Faced with rise in malicious cyber attacks that try to steal critical data, Indian firms will spend over Rs 25 crore (Rs 250 million) on average on information security this year, a study by global consulting firm PwC revealed.
According to PricewaterhouseCoopers's the State of Information Security Survey 2014, spending by companies marks a 100 per cent increase compared to 2012. "Indian companies are spending more than Rs 25 crore on information security as they are reporting an increase in security incidents. This marks a 100 per cent increase in firms spending above this amount, compared to 2012," it said.
The survey, PwC's sixth in India, was conducted as part of Global State of Information Security Survey 2014 by PwC, CIO magazine and CSO magazine. It covered 624 CEOs and senior management from across 17 industry sectors in India, it added. There has been 98 per cent increase in the number of information security incidents in May-June 2013 compared to the same time in 2012, when 2,989 such incidents were reported by the respondents, it said.
PwC's evaluation, based on criteria like effectiveness of strategy, evaluation of security events and so on revealed that only 38 per cent of respondents covered can be considered as having advanced security system in place, the report revealed. "Survey results show that focus on emerging technologies and safeguards is the route to improvement. Organisations must identify most valuable assets and prioritise protection," said PwC India Leader (Information Technology Risk Management) Sivarama Krishan.
Security incidents should be seen as a critical business risk that may not always be preventable, but can be managed to acceptable levels, he added. Compared to global figures, India is playing catch-up in deploying safeguards like behavioural profiling, monitoring, security information and event management technologies and threat intelligence, the report said.
Globally, China has the advantage in implementation of technology safeguards to protect against today's dynamic threats, it added. While, Russia also shows solid progress in deployment of safeguards that monitor data and assets, it is the US which leads the tally, it said.
"Companies used traditional safeguards like firewall, etc, but now they are also using analytics to analyse the threats. However, India is still behind in the use to such techniques to check intrusions," Krishan said. Enterprise mobility and cloud services are gaining greater traction with organisations in India. Yet information security for mobile devices and cloud services lags behind adoption rates, the survey said.
"Less than 50 per cent of respondents claim that their organisations have fundamental information security controls for mobile security and even less than 20 per cent have policies addressing use of mobile phones," it added.