Technology & Media Orgs Concerned About Security

by CXOtoday Staff    May 15, 2009

A Deloitte survey has revealed that social media tools and regulatory issues are areas of concern when it comes to information security. Deloitte also said that 32% respondents in technology, media, and telecommunications industry (TMT), reduced their information security spend.

The third edition of the Deloitte Global TMT security survey reveals also said that 60% of respondents believe they are ‘falling behind’ or still ‘catching up’ to their security threats - a significant increase from 49% over the previous year.

"This year’s results indicate that TMT companies are explicitly scaling back on investments in security and that is worrying" said Ravi Veeraraghavan, senior director, (enterprise risk services) of Deloitte in India.  "Change and innovation are constants for companies in this sector.  This ever-changing environment throws up a lot of security challenges that require substantial financial investment. Companies that under-invest in security now may find themselves vulnerable and unable to keep pace with the growing threats from increasingly sophisticated attacks and emerging technologies."

With the proliferation of digitized assets, security should claim a significant portion of a company’s overall IT budget. However, only 6% of respondents allocate 7% or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36% of the respondents allocated 7% or more of their budget to IT security.

The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53% of respondents considering their organizations to be early adopters, or part of the early majority, down from 67% in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.

The survey results showed that ‘exploitation of vulnerabilities in web 2.0 technologies’ and ’social engineering’ techniques such as pretexting and phishing are regarded as a threat to a company’s information security, with 83% and 80% of respondents respectively.

The survey also cites that with new vulnerabilities constantly emerging, TMT companies are less confident in their ability to deal with internal security risks. This year, only 28% of respondents rate themselves as ‘very confident’ or ‘extremely confident’ with regard to internal threats, down from 51% in 2007. 41% of respondents experienced at least one internal security breach in the past 12 months.

Additionally, companies do not have the necessary resources in place to cope with emerging network vulnerabilities. Only 47% of those surveyed currently have a privacy program in place, and only 44% have an executive responsible for privacy - the latter down from 50% a year earlier. This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33%), a written privacy policy (28%), nor a formal directive with respect to the destruction of personal information (28%).

 "Information and intellectual property are the most important assets of a TMT company.  Ensuring that these assets are adequately protected in today’s digital environment is critical for organizations." said Ravi.

TMT companies face a myriad of rules and regulations that relate to information security and strict compliance is critical, particularly in a tough economy. Failure to comply can expose a company to hefty fines and significant liability. However, compliance with rules and regulations may not be sufficient for TMT companies to mitigate their information security risks. Over 67% of respondents say that regulatory security requirements are at best "somewhat effective" for improving their information security posture. A majority (57%) of respondents believe that effectively meeting regulatory requirements is either inadequately funded or missing senior executive support.

Related links:
Evolving Role of a CISO  
MS to Include Kaspersk Antivirus in Stirling
25% CXOs Admit to System Compromise
Conficker Prowls Again, this Time through P2P
CISOs, CEOs Need to Work Closely: Forrester