Why is Deloitte not hiring TCS employees?

Much is not enough - Deloitte study on information security

The 138 companies worldwide from the TMT industry (technology, media, telecommunications) that were surveyed for the Deloitte study "Raising the Bar - 2011 TMT Global Security Study" only kept their security measures at the previous year's level.

Too little given the increasing dangers. Around three quarters of companies spend between one and six percent of their IT budget on security-related measures. Compliance is currently the top priority. In the future, however, the focus will be primarily on mobile security, cloud computing and data protection.

The use of social media and networks also poses a growing risk - for almost a fifth of companies it is even the greatest. Overall, the numbers are alarming: while last year 38 percent could claim that they had no security problems, in 2011 it is only 25 percent.

"The level of information security remains almost stable compared to the previous year, which is not enough. The TMT industry in particular should take on a pioneering role here, because the threat landscape is growing and developing continuously - new phenomena such as 'hacktivism' are examples of this", explains Uwe Probst, partner in the ERS division at Deloitte

Stagnation despite increasing dangers
Attacks on corporate information are increasing - three quarters of those surveyed were recently affected. Above all, technology companies are targets: 18 percent recorded six to 20 incidents within the last twelve months, twice as many as telecommunications and media companies. Nevertheless, the companies have hardly reacted: the number of CISOs has not increased, nor has the budgets. Around one third prepare a security report for top management once a month, two thirds have a defined security strategy.

Compliance as a competitive factor
The No. 1 security-relevant topic is compliance - not least with regard to corporate image and competitive position. Compliance goes far beyond following legal regulations. Due to their skills and capacities, companies could even set their standards of initiative higher than governments. After all, half take part in cross-company cyber initiatives - with media companies being rather weakly represented.

Three factors determine the future
In the future, TMT companies will primarily be concerned with mobile security, cloud computing and data protection. The "bring your own device" principle, which is becoming more and more common in working life, creates a multitude of risks for company information that must be countered. The cloud also harbors dangers; 37 percent do not (yet) want to use it for security reasons. Last but not least, the discussion about the future of data protection in a networked world is causing uncertainty.

Networking as a risk factor
At more than 40 percent, employees are increasingly working with their private smartphones, and at media companies the figure is almost 60 percent. This is just as a security risk as social media activity. Both trends must be taken into account in the company's own security strategy. It is worrying that the proportion of companies that sensitize their employees through training has fallen from 35 to 20 percent.

The high degree of networking represents one of the greatest challenges for information security in companies. Instead of the provider-customer dipolarity, there is an increasing number of actors. Around 60 percent of those surveyed see third parties as a security risk - but only 30 percent check third-party providers for their security policy.

The risk-relevant communication of the companies in their networked "ecosystem" is also decisive. Only 18 percent have already defined clear rules and guidelines, a further 35 percent have at least established individual practices or are working on them. However, almost half of the respondents have no communication structures whatsoever in this regard.

"In view of the increasing networking and complexity, companies are finding it increasingly difficult to reserve resources and skills for adequate information security management. More than half of those surveyed named budget problems as an obstacle - the challenges go beyond the traditional framework of security systems. Security operations centers can provide a remedy 48 percent of those surveyed use this at least partially, "concludes Uwe Probst.