Industry insights

Technology, media and telecommunications

Technology, media and telecommunications (TMT) organizations serve as an underpinning to all other industries, and demand for their products and services is more pronounced than ever. From electronic signature software, to 5G infrastructure implementation, and the Internet of Things (IoT), this industry is fundamental to the future of work. This is increasing the spotlight on cyber security, magnified by major recent events exposing vulnerabilities in global operating systems and supply chains.

How does the technology, media and telecommunications industry stack up?

2.5 (basic)

The average CyQu rating for technology, media and telecommunications organizations globally is 2.5/4 (basic).

What this means

This rating indicates that cyber security maturity is at a basic level. Organizational cyber security risk management practices and technologies are not formalized, and risk is managed in an ad hoc and sometimes reactive manner. Risk management practices and technologies are not established organization-wide.

Explore the most pertinent cyber risks to technology, media and telecommunications organizations, map them to key cyber security controls, and determine actions your organization can take today to close cyber security gaps.

Click below (+) to learn more

*Aon's Cyber Quotient Evaluation (CyQu) is a comprehensive cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas

Underpinned by proprietary data and expert insights, explore four key risk themes that are prominent to technology, media and telecommunications organizations today.

Read below to learn more

Navigate new exposures:

Rapid digital evolution

It is surprising that 22% of organizations do not use penetration testing, in any form, to contribute to the safeguarding of their environment. Given the intangible nature of technology, media and telecommunications asset classes, creating a resilient infrastructure is of increasing importance.

Know your partners:

Third-party risk

Managing third-party risk highlighted a significant split in the industry, with 28% of organizations indicating that cyber security is not specifically addressed when contracting with third-parties. Meanwhile 20% of organizations indicate that cyber security is a critical component of all contracts, with explicit requirements and minimum standards built into contract wording.

Concentrate on controls:


Endpoint security configuration has a real variance in responses. 37% of organizations have very basic controls in place. However, on the opposite end of the scale, 31% of organizations utilize best-in-class methodology. Connected to this, 34% of organizations do not monitor endpoints for suspicious activity – this is a challenge that must be addressed.

Perfect the basics:


User awareness training has been a big focus for this industry, with 46% of organizations indicating that they employ a robust process including security training, regular phishing testing, and updates. However, 22% of organizations struggled to deploy a robust and consistent approach to data classification, meaning that sensitive data may not have been identified and provided with the appropriate level of protection.

The opportunity