In a survey of 138 TMT companies, 75% of respondents reported that their organizations had suffered data breaches, up 13% in 2011.
Technology companies accounted for 18% of data breaches, more than double the number reported by media and telecommunications firms.
Despite an increase in breaches, budgets have remained static, with half of the respondents citing lack of budget and personnel as the biggest reasons for inadequate information security.
More than half of TMT respondents said their organizations’ expenditure on security was falling behind rapidly evolving threats.
James Alexander, cybersecurity partner at Deloitte, said more organizations are suffering from attacks and risks are rapidly evolving and taking new forms, such as hacktivism and advanced persistent threats.
“In today’s increasingly hyperconnected world, there is no such thing as an isolated threat, and breaches in one system or organization can quickly spread to others,” he said.
Companies hit by budget cuts and personnel shortages are failing to keep up in this environment in the face of increasing regulatory pressures, said Alexander.
Deloitte’s survey also showed that despite 43% of TMT companies supporting both corporate-provided mobile devices and personal devices in the workplace, many said they are investing a smaller part of their IT budget on information security.
About three-quarters of the respondents said they spend between 1% and 6% of their IT budget on information security.
Only 18% of TMT organizations have established clearly defined practices to inform customers and other external stakeholders about risks that threaten the integrity of their data or networks, compared with 35% that have partially established such practices, and nearly half of respondents that have none at all.
Alexander said while the concept of bring your own device offers many potential benefits, it presents many challenges and questions about data confidentiality, employee privacy, application development and distribution, and mobile device support.
“While information security is clearly front-of-mind for companies, more than a quarter do not report to senior management,” he said.
Information security across the TMT industry is a matter that requires C-level attention, said Alexander, and organizations must raise awareness of the issues and train employees how to deal with them.
This story was first published by Computer Weekly