The threat within

The threat within

New Delhi: Coming soon after the Mumbai terror attacks, a survey by global consulting firm Pricewaterhouse Coopers or PwC has revealed that at least 90% Indian companies do not regularly test their disaster recovery plans. There may, however, be some consolation in the fact that 83% of the companies do have such plans in place.

Click here to watch video

/Content/Videos/2008-12-19/1812_PWC report_ Info. Sec_MINT_TV.flvb267826a-cd1a-11dd-8a91-000b5dabf636.flvAnother finding reported by PwC is that the biggest threat to the databases of organizations comes from their employees, both existing and former. Over the last couple of years, incidents of employees leaking company data for personal gain were reported in the media. This has led to a massive ramp up of database and information security systems.

According to the report Indian companies have been ahead of their global peers in some ways to ensure data security. 51% of Indian firms have Chief Information Security Officers who ensure data and information security. The corresponding figure globally is 32%. Also, more Indian companies, 73% as per survey, periodically do security audits compared with 54% worldwide. Data backup mechanisms are in place at most companies whether at home (91%) or abroad (83%). As a result of all these steps the security breaches have been fewer in India. 54% Indian companies reported a security breach vis-à-vis 78% globally. But many may be going unreported.

Wireless devices and networks, vulnerable to security breaches, are on the scanners of companies globally, who have established security standards for handheld and portable devices. This is however, missing in India, even though the spending on information security has increased and is set to grow. “Currently we have seen 17% of IT budget spent on security and we have seen a CAGR of around 45% YoY on security spend. We do not see that is going to go down. That level of growth will exist for years to come, primarily because the Indian spends in earlier years were far lower than global spend on IT security", says Sivarama Krishnan, Executive Director, Information Security Practice, PwC.

Although the focus is now on people and on creating awareness, the survey found companies are reluctant to report security breaches by employees to police and other law enforcement agencies. Only 9% of the companies surveyed had done this. And even as background checks of employees become more important in view of the changing profile of criminals, only 27% of the companies surveyed intended to do so, the report says.