Study: Many businesses overconfident about cybersecurity

Despite confidence, many organizations report having a security incident within the last year


According to a new study conducted by UK-based business advisory firm Deloitte, 88 percent of companies surveyed in the technology, media and telecommunications (TMT) sectors did not believe they were vulnerable to an external cyber threat. However, despite that confidence, 59 percent indicated that they had experienced a security incident in the last year.

The sixth annual "Global TMT Security Study" was based on the results of interviews with security executives of 121 TMT organizations from 38 different countries.

Among some of other highlights of the study included:

  • 68 percent of respondents said they understood their cyber risks and 62 percent said they had a program in place to address them.  However, only half of respondents said they had a documented response plan in place
  • 70 percent believed that lack of security awareness by their own employees was their biggest cyber threat, but only 48 percent offered even general security-related training.  
  • Nearly half (49 percent) said lack of budget made it difficult to improve security.
  • Bring your own device (BYOD) was a big concern for many surveyed as 74 percent of respondents considered the increased use of mobile devices in the workplace a vulnerability. Only 52 percent of TMT companies reported having a BYOD policy in place.

"Cyber-attacks are now so sophisticated and commonplace that it is impossible to be fully protected. Companies need to act as if a breach is inevitable and have a documented response plan in place so they can react when it does happen. Unfortunately not enough companies are doing this so we think companies are being overconfident in their resilience," James Alexander, lead partner for TMT security at Deloitte, said in a statement.  "Companies must also embed a culture of cybersecurity in their staff. This is easier said than done, but each employee holds the keys to the castle and must understand that responsibility. Spreading a secure culture should also extend to the businesses that companies work with and companies need to collaborate to ensure strength across organizational boundaries."

Click here to view an infographic with additional details about the study.