Companies in technology, media and telecommunications demonstrate a lack of seriousness to external cyber threats.
A report by Deloitte claimed that 88 per cent of companies do not believe that they are vulnerable to an external cyber threat, while more than half of those surveyed have experienced a security incident in the last year.
The study of 121 companies in technology, media and telecommunications (TMT) found that while 68 per cent of companies said they understood their cyber risks and 62 per cent had a program in place to sufficiently address them, 59 per cent said they had knowingly experienced a security incident.
James Alexander, lead partner for TMT security at Deloitte, said: “Companies need to act as if a breach is inevitable and have a documented response plan in place so they can react when it does happen. Unfortunately not enough companies are doing this so we think companies are being overconfident in their resilience.
Companies rated mistakes by their employees as a top threat, with 70 per cent highlighting a lack of security awareness as a vulnerability. Despite this, less than half of companies (48 per cent) offer even general security-related training, with 49 per cent saying that a lack of budget was making it hard to improve security.
“Companies must also embed a culture of cyber security in their staff. This is easier said than done, but each employee holds the keys to the castle and must understand that responsibility. Spreading a secure culture should also extend to the businesses that companies work with and companies need to collaborate to ensure strength across organisational boundaries,” Alexander said.