Executives at the world’s largest technology, media and telecommunications (TMT) companies have replaced compliance with implementing a 2013 security strategy and roadmap as the number-one driver for improving information security.

A study by Deloitte on technology, media and telecommunications global strategy also found that companies are starting to recognise information security to be a fundamental business issue. Companies are increasingly focused on cyber resilience, not just security.

The survey, which identified lack of employee awareness and third party risks as top security vulnerabilities, suggests that TMT organisations should also invest in information security training and awareness for their employees to help mitigate risks from new technologies.

Based on the results of interviews with security executives of 121 organisations from 38 countries, respondents represent every region. The study surveyed participants from all three TMT sectors across revenue categories.

“The question is not if you will be attacked, the question is when and how you will respond,” Deloitte’s global TMT security and resilience leader Jacques Buith said. “Effective management of information security risks requires a robust combination of prevention, early detection, and rapid response. Being cyber resilient is just as, or even more, important than being cyber secure alone.”

The study also showed an over-confidence in protection against external threats, with 88 per cent of executives not viewing their company to be vulnerable. However, when pressed further, more than half of the executives acknowledged experiencing a security threat in the last year.

Less than half of survey respondents reported having a response plan in place to address a security breach and only 30 per cent believe third parties are shouldering enough responsibility for cyber security. Also, 74 per cent of the 121 executives surveyed rate security breaches at third parties as one of their top three threats followed by denial of service attacks and employee errors and omissions.

“Every organisation is vulnerable and 100 per cent prevention does not exist,” Buith added. “To help prevent attacks, detection and response are necessary. Ultimately, the public and private sector need to engage in a deeper collaboration in 2013 across all TMT sectors to develop a more robust response effort.”

Organisations should not only work with their third-party business partners to understand and improve their security practices, they should also engage policymakers, regulators and enforcement agencies and be willing to share their sensitive information to help address the global issue of cyber risk.

Other major threats identified by respondents include advanced persistent threats (64 percent) and hacktivism (63 per cent), new to this survey, which combines social or political activism with hacking. While more than half of those surveyed gather general intelligence information, only 39 per cent gather information about targeted attacks specific to their organisation, industry, brand or customers.

According to the survey, innovations in technology and the people using these technologies also rank as one of the biggest threats, with 70 per cent listing their employees’ lack of security awareness as an “average” or “high” vulnerability. Employees without sufficient awareness of security issues may put an organisation at risk by talking about work in public, responding to phishing e-mails, admitting unauthorised people into the facilities.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.