India Inc. continues to remain vulnerable to cyber-attacks: EY Survey

Despite 53% of those surveyed by EY’s Global Information Security Survey Report (GISS) 2020: India edition, admitting to having experienced a significant cyber breach in the past 12 months, Indian organizations are reluctant to invest in their cybersecurity architecture.

This year’s survey underlines a significant increase in the number of destructive attacks faced by respondents with 72% citing that attacks have become more frequent over the past 12 months, including the 38% who reported an increase of more than 10%. While most businesses continue to remain vulnerable with 59% stating that they are unlikely to detect a sophisticated cyber-attack, only 31% said that their cybersecurity team is involved right from the start of a new business initiative. A key finding indicates that many cybersecurity teams continue to play a secondary role in the business, instead of taking centre stage.

The survey captures the responses of 190 organizations across India and examines some of the most compelling cybersecurity issues facing businesses today in the digital ecosystem.

However, the survey also brings to light those boards and senior management teams are engaging more intimately with cybersecurity and privacy matters as the threat continues to loom large. 73% of the boards and executive management teams perceive cyber risk to be a significant threat to the organization while 68% of organizations have a chief of cybersecurity who sits on the board or at executive management level.

Cybersecurity spending currently is driven by defensive priorities rather than innovation and transformation. The findings highlight that 82% of the spends on new initiatives are focused on risk or compliance rather than opportunity whereas only 7% organisations described cybersecurity as an innovation enabler.

“The COVID-19 crisis has introduced new challenges for CIOs and CISOs in the areas of business continuity, remote collaboration and communication. The pandemic is proving to be not only a health, economic, political or social hazard but also a cybersecurity scare. Digital hygiene is the need of the hour and CISOs need to protect organizations from disruptive attacks by adopting a ‘Security by Design’ approach. This can help organizations navigate risks involved in the transformation process with equal focus on product or service design at the onset,” said Murali Rao, Partner & Cyber Security Leader, EY India.