A recent study of information security shows that executives globally are overconfident of the cyber security levels of their own companies, increasing the risk for cyber crime.
In its 10th annual survey, Global State of Information Security 2013, the international consulting firm PwC said 68% of executives were confident of their organisation's information security precautions.
Another 42% even viewed their organisation as a "front-runner", having an effective strategy in place and being proactive in implementing industry-leading standards in information security strategy and execution.
However, the survey found that only 8% actually qualified as true information security leaders.
PwC defined "leaders" as companies that have a chief information security officer or equivalent in place; have an overall information security strategy; have measured and reviewed the effectiveness of their security in the last year; and understand exactly what types of security events have occurred.
The company interviewed more than 9,300 top-ranking executives from 128 countries, including Thailand.
Vilaiporn Taweelappontong, consulting partner at PwC Thailand, said the rise in global security violations, diminished budgets and degrading security programmes were key challenges that have left many businesses around the globe facing security risks that are neither well understood nor consistently addressed.
"The reality is that many top executives are over-confident about the strength of their information security effectiveness," Ms Vilaiporn said. "That leaves businesses open to fraud and reduces their attractiveness to potential clients as the number of IT security incidents increases."
The survey also found that fewer than half of the respondents (45%) expect an increase in their information security budgets in the next 12 months, mainly due to economic conditions.
"Of course, people feel the pinch in tough economic times, but crooks don't take holidays. Tying budgets too closely to the economy is a risky way to set security priorities," she said.
As mobile devices, social media and the cloud become commonplace both inside enterprise and out, the survey found that the adoption of technology is moving faster than security.
According to the report, 88% of consumers use a mobile device for both personal and work purposes, yet only 45% of companies have a security strategy to address personal devices in the workplace, and just 37% have malware protection for mobile devices.
"Security models of the past decade are no longer sufficient. Businesses around the world, including Thailand, should see information security as a valuable investment that protects both the business reputation and their bottom line," Ms Vilaiporn said.