"This is a big shift; security is finally on the agendas of the board and C-Suite executives. It's one of the most significant shifts we've seen among our TMT clients over the past 12 to 24 months," explains Irfan Saif, principal, Deloitte & Touche LLP and security and privacy leader to the TMT sectors. "Moreover, organizations are beginning to view security as a value-driver for the business and a marketplace differentiator, and companies are now thinking about how to shift their strategy for driving security across the enterprise."
The survey, which identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies.
More focus needed on cyber resilience
Results of the study suggest overconfidence in protection against external threats, with 88% of executives not viewing their company as vulnerable. However, when pressed further, more than half of the executives acknowledged experiencing a security threat in the last year.
Less than half of survey respondents reported having a response plan in place to address a security breach and only 30% believe third parties are shouldering enough responsibility for cyber security. Nearly three-quarters (74 percent) of the 121 executives surveyed, rate security breaches at third parties among the top three threats followed by denial of service attacks and employee errors and omissions.
Other major threats identified by respondents include advanced persistent threats (64 percent) and hacktivism (63 percent), new to this survey, which combines social or political activism with hacking. While more than half of those surveyed gather general intelligence information, only 39% gather information about targeted attacks specific to their organization, industry, brand or customers.
People, technology and mobile devices
According to the survey, innovations in technology and the people using these technologies also rank as one of the biggest threats, with 70% listing their employees' lack of security awareness as an "average" or "high" vulnerability. Employees without sufficient awareness of security issues may put an organization at risk by talking about work in public, responding to phishing emails, admitting unauthorized people into the organization's facilities.
The study finds that new technologies exacerbate the problem. While they can provide powerful new capabilities that may benefit the business, they also introduce new security risks at a faster pace than many organizations can handle. Seventy-four percent of the executives ranked the mobile and bring-your-own-device technology trend as a continued concern but only half of the organizations surveyed indicated that they have specific policies for mobile devices in place.
"Companies are adopting new technologies much more quickly than they have previously, perhaps without fully understanding the overall risk factors that such new technologies may pose to the organization," said Saif. "Ironically, the IT adoption rate by companies is being driven by consumerism. Five to 10 years ago, wireless hand-held devices for receiving e-mail is pretty much what we saw in the workplace. Now, smartphones and tablets are in the workplace. These are technologies that employees are getting first as consumers and introducing into work place."
About the DTTL TMT Global Security Study
The goal of the DTTL TMT Global Security study is to provide TMT companies with insight into the security and privacy challenges and threats that they currently face or may face as an industry. The study is developed based on the results of interviews with security executives of 121 TMT organizations from 38 different countries, representing every geographic region. The study surveyed participants from all three TMT sectors and with respondents spanning the full range of revenue categories.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.