TMT companies chopped their information security budgets in the wake of financial crisis

The challenged macroeconomic backdrop is causing companies to review costs in all areas, including security, with 32% companies in the technology, media and telecommunication industry reporting having reduced their information security budget, and 60% believing they are “falling behind” or still “catching up” to their security threats, a new Deloitte Global TMT Security Survey found.

“This year’s results show a significant drop in security investment, which is having a detrimental impact on all aspects of TMT security”, Deloitte Global TMT Security Survey shows.

Over the past year, there have been a number of high profile privacy breaches. Yet, only 47% of surveyed companies currently have a privacy program in place, and only 44% have an executive responsible for privacy. This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33%), a written privacy policy (28%), nor a formal directive with respect to the destruction of personal information (28%).

According to Deloitte specialists, only 6% of the respondents said they allocate 7% of their IT budget to information security.

Declining security investment is hindering the adoption of new security technologies. Only 53% of respondents consider themselves early adopters, down from 67% in the last edition of this survey. Many are explicitly scaling back investments in new technology, and are focusing more effort on improving technologies that are already in place.

According Deloitte survey findings, social networking sites, such as Facebook, MySpace or Twitter and blogs are added to the list of insider threats. This year’s survey results show that “exploitation of vulnerabilities in Web 2.0 technologies” and “social engineering” are regarded as a threat to the company’s information security, with 83% and 80% of respondents respectively.

“TMT companies are feeling significantly less confident about their ability to deal with internal security risks. This year, only 28% of respondents rated themselves as “very confident” or “extremely confident” with regard to internal threats, down from 51% in 2008. Also, 41% of respondents experienced at least one internal security breach in the 12 months leading up to the survey”, survey shows.

57% of respondents believe that senior executive support for effectively meeting regulatory requirements is either missing or inadequately funded.

Respondents included companies headquartered in every major region: North America, Europe, Middle East, Africa, Asia Pacific, Japan, Latin America and the Caribbean Region.

Te-ar putea interesa si:

Mai multe articole din sectiunea English »