This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them

Bookmark Email Print page

Information security spend on the rebound


Half of TMT organizations find inadequate budgets to be biggest barrier to keeping information secure as cyber crime, piracy and fraud become growing global reality

Following last year’s widespread cost-cutting initiatives due to the global economic downturn, technology, media and telecommunications (TMT) organizations are starting to re-invest in information security. 

According to a new Deloitte report, Bounce Back: 2010 Global Security Survey, 10% of TMT organizations increased their information security budget by more than 10% over the last 12 months, while more than one-third (36%) increased their budgets up to 10%. The question is whether these budget increases will make up for the ground lost during the economic downturn. 

“At a time when almost half (46%) of TMT organizations believe inadequate security budgets are the biggest barrier to information security, we are pleased to see many TMT organizations around the world increase their investment in information security in anticipation of an economic recovery,” explains Jacques Buith, partner and security expert, Deloitte. 

Cyber crime a serious global concern and major barrier to ensuring information security 
More than one-third (37%) of organizations surveyed said the increasing sophistication of threats is the second largest major barrier to ensuring effective information security.

 “The problem is no longer about computer savvy individuals trying to hack into IT systems. The growing professionalization of cyber criminals and cyber terrorists has led many governments to appoint national cyber coordinators to protect themselves against cyber warfare,” explains Buith. "These coordinators are identifying TMT organizations as both high profile targets for cyber criminals, but also (as their technology and their networks are hijacked) as unwilling enablers of cyber crime and cyber warfare." explains Buith.

More than half of TMT organizations have experienced a security breach in 2010 
Since TMT organizations are increasingly creating and distributing content digitally, new opportunities for piracy, cheating and abuse abound. The study shows that half of TMT organizations have experienced at least one security breach in 2010, and 26% of TMT organizations experienced repeated attacks by malicious software from outside the organization. 

Online games and gambling are extremely vulnerable to security attacks since manipulating and cheating can easily occur. In addition, online advertisers are being defrauded by click-farms: groups of people paid to click on ads. As a result, ad costs per click are on the rise. 

Cloud computing to change delivery of IT services if security and privacy issues resolved 
“Despite the lack of testing and verification, only one-third (30%) of TMT organizations have a ‘high confidence’ in their third parties” says Buith. This is a problem for cloud computing as organizations implicitly rely on third parties to provide infrastructure, applications and data hosting out of the cloud. “If security and privacy issues can be resolved, we expect cloud computing to become the standard in enterprise software,” explains Buith. 

Identity and access management among top information security initiatives for 2010 

TMT organizations indicated that identity and access management were among their top three most important information security initiatives for 2010— up from number seven last year. 

Now that the mergers and acquisitions (M&A) market has started to recover, information security practices are being factored into the market valuation of TMT organizations. Since most acquisitions include the entire IT environment, an acquired company’s IT systems will likely need to be improved and integrated to reach the same level of security, privacy and continuity as the company purchasing it. 

Organizations divesting parts of their business also need to prevent employees from the divested business from accessing company systems and data. “Over one-third (35%) of organizations reported excessive access rights as the major finding during internal and external security audits,” concludes Buith.

Last Updated: