Surprisingly, only 17% of 235 Indian organisations surveyed reported breaches have taken place in their network systems.
Bengaluru: While cybersecurity continues to top the board agenda across India Inc., surprisingly it is only 17% of 235 Indian organisations surveyed in the EY’s ‘Global Information Security Survey (EY GISS) 2018-19 – India edition’ report the breaches that have taken place in their network systems.
The recently released EY report also reveals that while banking and telecom are the favourite sectors for cybercriminals, manufacturing, healthcare, and retail have also faced a significant number of cyber-attacks.
According to the survey, malware (22%), phishing and disruptive cyber-attacks (15% each) are the top three threats to organisations.
Customer information, financial information and strategic plans of an organisation are the top three most valuable pieces of information coveted by cyber criminals.
Commenting on the findings, Burgess Cooper, Partner – Cyber Security, EY India said, “In comparison to the previous years, organizations are planning to spend more on cybersecurity, devoting more resources for improving their defences, and working harder to embed security-by-design. With the rise in digital movement and data generation, there is a growing realization that security is also about maintaining the continuity of business operations — and not restricted to only security of data and privacy.”
According to him, cyber criminals are no longer interested in infecting a system with a virus like in the previous years but have an eye on the bigger pie.
“As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country. The need of the hour is to enable and foster a cyber-secure culture and ecosystem. The Government on its part has taken a number of initiatives in this direction; however, the involvement of each citizen and all organizations to make it a collective and coordinated movement is a must for the success of the cyber secure eco-system,” Gulshan Rai, Cyber Security Chief, Prime Minister’s Office, said while releasing the report.
He added that there are provisions under the IT Act (such as section 43A) under which “incident reporting is mandatory.” Justice Srikrishna committee has recommended making it mandatory to disclose a breach not only to the authority but also to the person whose data has been affected. “That will follow as a law in due course of time. But, there is a thinking in that direction… and it will get strengthened over a period of time,” Rai said.
The EY survey also stated that organisations while realising threats are rampant and result in both financial and performance loss, they are also limited by budgetary constraints.
According to the survey, 70% plan to increase their cyber security budgets, while 62 % of the boards are taking steps to strengthen their understanding of cyber security.
However, there are hurdles in the form of budgetary allocations, as only 19% have sufficient budget to achieve the level of security they desire.
But interestingly, more than half (53%) of the organizations are spending on cyber analytics.
Interestingly, 32% think careless or unaware employees were the biggest vulnerability in terms of information security. EY said that there could be some empirical data behind companies feeling this way but reiterated the fact that a company’s employees are the first and last line of defence against cyber-attacks.
— Sufia Tippu is a freelance tech journalist based in India contributing to EE Times India.