Global TMT companies treading water when it comes to security and privacy

Amstelveen, Netherlands, 7 January 2008 – Technology, Media & Telecommunications (TMT)  businesses must increase their security efforts and investments according to the 2007 TMT global security survey, "Treading Water," from Deloitte Touche Tohmatsu (DTT). The survey indicates that when it comes to security and privacy, the majority of TMT companies find themselves "treading water." Despite increased security investments, many are just managing to keep pace with the growing threats. In order to get in front of the problem, TMT businesses must increase their security efforts and investments.

For the second year, Deloitte conducted an in-depth survey of security practices at more than 100 TMT organizations around the world. The global survey respondents included TMT companies from across all three sectors, 54 percent of which employ between 5,000-50,000 employees and 47 percent of which report revenue between US$1 billion and US$10 billion. 

Survey findings revealed that TMT businesses must increase their security efforts and investments to get in front of a security crisis. That being said, the survey reveals that the majority of TMT companies are managing to keep their heads just above water. In the 12 months preceding the survey, most companies successfully avoided a major security crisis with 69 percent of respondents saying they are "very confident" or "extremely confident" about their organization’s effectiveness at tackling external security challenges. However, only 56 percent display confidence in addressing internal threats. 

"The most dangerous threats come from within," explains Jacques Buith, Security & Privacy leader of DTT’s TMT Industry Group. "This is a threat most companies are in a position to control."

TMT companies may also be developing a false sense of security about digital rights management, security and the mobile workforce and physical security versus information security. According to the survey results, TMT companies are built on a base of physical assets (buildings and infrastructure) and information assets (such as digital content), yet most companies continue to treat physical security and information security as separate and distinct. This means they could be missing out on some important opportunities.

In light of the fact that TMT companies must avoid the risk of all kinds of security breaches, including identity theft, data leakage, account fraud, phishing and more, the Deloitte survey closely examined how many of these companies have a governance framework in place. Most respondents, 82 percent,already have such a framework and another three percent plan to within the next two years. Only a few organizations, 6 percent, do not have one and do not intend to put one in place. 

There are many factors that can cause companies to decide against an information security governance framework.  For instance, the number of Chief Information Security Officers (CISOs) appointed in the companies surveyed increased from 57 percent to 65 percent in the past year. CISOs are still not industry standard among TMT corporate officers, yet they are one of the keys to effective information governance. The survey revealed that only 13 percent of CISOs have a tenure of more than 10 years, whereas the highest percentage, 39 percent, responded having held a CISO position for just three to five years, indicating that there is still an upward trend toward governance frameworks overall. 

Another prerequisite for effective information security is the implementation of an information security strategy that aligns with corporate initiatives. Such a strategy must be closely linked to the company's overall business strategy, business requirements and key business drivers. The survey results show that 54 percent of TMT companies have put a formal information security strategy in place. Another 20 percent intend to do so within 2 years. Moreover, 17 percent of the surveyed companies see the lack of such a strategy as one of their biggest barriers to achieving information security.

With a broad range of technology choices and dozens of elements of today’s business environment challenging information security each day in TMT companies, the amount of detail can be overwhelming. This year’s survey reveals an overwhelming need for TMT companies to focus on all of the different aspects of information security, from having the technology in place, to establishing protocols to react to security breaches, to the effect of the talent crisis on the information security of a company. 

"The bottom line, there is a lot of work to be done," concludes Buith. "Increasing security efforts now will make all the difference when that next security threat reveals itself on the horizon." 

About Deloitte Technology, Media & Telecommunications
The  DTT Global TMT industry group consists of the TMT practices organized in the various member firms of DTT and includes more than 6,000 member firm partners, directors and senior managers supported by thousands of other professionals dedicated to helping their clients evaluate complex issues, develop fresh approaches to problems and implement practical solutions. There are dedicated TMT member firm practices in nearly 45 countries and centers of excellence in the Americas, Asia Pacific and EMEA. DTT’s member firms serve nearly 90 percent of the TMT companies in the global Fortune 500. Clients of DTT’s member firms’ TMT practices include some of the world’s top software companies, computer manufacturers, wireless operators, satellite broadcasters, advertising agencies and semiconductor foundries – as well as leaders in publishing, telecommunications and peripheral equipment manufacturing.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in over 140 countries. With access to the deep intellectual capital of approximately 150,000 people worldwide, Deloitte delivers services in four professional areas—audit, tax, consulting and financial advisory services—and serves more than 80 percent of the world's largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas.

As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms have any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names.