Broader Security Threat Landscape, Increased Use of Emerging Technologies Require More Information Security Investment by TMT Companies: Deloitte Survey Hacktivists, Advanced Persistent Threats, Cloud, Mobile and Social Media Driving Factors
NEW YORK, Dec. 12, 2011 /PRNewswire/ -- There's an old proverb that states: "If you are not moving forward, you are moving backward." This may indeed represent the state of the technology, media and telecommunications (TMT) industry with respect to information security, according to the results of the Deloitte 2011 TMT Global Security Survey.
After significantly increasing their information security budgets and efforts in 2010, TMT companies generally held steady on their information security activities, budgets, governance and reporting in 2011, according to the survey.
That said, information security threats have increased on multiple fronts over the past 12 months including "hacktivists," cyber criminals and state-sponsored actors intent on targeting intellectual property, customer information and increasing business disruption. Coupled with the increased use of emerging technologies to enable business, such as the cloud, mobile devices and social media, it's not surprising that information security breaches were reported by 75 percent of the 138 global organizations surveyed – an increase over the previous year.
The overarching message is clear: TMT companies need to significantly up their investments in information security to appropriate manage the real risks to the business and address the public imperative of improved information security.
"The threats to information have never been at a higher level, and in today's hyper connected world there is no such thing as an isolated threat. Unfortunately, many TMT organizations are investing a smaller portion of their IT budget than in previous years on information security," said Irfan Saif, who leads Deloitte's security and privacy services to the TMT industry.
Deloitte's survey shows that more than half of the respondents report spending between just 1 and 6 percent of their information technology budget on information security. Moreover, more than half (52 percent) of respondents indicated that their expenditures on security are falling behind or just starting to catch up to previous years' investment levels.
"This level of investment and attention is insufficient to effectively address a corporate responsibility to manage risk and the public imperative of improved information security," Saif adds.
Chief Information Security Officers (CISO), who are primarily responsible for information security at most organizations, are stretched far beyond a reasonable bandwidth, according to the survey. Many CISOs, including 51 percent of survey participants also handle business continuity management, disaster recovery planning, physical security and risk management.
"Information security should not be viewed as just a CISO activity. There needs to be more C-level attention to security and a corporate climate that fosters proactive management of growing security risks. Cross-functional collaboration and ownership is integral to a successful enterprise information security program," Saif added.
Additionally, CISOs must also manage the growing number of threats introduced by employees themselves via increased use of social media and use of personal mobile devices in the workplace.
Mobile devices are considered the number one security threat for 2012, according to nearly 40 percent of respondents. Although the concept of 'bring your own device' offers many potential benefits, it presents many challenges and questions about data confidentiality, employee privacy, application development and distribution, and mobile device support.
Not lost in this year's survey is the increased scrutiny focused on information security – and corresponding increased regulatory efforts by governments around the world to protect the public. As a result, compliance with information security regulations and legislation is rated the top security initiative for TMT companies.
"Information security is essential to our modern way of life and TMT organizations are at the center of the action," explains Rhoda Woo, national managing director of security & privacy, Deloitte & Touche LLP. "Improved information security isn't just a good business practice for TMT organizations but a public imperative. The level of investment and resource effort has to match the rising security challenges in order to be effective."
The top five security threats in 2012, according to the Deloitte survey, are:
- Mobile devices (34 percent)
- Security breaches involving third parties (25 percent)
- Employee errors and omissions (20 percent)
- Faster adoption of emerging technologies (18 percent)
- Employee abuse of IT systems and information (17 percent)
Please go to www.deloitte.com/us/pr/2011tmtglobalsecuritysurvey for a copy of the Deloitte 2011 TMT Global Security Survey.
About the Deloitte 2011 TMT Global Security Study
The Deloitte 2011 TMT Global Security Survey is primarily based on in-depth, face-to-face interviews with 138 large TMT organizations around the world. Survey questions covered a wide range of topics on information security, from social media and mobile device technologies to training and information security governance.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.