" or "high" vulnerability. Employees without sufficient awareness of security issues may put an organisation at risk by talking about work in public, responding to phishing emails, or admitting unauthorised people into the organisation's facilities," said Štefan Šurina, Attorney at Law at Ambruz & Dark/Deloitte Legal, summarising the survey results. "Sufficient training of staff in security measures is also assumed in the legislation; for instance, it is a common organisational measure concerning private data protection."
Additionally, the study finds that new technology exacerbates the problem. While it can provide powerful new capabilities that may benefit the business, it also introduces new security risks at a faster pace than many organisations can handle. Seventy-four percent of executives ranked the mobile and bring-your-own-device technology trend as a continued concern but only half of the organisations surveyed indicated that they have specific policies for mobile devices in place.
About the TMT Global Security Study
The goal of the TMT Global Security study is to provide TMT companies with insight into the security and privacy challenges and threats that they currently face or will face as an industry. The study is developed based on the results of interviews with security executives of 121 TMT organisations from 38 different countries representing every geographic region. The study surveyed participants from all three TMT sectors and with respondents spanning the full range of revenue categories.
To download the TMT Global Security Study, please visit http://www.deloitte.com/tmtsecuritystudy.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/cz/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's approximately 195,000 professionals are committed to becoming the standard of excellence.
© 2013 Deloitte Czech Republic