Indian enterprises are not confident about their ability to sense, resist and respond to cyber security threats, says a recent survey report by the global professional services firm EY.
According to the report, 75 per cent of Indian respondents felt that their cyber security functions do not fully meet the organizations' needs. EY surveyed 1,735 global C-suite executives, including 124 CXOs from India. However, the report says 69 per cent of Indian respondents also reported an increase in their cyber security budgets in the past 12 months, while almost 75 per cent expected the budgets to go up further in 2017.
The survey also revealed that outdated information, security architecture and controls have increased the risk exposure for India Inc., with as many as 61 per cent of respondents citing it as their topmost vulnerability. They are also concerned with careless employees or people who did not keep themselves abreast with recent developments.
Other vulnerabilities that enterprises are concerned about include unauthorized access (52 per cent), vulnerabilities related to mobile computing use (43 per cent), social media use (42 per cent) and cloud computing use (40 per cent).
The threats India Inc. is most concerned about are cyber-attacks that disrupt or deface organisations, steal intellectual property or data, fraud, internal attacks, espionage, malware, zero-day attacks, phishing, and acquire information on finances, natural disasters, and spams.
The survey highlighted that most enterprises are not giving enough attention in building essential capabilities to protect themselves from cyber threats - 55 per cent do not have a formal, threat intelligence programme, while 44 per cent do not have vulnerability identification capability. Further, more than a third does not have a security operations center to continuously monitor the systems.
The Indian respondents said management and governance issues (42 per cent), lack of quality tools for managing information security, and lack of executive awareness and support (41 per cent) were the main challenges for information security operations. About 38 per cent believed that the boards are not knowledgeable about cyber risks