|
By Laton McCartney
Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu.
The third edition of the Deloitte TMT Global Security Survey reveals that 32% of respondents reduced their information security budgets, while 60% of respondents believe they are "falling behind" or still "catching up" to their security threats—a significant increase from 49% over the previous year.
"This year's results indicate companies are explicitly scaling back. With funding decreasing and the threats increasing, it is more important than ever for TMT companies to be highly cost efficient in addressing their security risks," said Irfan Saif, a principal in Deloitte & Touche LLP's Audit and Enterprise Risk Services practice.
"Companies that do not have a sound understanding of their security risk profile, or who under-invest in security now, may find themselves exposed to significant and increasingly sophisticated threats that they are not equipped to mitigate," said Saif.
With the proliferation of digitized assets, security should claim a significant portion of a company's overall Information Technology (IT) budget. However, only 6% of respondents allocate 7% or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36% of the respondents allocated 7% or more of their budget to IT security.
The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53% of respondents considering their organizations to be early adopters, or part of the early majority, down from 67% in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.
Another key finding from the survey is that social networking is adding to the list of insider security threats.
While social networks and blogs can be powerful enablers, they also increase organizations' internal security challenges. Survey results show that "exploitation of vulnerabilities in Web 2.0 technologies and "social engineering" techniques such as pretexting and phishing are regarded as a threat to a company's information security, with 83% and 80% of respondents, respectively.
Furthermore, generational differences have a major influence on perceptions of privacy. Information sharing for the youngest generation of TMT workers can test the limits of traditional privacy laws. In contrast, older generations have a different perspective on privacy. Survey respondents recognize this issue, with 56% rating "cultural interpretations" as an "average" to "very high" threat to their information security.
The survey also notes that, with new vulnerabilities constantly emerging, TMT companies are less confident in their ability to deal with internal security risks. This year, only 28% of respondents rate themselves as "very confident" or "extremely confident" with regard to internal threats, down from 51% in 2007. Forty-one percent of respondents experienced at least one internal security breach in the past 12 months.
Additionally, companies do not have the necessary resources in place to cope with emerging network vulnerabilities. Only 47% of those surveyed currently have a privacy program in place, and only 44% have an executive responsible for privacy - the latter down from 50% a year earlier. This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33%), a written privacy policy (28%) nor a formal directive with respect to the destruction of personal information (28%).
"Information and intellectual property are the lifeblood of a TMT company," said Saif. "Taking calculated measures to protect these precious assets, especially in the current environment, may encourage more openness and collaboration rather than hinder it. It is critical for TMT companies to be proactive in this regard."
The survey, Deloitte says, was based on in-depth research, mostly in-person, with more than 200 TMT organizations of all sizes. Respondents included companies headquartered in North America, Europe, Middle East, Africa, Asia Pacific, Japan, Latin America and the Caribbean.
Only registered users can write comments.
Please login or register. |
