More technology, media and telecommunications (TMT) businesses are falling prey to security attacks, according to a new global survey by Deloitte, the business advisory firm. Despite stable security investments, half of the TMT organisations indicate that they consider lack of budget and personnel to be the biggest barrier to adequate information security.

The number of companies that have reported security breaches increased in 2011 to reach a staggering 75%. Technology companies reported the highest number of information security breaches, with 18% indicating six to 20 breaches in the last year. This is more than double the number revealed by media and telecommunications companies.

TMT organisations are not coping with the evolving environment: More than half (52 percent) of respondents indicate that their expenditures on security are falling behind or catching up.

David George, partner at Deloitte's Enterprise Risk Services practice in the Midlands commented: "More organisations are suffering from attacks and risks are rapidly evolving and taking new forms, such as 'hacktivism' and 'advanced persistent threats. In today's increasingly hyperconnected world, there is no such thing as an isolated threat, and breaches in one system or organisation can quickly spread to others. Given these concerns, as well as the fact that we are living in a hyper-connected world where we are facing increasing regulatory pressures, budget cuts and personnel challenges, companies are not keeping up."

Deloitte's survey also showed that despite nearly half (43%) of TMT companies supporting both corporate-provided mobile devices and personal devices in the workplace, many said they are investing a smaller part of their IT budget on information security. About three-quarters of the respondents said they spend between 1% and 6% of their IT budget on information security.

18% of TMT organisations have established clearly defined practices to inform customers and other external stakeholders about risks that threaten the integrity of their data or networks. This compares to 35% that have partially established such practices, or are currently working on them, and the nearly half of respondents that have none at all.

George said: "For many people, day-to-day activity centres on information and connectivity, and this is only going to increase given the proliferation of mobile, smartphone and tablet devices. While the concept of 'bring your own device' offers many potential benefits, it does present many challenges and questions about data confidentiality, employee privacy, application development and distribution, and mobile device support. 

"Worryingly, while information security is clearly front-of-mind for companies, more than a quarter do not report to senior management. Information security across the TMT industry is a matter that requires C-level attention, and organisations must raise awareness of the issues and train employees how to deal with them. The bar is being raised to a new level, and we need to step up."

Top five security threats in 2012

1.       Mobile devices (34 percent)

2.       Security breaches involving third parties (25 percent)

3.       Employee errors and omissions (20 percent)

4.       Faster adoption of emerging technologies (18 percent)

5.       Employee abuse of IT systems and information (17 percent)

Mobile devices are considered the number one security threat for 2012. Yet it's not the device itself but more so the sensitive data it carries.