Indian organisations lack skills to combat cybercrime: Survey
New Delhi: Even as the threat landscape for cyber-attacks is expanding on a rapid scale, about one-third organisations in India have no real-time insight on cyber-risks necessary to combat these threats, a survey by global consultancy firm EY has found.
According to the EY Global Information Security survey, companies are lacking agility, budget and skills to mitigate known vulnerabilities and successfully prepare for and address cyber-security.
About 32.14 percent of the respondents in India said their organisation's total information security budget will stay approximately the same in the coming 12 months despite increasing threats.
More than half (54.55 percent) of the respondents said they are facing rising threats and 50.91 percent said they are facing rising vulnerabilities in their information security environment.
About 60 organisations from India were a part of this year's survey, which saw participation from about 1,825 organisations globally across 60 countries.
"Careless or unaware employees" emerged as the number one vulnerability faced by companies (54.1 percent), while outdated information security controls or architecture and unauthorised access were second and third (40.9 percent and 22.7 percent, respectively).
Fraud and cyber-attacks to steal intellectual property or data were the top two threats (27.3 percent and 18.2 percent, respectively) as per the respondents.
Cyber-attacks have the potential to be far-reaching - not only financially, but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non-compliance, EY India Partner and Leader Info Security Devendra Parulekar said.
"Organisations will only develop a risk strategy of the future if they understand how to anticipate cybercrime. They must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries," he added.
He said too many organisations still fall short in mastering the foundational components of cyber-security.
"Too many of the organisations we surveyed reveal they do not have a security operations centre. This is a major cause for concern," he said.
About 33.93 percent respondents said mobile technologies will be a high priority for their organisation in the coming 12 months.
Another 46.3 percent indicated higher security budget and investment in the coming year to prevent threats due to mobile technology in their security architecture.