Cyber security infrastructure in enterprises in India faces a startling deficit and there is a disconnect between executives and security teams, a report said on Friday.
Prepared by cyber security firm Websense and Ponemon Institute, the report, 'Exposing the Cybersecurity Cracks: A Global Perspective', also revealed that firms have limited visibility into attack activity.
"The report reveals that how better communication and information about cybersecurity, the right investment in skilled personnel and enabling technologies and the adoption of security measures will minimise risk of current and emerging cyber threats," Websense Regional Director SAARC Surendra Singh told PTI.
The study surveyed 545 IT and IT security practitioners in India with an average of 8 years experience in the field, he added.
The research was also conducted in 14 other countries -- the US, Canada, Australia, China, Hong Kong, Singapore, United Kingdom, Germany, France, Netherlands, Sweden, Italy, Mexico and Brazil.
According to the report's findings, 25 per cent of cyber security teams never speak with their executive team about cyber security. Of those that did, 25 per cent spoke just annually and 18 per cent spoke semi-annually. Just 1 per cent spoke weekly.
Sixty-seven per cent of respondents said they personally know another security professional whose firm had sensitive or confidential data stolen as a result of an insider threat, the report said. Sixty-four per cent say the data stolen by the insider was customer information and 59 per cent say intellectual property was stolen, it added.
Only 32 per cent of respondents believe their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission. In fact, 45 per cent of companies represented in this research do not provide cyber security education to their employees.
"Very few companies take steps internally to deal with new and emerging threats."
"When there is awareness about a new cyber threat, the primary response is to reach out to outsiders such as CERT, law enforcement and industry peers," the report said.
Fifty-five per cent say providers of security solutions hype the threats and risks companies face, while 63 per cent of respondents say their company very frequently or frequently has purchased a security solution that was a disappointment.
Singh suggested that firms need to eliminate uncertainty of cyber risks and invest in technologies that provide visibility and details about high-risk behaviour and attempted attacks.