Businesses overconfident about cyber security, says Deloitte

Businesses are overconfident about cyber security and should treat security breaches as inevitable, says business advisory firm Deloitte

Businesses are overconfident about cyber security and should treat data security breaches as inevitable, says business advisory firm Deloitte.

A new study shows that 88% of companies in technology, media and telecommunications (TMT) do not think they are vulnerable to an external cyber threat.

Although 68% of companies said they understood their cyber risks and 62% said they had a programme in place to address them, 59% experienced a security breach, according to Deloitte's sixth annual Global TMT Security Study.

With over half of those polled aware of security breaches in the past year, Deloitte said companies should invest significant time and effort in detection and response planning.

Despite the importance of disaster recovery, only half of companies have this planning in place, the study revealed.  

“Cyber attacks are now so sophisticated and commonplace that it is impossible to be fully protected,” said James Alexander, lead partner for TMT security at Deloitte.

“Companies need to have a documented response plan in place so they can react when breaches occur. Unfortunately, not enough companies are doing this so we think companies are being overconfident in their resilience,” he said.  

Employee mistakes is top threat 

Companies rated mistakes by their employees as a top threat, with 70% highlighting a lack of security awareness as a vulnerability. Yet only 48% offer general security-related training.

It is important that employees are aware of their responsibilities in keeping data security, said Deloitte, particularly with personal smartphones and other devices entering the workplace.

The intermingling of access to business data and use of personal software applications in one device makes mobile devices a prime target for hackers and provides new entry points for attack, Deloitte said.

The study showed that only 52% of companies polled had a bring-your-own-device (BYOD) policy in place, although 74% of respondents considered the increased use of mobile devices as a vulnerability.

The studied showed that a major concern for respondents was the security of the businesses they work with as organisations become more reliant on third parties.

Some 74% of respondents said they were worried about third party breaches. Deloitte said it is important that organisations work with third parties to understand and improve security practices.

While 55% of organisations are improving their knowledge of cyber crime, only 39% are gathering information about attacks specifically targeted at their organisation, industry, brand, or customers.

A security strategy and roadmap topped the list of priorities, implying that TMT organisations now recognise that being secure is smart business, not just a regulatory requirement, said Deloitte.

Alexander said companies should aim to embed a culture of cyber security in their staff, and this should extend to the businesses that companies work with ensure strength across organisational boundaries.

“This is easier said than done, but each employee holds the keys to the castle and must understand that responsibility,” he said.


Read more on Data breach incident management and recovery