To help personalise content, tailor your experience and help us improve our services, uses cookies.
By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

Cybersecurity Continues To Rise Up The Board Agenda Across India Inc – EY Survey

EY GISS 2018-19 – India edition  finds 70% of Indian organizations plan to increase their cybersecurity budgets, wherein, 62% of the boards are taking active steps to strengthen their cyber security understanding

The latest security survey cites that cybersecurity has become a boardroom concern for organizations across verticals, revenue bands and geographies.

India currently ranks second in terms of targeted attacks, with one of the highest number of cyber threats detected in India.

EY’s Global Information Security Survey (EY GISS) 2018-19 – India edition launched the latest security survey in New Delhi in the presence of Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India.

The latest EY GISS India edition captures responses of 230 C-suite leaders representing India’s most recognized organizations with revenues ranging from less than USD 10 million to over USD 10 billion.

In India, while 62% of the boards are taking active steps to strengthen their cyber security understanding only 46% of boards or executive management teams have a comprehensive understanding of information security to fully evaluate cyber risks and related preventive measures. The interest in cybersecurity reporting at board level has grown from attempts to understand technology to the point where boards now have a fiduciary responsibility to manage cybersecurity risk.

However, only in 30% of organizations surveyed, board members are taking an ultimate responsibility for cybersecurity.

Speaking at the launch of the report, Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India said, “As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country. The need of the hour is to enable and foster a cyber-secure culture and ecosystem. The Government on its part has taken a number of initiatives in this direction; however, the involvement of each citizen and all organizations to make it a collective and coordinated movement is must for the success of the cyber secure eco system.”

Commenting on the findings, Burgess Cooper, Partner – Cyber Security, EY India said, “In comparison to the previous years, organizations are planning to spend more on cybersecurity, devoting more resources for improving their defences, and working harder to embed security-by-design. With the rise in digital movement and subsequent exponential increase in data generation, there is a growing realization that security is also about maintaining the continuity of business operations — and not restricted to only security of data and privacy.

The survey highlights that while 70% of Indian organizations plan to increase their cybersecurity budgets, only 19% have a sufficient budget to provide the levels of cybersecurity and resilience as required. Furthermore, the survey reveals that 69% of organizations are still spending a very limited portion of their overall IT budget on cybersecurity with lower level of awareness of where their most critical information and assets are, and inadequate safeguards to protect these assets.

The survey highlights major challenges that limit the value delivery as well as the operational effectiveness and efficiencies of the information security function –

  • While 56% of the organizations consider cyber security as an integral part of their strategy and plans, skills shortage has emerged as a key overarching problem wherein even organizations from relatively well-resourced sectors are struggling to recruit the talent they require
  • 69% of organizations say their information security function is at least partially meeting their needs, and 70% of the organizations agree that their information security function needs improvement
  • 32% respondents have cited careless or unaware employees as their topmost vulnerability with the most increased risk exposure, over the last 12 months
  • 46% of respondents have no program – or an informal program – for one or more of the following – threat intelligence, vulnerability identification, breach detection, incidence response, data protection and identity and access management.

Sector insights:

  • 87% of the organizations in the Technology sector, and 70% of the organizations in the telecom sector regard careless employees as the most likely source of attack
  • 84% of Consumer products and Retail brands do not have a functional Security Operations Centre (SoC) which reflects that nearly half of the companies are unable to detect the occurrence of a cyber-attack. Additionally 90% them do not have a direct representation for information security at the board level
  • 25%-50% of additional funding is required over existing security budget to better protect against emerging threats by 100% of Telecom organizations, 92% of Technology organizations, and 58% of Power and Utilities organizations. However, 75% of the organizations in the Consumer products and Retail have identified that more than 50% of the additional funding over existing security is required
  • Almost 75% of organizations in the Power and Utilities sector have reported an absence of adequate or formal programs for threat intelligence, vulnerability identification, breach detection and incident response

Further info: Click here.

Show More

Niloy Banerjee

A generic movie-buff, passionate and professional with print journalism, serving editorial verticals on Technical and B2B segments, crude rover and writer on business happenings, spare time playing physical and digital forms of games; a love with philosophy is perennial as trying to archive pebbles from the ocean of literature. Lastly, a connoisseur in making and eating palatable cuisines.

Related Articles