Businesses Overconfident on Cyber Security: Study

January 8, 2013

Businesses are overconfident about their cyber security and should treat data security breaches as inevitable, according to an article from Computer Weekly.

A new study from business advisory firm Deloitte shows that 88 percent of companies in technology, media and telecommunications (TMT) do not think they are vulnerable to an external cyber threat, the article says.

Although 68 percent of companies say they understand their cyber risks and 62 percent say they have a program in place to address those risks, 59 percent experienced a security breach, according to Deloitte’s sixth annual Global TMT Security Study.

More than half of those polled were aware of security breaches in the past year.

Deloitte says that companies should invest significant time and effort in detection and response planning. But despite the importance of such a disaster recovery plan, only half of companies have this planning in place, the article says. James Alexander, lead partner for TMT security at Deloitte, says that these statistics show that companies are “being overconfident in their resilience.”

Companies rated mistakes by their employees as the top threat, with 70 percent highlighting a lack of security awareness as a vulnerability. However, only 48 percent offer general security-related training, the article says.

Especially as smartphones and other personal, portable devices enter the workplace, business data and personal software applications mingling in a single device makes mobile devices a prime target for hackers and provides new opportunities for attack, Deloitte says in the report.

The study shows that only 52 percent of companies polled had a BYOD (bring your own device) policy, although 74 percent of respondents considered the increased use of mobile devices as a vulnerability.

The major concern for respondents was the security of the businesses they work with as organizations become more reliant on third parties. Seventy-four percent of respondents were concerned about third-party breaches.

While 55 percent of organizations are improving their knowledge of cyber crime, only 39 percent are gathering information about attacks specifically targeted at their organization, industry, brand or customers, Computer Weekly reports.

The top priority for TMT organizations was developing a security strategy and roadmap, implying that TMT organizations recognize that security is smart business, not just compliance, the article says.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.