Executives in the world’s largest technology, media and telecommunications companies have replaced compliance with implementing a 2013 security strategy as the number one driver for improving information security, according to the latest Deloitte Touche Tohmatsu Limited TMT Global Security study based on interviews with security executives at 121 TMT organizations from 38 different countries, including Romania.
“The business significance of information security officer positions has increased in recent years in Romania,” said Bogdan Petre (in picture), manager of Deloitte’s enterprise risk services (ERS) division. “Companies’ approach in this area still doesn’t match the current high level of risks and cyber threats. Budgets are also limited. Generally, neither the IT team nor the business is fully aware of the number and severity of current incidents, which cannot fully justify investments or bring bigger budgets in information security management.”
The study reflects overconfidence in protection against external threats, with 88 percent of executives not viewing their company as vulnerable. However, when pressed further, more than half of them acknowledged experiencing a security threat in the last year. Less than half of survey respondents reported having a response plan in place to address a security breach and only 30 percent believe third parties are shouldering enough responsibility for cyber security.
Also, 74 percent of the 121 executives surveyed rate security breaches at third parties as one of their top three threats, followed by denial of service attacks and employee errors and omissions.
Other major threats identified by respondents include advanced persistent threats (64 percent) and hacktivism (63 percent), new to this survey, which combines social or political activism with hacking.
The survey also identified a lack of employee awareness and third-party risks as top security vulnerabilities. It suggests that organizations should also invest in information security training and awareness for their employees to help mitigate risks from new technologies.