New Delhi: Companies in India are spending more on cybersecurity each year, but are still not confident of their ability to sense, resist and respond to cyber threats, says the latest survey by EY, the global professional services organization. The report, titled ‘Path to cyber resilience: Sense, Resist, React,’ was released on Wednesday by Gulshan Rai, national cybersecurity coordinator at India’s National Security Council.
According to the report, EY’s 19th global information security survey, 69% of Indian respondents reported an increase in their cybersecurity budgets over the last 12 months. Despite the increased investment, 75% of the respondents said their cybersecurity function does not fully meet the organization’s needs. These findings are in line with the global trend, with more than half the respondents reporting increased budgets, but 86% still not confident of their cybersecurity function.
Increasing risk exposure
Outdated information security architecture and controls have increased the risk exposure for Indian companies over the last 12 months, with as many as 61% of the respondents citing this aspect as their topmost vulnerability. Careless or unaware employees were their second-most important concern (58%), while vulnerabilities related to mobile computing, social media and cloud computing also feature prominently as contributing to increased risk exposure. Among threats, a majority (54%) believe that cyber attacks are primarily targeted at defacing/disrupting organizations or stealing intellectual property or data (51%), followed by fraud (48%).
More than half the respondents (55%) do not have a formal, threat intelligence program, and 44% do not possess vulnerability identification capabilities. More than a third (33%) do not have a security operations centre (SoC), which serves as a continuous monitoring mechanism.
Challenges of the digital ecosystem and connected devices
The report says that organizations are struggling with the huge number of devices that will become part of their networks, challenges related to the size of data traffic and the expanding ecosystem of business partners. The most important information security challenges were identified as finding hidden or zero-day attacks (50%), identifying suspicious traffic over the network (44%) and ensuring that implemented security controls are meeting the requirements of the day (40%). On the growing use of mobile devices such as laptops, tablets and smartphones, more than half (55%) see poor user awareness as the most significant risk, followed by (41%) loss of a device, which leads to loss of information and identity.
The EY survey is based on responses from 1,735 senior company executives globally, including 124 from India.