Tourism: Spending on Security and Privacy Declines with Economy
Recent Gauteng Business News
The survey was based on in-depth research, mostly in-person, with over 200 technology, media and telecommunications (TMT) organizations around the world. Respondents included companies headquartered in every major region: North America, Europe, Middle East, Africa, Asia Pacific, Japan, Latin America and the Caribbean Region.
The research reveals that 32% of respondents reduced their information security budgets, while 60% of respondents believe they are “falling behind” or still “catching up” to their security threats – a significant increase from 49% over the previous year.
“This year’s results indicate companies are explicitly scaling back, which is having a detrimental impact on all aspects of TMT security,” said Reinhardt Buys, a senior technology lawyer at Deloitte Legal in Johannesburg.
“Companies that under-invest in security now may find themselves vulnerable and unable to keep pace with the growing threats from increasingly sophisticated attacks and emerging technologies.” **
With the proliferation of digitized assets, security should claim a significant portion of a company’s overall IT budget. However, only 6% of respondents allocate 7% or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36% of the respondents allocated 7% or more of their budget to IT security.
The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53% of respondents considering their organizations to be early adopters, or part of the early majority, down from 67% in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.
While social networks (like Facebook and Twitter) and blogs can be powerful enablers, they also increase organizations’ internal security challenges. In today’s connected world, insider threats are greater than ever. Survey results show that “exploitation of vulnerabilities in web 2.0 technologies” and “social engineering” techniques such as pretexting and phishing are regarded as a threat to a company’s information security, with 83% and 80% of respondents respectively.
According to Buys the survey confirms, yet again, that the biggest security risks are internal – negligent and disgruntled staff members.
Furthermore, generational differences have a major influence on perceptions of privacy. Information sharing for the youngest generation of TMT workers can test the limits of traditional privacy laws. In contrast, older generations have a different perspective on privacy. Survey respondents recognize this issue, with 56 % rating “cultural interpretations” as an “average” to “very high” threat to their information security.
“Information and intellectual property are the lifeblood of a TMT company,” said Buys. “Protecting these precious assets, often in open and collaborative business environments must be the imperative for organizations.”
TMT companies face a myriad of rules and regulations that relate to information security and strict compliance is critical, particularly in a tough economy. Failure to comply can expose a company to hefty fines and significant liability. However, compliance with rules and regulations may not be sufficient for TMT companies to mitigate their information security risks. Over 67% of respondents say that regulatory security requirements are at best “somewhat effective” for improving their information security posture. A majority (57%) of respondents believe that effectively meeting regulatory requirements is either inadequately funded or missing senior executive support.
“A few important lessons can be learned from the survey results,” said Buys.“Companies that underinvest in security now may find themselves exposed when the economy recovers. In addition to increased protection of intangible assets, a main priority needs to be protecting your organisation from itself. Business will also be well advised to outsource specialised security needs like forensics, legal support and regulatory compliance,” he concludes.
Business News Sector Tags: Security|