Less than half the CIOs and heads of IT, cybersecurity and enterprise risk assessment in India believes their organisation's cyber resilience has improved due to hiring of skilled people, improved information management and a 360 degree visibility into apps and data assets. The 2020 Cyber Resilient Organization Report by IBM and Poneman Institute says only 45% IT leaders see an improvement in cyber resilience of their firms.
According to the report, 56% of Indian respondents said the time their firms took to identify incidents has improved, while 55% said the time it took the companies to contain incidents has improved. About 46% said they were able to thwart cyberattacks.
Further, when asked why they had seen improvement in the security posture, 65% attributed it to the hiring of right talent. Another 62% believe it was because of improved information governance practices, while 50% said visibility into applications and data assets was the game changer.
Not every respondent was satisfied with the progress made, though. According to the report, 23% said their organisation's cyber resilience had not improved. About 42% attributed it to the lack of adequate budget, 40% feel it's because they couldn't retain skilled people, while 31% hold poorly configured cloud services accountable.
Experts believe complexity is a huge bottleneck and weakens the ability of firms to handle cyberattacks effectively. Those surveyed said their organisation was using 45 tools on average.
Globally, IT leaders from organisations using more than 50 tools rated themselves 8% lower in their ability to detect an attack, and 7% lower in terms of responding to an attack compared with those who used fewer tools.
While Indian organizations have shown improvement in terms of their cyber resiliency by hiring skilled professionals and overall planning, a lot more needs to be done to manage the dynamic cybersecurity landscape, feels Vikas Arora, VP, IBM Cloud & Cognitive Software & Services, IBM India and South Asia.
"Organizations need to look at testing their cybersecurity incident response plan regularly and leverage technologies such as automation, cloud, AI, and interoperable solutions to help sail through any unforeseen situation," added Arora.
The report says 56% of respondents in India said their organisation had experienced a data breach involving theft of more than 1,000 records carrying sensitive customer or business information over the last 2 years. Around 46% had witnessed a cybersecurity incident leading to business disruption.
Though 79% feel automation and machine learning (ML) can strengthen cyber resilience, when it comes to reviewing and testing the cybersecurity incident response plan, it was found that 41% do it once every year, 30% had no fixed time for it and 16% have never done it since the plan was implemented.
For the survey, IBM and Poneman Institute interviewed more than 3,400 security and IT professionals from various countries, including US, India, Germany, United Kingdom, Japan, Australia, France and Canada.