2013 TMT Global Security Study
Blurring the lines
Explore Deloitte's sixth annual worldwide study report of information security practices in Technology, Media, and Telecommunications (TMT). The study, based on interviews with more than 120 security executives of TMT organizations from 38 countries, reveals a shift.
A note from the authors
This year the top security initiative for TMT organizations is security strategy and roadmap (where regulatory compliance was the top initiative last year) and the top concerns for TMT organizations are third party security risks and employee awareness. Now the big question is what to do next to manage growing security threats and new technologies while finding ways to maintain and strengthen security in a hyper-connected world where third parties and digital supply chains are an integral part of their business models.
TMT organizations now recognize that information security is fundamental to their business, and not just a compliance issue anymore. The 2013 security trends are converging to create an environment where traditional security boundaries are blurry or even non-existent. The question is not if you will be attacked; the question is when — and how you will deal with it. Effective management of information security risks requires a robust combination of prevention, early detection, and rapid response that involves third-party business partners as well as the public sector.
What do executives at the world’s largest tech, media, and telecom companies believe is needed to improve information security and address cyber threats in 2013?
Investing in information security
Top three security initiatives:
- Information security strategy and roadmap
- Information security training and awareness
- Mobile security
"TMT organizations are now focusing on information security because their customers and the marketplace demand it, not just because regulations require it."
Dealing with external threats
Top three threats 2013:
- Security breaches at third parties
- Denial of Service attacks
- Employee errors and omissions
"Prevention is an important first step; however, no organization can be 100% safe from attack. Robust detection and advance preparation and planning may help stop a breach from turning into a crisis."
People and technology
Top three vulnerabilities:
- Number and type of third parties
- Increased usage of mobile devices
- Lack of sufficient awareness with employees
"People are part of the problem when it comes to information security, so they need to be part of the solution. Training and awareness may help TMT organizations manage the risks from new technologies."
Third-party security risk
Top three actions:
- Control third-party access to data
- Identify third-party security capabilities, controls, and organizational dependencies
- Increase the cyber awareness of suppliers and business partners
"TMT organizations need to work with their third parties to understand and improve their combined security capabilities. Contracts alone are not enough."