New Delhi: As many as 79% of organisations in India have identified cyber security as one of the top five business risks, while 58% included cyber risk as part of the boardroom agenda, which has moved up from 41% as recorded in 2015, according to a report.
The findings from KPMG’s Cybercrime survey report 2017 highlights that with increased trend of attacks, the top management of organisations are now beginning to understand the need for cyber intelligence, cyber resilience and measures to decrease the impact from cyber attacks.
According to Akhilesh Tuteja, partner and head-risk consulting, KPMG in India, and co-leader - global cyber security, KPMG, said, “Cybercrime has moved from corporate espionage and theft of Intellectual Property to use of advanced technology and malicious software, with the intent of holding companies to ransom and the threat of sabotaging brand reputation with data security breaches."
According to the report, 69% of the organisations are of the opinion that ransomware is a significant risk to them and 43% of the organisations indicated that they have experienced ransomware attacks in the past year. However, only 30% of the organisations clearly defined requirements with reference to cybersecurity expectations, incident response and data breach prevention and have educated vendors about the same.
Among other findings, 29% of organisations believe that the cyber incident response teams and cybersecurity specialists in organisations require major skills and talent enhancement making cyber incident response a key element of cyber strategy.
18% organisations are of the opinion that they are fully prepared to withstand and respond to large-scale cyber-attacks, while 69% of organisations are in the process or have formalised cyber response processes and procedures.
Organizations are also increasing their cyber budgets. According to 51% of organizations, there has been an increase in cyber security budget as compared to the previous year. However, 81% of the organisations have cybersecurity budgets of less than 10% of total planned budgets in spite of recognising it as one of the top business risks.
The report also looks at the changing regulatory landscape. According to law enforcement agencies, there has been more than 50% increase in the number of cyber crimes being reported in the last year. Almost two-third of the law agencies feel that there aren’t adequate laws to address matters related to cybercrime prevention, detection and investigation. Also, 40% of end users feel cross-country jurisdictions being involved is a hindrance in lodging a complaint with cyber cells. Not surprising then that a mere 3% of the organisations have reported cyber incidents to a local law enforcement agency.
The report champions the need for organisations across sectors to set up robust risk management measures/systems, thereby allowing a smooth and secure pace for the impending digital transformation most of them have embarked on, as cyber risks are not just IT or security risks but a serious business risk that can completely shut down the business.