Enterprises ignoring data security and privacy

The most dangerous security threats come from within

Technology, media and telecoms (TMT) firms are "treading water" when it comes to data security and privacy, new research warns.

A Deloitte global survey published today found that only 53 per cent of TMT companies report losses of customer data.

The study warned that these firms must increase their security efforts and investments to keep up with the latest threats.

James Alexander, technology security partner at Deloitte, said: "When it comes to security, the majority of TMT companies are managing to keep their heads above water.

"In the 12 months preceding the survey, the majority of companies successfully avoided a major security crisis, and 69 per cent of respondents were 'very confident' or 'extremely confident' about tackling external security challenges.

"However only a few increased their security capabilities to the point where they now feel as if they are ahead of the problem; just seven per cent of TMT companies believe that they are prepared for future security threats."

Alexander added that, although security investments have climbed over the past year, the increases were often just enough to offset the rising volume and complexity of threats.

Only five per cent of companies increased their security investment by 15 per cent or more, and only half allocated less than three per cent of their IT budget to security.

"Something that many organisations overlook is the source of the threat," Alexander warned.

"The most dangerous threats come from within, and 75 per cent of companies cited 'human error' as one of the root causes for security failures, putting it ahead of 'operations' and 'technology'."

One of the most alarming results of the survey is attitudes towards customer data. News stories about the loss or theft of sensitive customer data are increasingly commonplace, and incidents that make the headlines are just the tip of the iceberg.
"Only 53 per cent of companies publicly disclose the loss of customer data, and many do so only in situations where disclosure is required by law," said Alexander.

The research suggests that only 38 per cent of companies believe that their organisation has all the skills and capabilities it needs to respond effectively and efficiently to security challenges.

Additionally over two-thirds of companies do not track losses of customer data at all, and even fewer (32 per cent) have performed an inventory of personal information.

The global survey respondents included TMT companies from across all three sectors, 44 per cent of which employ between 5,000 and 50,000 employees and 47 per cent of which report revenue between $1bn and $10bn.