Leaders in digital transformation, TMT companies are more vulnerable to cyber threats.
The cyber threat to the brand
Customer data remains the No. 1 target of the cyber criminal. A severe breach could create a public perception of a company as an unsafe enterprise to do business with — a negative branding that could take years to recover from and potentially impact its existence.
Few TMT companies have high confidence that they will be able to detect breaches of their systems, and that they will be able to determine whether customer and other data has in fact been compromised.
Customer data remains the No. 1 target of the cyber criminal.
Given the dangers, one might assume that companies are making cybersecurity a high corporate priority, but the numbers show otherwise.
Global companies spent almost $600 billion on building their brands in 2016, and yet they allocated only about one-tenth of that amount to cybersecurity. Our research shows that the TMT sector is not an exception.
TMT executives believe that their companies are spending less than half of what is necessary to reach acceptable levels of security — creating consequences for their reputations and customer franchises.
A striking example of this shortfall is in the lack of resources committed to employee awareness and training. We asked TMT executives to assess their companies’ cyber vulnerabilities and identify the most likely sources of attacks on their companies. In both cases, the most serious vulnerabilities were linked to employee behavior.
Similarly, TMT respondents believe that employees — either through lack of awareness or via malicious acts — are the greatest source of an attack.
Yet while TMT companies recognize the dangers presented by employees, they place a surprisingly low priority on the training and supervision that are designed to reduce employee-driven cyber risk.
TMT companies are placing an especially high priority on securing the Internet of Things (IoT). While the IoT has many benefits for TMT companies — digitizing a telco’s entire network, or full robotic automation of a semiconductor lab — it can also present higher cyber risk.
Placing a company’s critical operations on an IoT platform can increase the level of vulnerability (e.g., more attack vectors) and present higher consequences of a breach (e.g., ransomware attacks on production systems).
Four key steps to avoiding cyber attacks
There is a global consensus that cyber attacks will not only continue but increase in velocity and sophistication, including targeting data, cloud providers, automation and IoT products. Accepting that the brand is a critical asset that demands the highest protection, these are a few of the key steps that TMT companies must take:
1. Place a priority on protection level of brand-related assets
An emerging view in cybersecurity is that not all assets can be secured. This in turn implies that the enterprise must prioritize certain assets for higher levels of protection.
2. TMT companies should place such a priority on protecting brand-related assets
Building a “ring fence” around purchasing information, passwords, transaction records, privacy records and other data that touches the customer. This is the information that is most likely to be targeted by cyber attackers, and the breach, that can cause the greatest harm to the enterprise.
It should be the priority. In addition, TMT companies that build and sell IoT products should manage cybersecurity risks throughout the IoT ecosystem from development, production and most importantly, active maintenance.
3. Build an employee culture of cybersecurity
Many cybersecurity programs — managed by IT specialists — focus on highly technical solutions to defend against cyber attacks. Companies should recognize that attackers can potentially be their own employees, and detecting malicious lateral movements inside the network perimeter is equally as important.
Cybersecurity training, supervision and accountability — in short, an employee culture of cybersecurity focused on vigilance — are critical to defend against cyber attacks.
4. Create a post-breach brand-recovery program
Many cyber experts privately acknowledge that their companies will be breached at some point. Ability to respond is as important as the capability to defend.
Companies should have in place a proactive incident response and recovery plan — including a communications plan, incident response process, forensics capability, governance and technical recovery procedures — that can help minimize damage, enable legal diligence and accelerate the company back to the trust of its customers.
Summary
EY’s TMT Global Information Security Survey 2019 looks at whether technology, media and entertainment, and telco companies are doing enough to secure their operations, manage cyber risk, protect their customers and safeguard their brands.