Consumers are not alone in being overly casual about their online security. A new study by one business consulting firm suggests that organizations, too, are taking the Pollyanna approach to data security. "Don't worry, be happy" seems to be the operative attitude. Unfortunately, it is likely to end in some unhappy awakenings.
The new study, from Deloitte, finds that an astonishing 88 percent of firms in the technology, media, and telecommunications (TMT) sector are unconcerned about security threats. And these are the firms that are supposed to be most savvy about technology.
We have to be blunt: This is a triumph of wishful thinking over experience. Even the most casual follower of tech news knows that major, widely-reported security breaches are pretty much a weekly occurrence. (As we write this, Twitter was the most recent high-profile victim.)
The details are even worse, as reported by Warwick Ashford at Computer Weekly. The sixth annual Deloitte Global TMT Security Study finds that 68 percent of the firms claim to understand their security risks. Nearly as many, 62 percent, supposedly have a security program in place. Moreover, 59 percent of the firms studied have themselves experienced a security breach.
Yet seven out of eight of these companies are nonchalant about their security. Only half of them have any disaster recovery plan in place – leaving them vulnerable to natural disasters as well as deliberate attacks.
The new Deloitte study provides some other insights into security needs and shortfalls. Employee errors are a leading cause of security problems, identified by 70 percent of TMT firms. Yet only 48 percent provide general security training to their people. Likewise, 74 percent worry about personal mobile devices in the workplace, yet only 52 percent have a bring-your-own-device (BYOD) policy in place.
Overall, only 39 percent of these companies actively track security threats aimed at their firm, brand, customers, or industry.
A few glimmers of light did turn up in the report. With collaboration and partnering on the rise, a growing number of firms (74 percent) recognize that third-party breaches are an emerging security risk.
And all is not lost. Perfect security is unattainable, but firms can take steps to improve their security. Most broadly, according to Deloitte's lead TMT security partner, James Alexander, firms should seek to "embed a culture of cyber security" in their organizations.