Nine out of 10 companies 'not vulnerable' to cyber attack - or so they say

Nine out of 10 companies do not believe that they are vulnerable to hackers, despite the fact that half have faced a "security incident" in the past year.

That is the conclusion of a report into computer security by consultants Deloitte focusing on the technology, media and telecoms (TMT) sector.

Some 88 per cent of all respondents to the survey - 92 per cent of respondents in the technology sector - claimed that they are "very confident" or "somewhat confident" that they are protected against external cyber threats. More than 60 per cent rated their ability to mitigate newly developed threats as "average" or "high".

"However, this widespread confidence may not be realistic... TMT organisations face an onslaught of new and growing security threats, including advanced persistent threats (APTs) and 'hacktivism'," wrote Jolyon Barker, global managing director, and Jacques Buith, TMT security and resilience leader, in the report.

They added: "At the same time, TMT organisations are trying to figure out how to manage new technologies such as mobile and cloud computing - technologies that promise to dramatically improve how businesses operate, but which also present significant new security challenges and risks."

The top perceived threats highlighted by respondents included denial of service attacks - which can be particularly lethal to media companies in the online era - and employee error. Furthermore, despite the high confidence expressed, 59 per cent of respondents admitted to a security breach in the past year, of which 12 per cent were classified as "high impact".

Perhaps surprisingly, one-third of TMT companies are already using cloud computing in some capacity, with 39 per cent storing "critical data" in the cloud - 61 per cent in the media industry, presumably as a result of outsourcing of content management systems.

"Yet many respondents acknowledge that with cloud there is no assurance of security whatsoever, and that ease of use often trumps security. In particular, it is often difficult to know where cloud data is physically stored and what national and local regulations apply to it," stated the report.

However, despite the variety of security risks organisations face, only half claimed to have a document response plan in place to resort to in the event of a security lapse.