SINGAPORE - Current employees pose the biggest cyber-related threat to organisations, according to a worldwide study by auditing firm PwC. Over 9,700 respondents from various IT and security practices in more than 154 countries were surveyed.
The participants in the Global State of Information Security Survey 2015 also pointed an accusing finger at trusted parties such as current and former service providers, consultants, and contractors for being weak links.
PwC principal and former FBI deputy director Sean Joyce said: "Based on my experience with the [Chelsea] Manning and Snowden leaks, and with managing one of the leading insider programmes within the intelligence community, I have seen that organisations sometimes overlook the threat from within their business ecosystem.
"The effects can be devastating."
While hacks and cybersecurity threats have been making the headlines for the past year, investments in information security budgets declined 4 per cent over 2013. Small and Medium Enterprises (SMEs) with revenues less than $127 million reduced security investments by 20 per cent in the same period. The report described the overall decline in security safeguards as 'worrisome'.
However, PwC pointed out that there was a significant increase in spending for cybersecurity last year, making the increments hard to sustain and accounting for this year's decline.
IT investments went up by 40 per cent and security spending went up by 51 per cent in 2013, as compared to 2012.
Companies are now more judicious in their spending, targeting the weak links instead of adopting a broad-based approach.
"In the past, the big spending projects tended to lock down all the data, but that's no longer seen as effective," said Fernando Camarotti, chief information security officer of Vale, a global metals and mining company based in Rio de Janeiro.
"In addition to traditional information security controls for the entire company, we worked to find where we had confidential information that needed to be protected. When you do that, the security investment can be more effective and much smarter," he added.