According to the EY Global Information Security survey, companies are lacking agility, budget and skills to mitigate known vulnerabilities
Even as the threat landscape for cyber attacks is expanding on a rapid scale, about one-third organisations in India have no real-time insight on cyber risks necessary to combat these threats, a survey by global consultancy firm EY has found.
According to the EY Global Information Security survey, companies are lacking agility, budget and skills to mitigate known vulnerabilities and successfully prepare for and address cybersecurity.
About 32.14 per cent of the respondents in India said their organisation's total information security budget will stay approximately the same in the coming 12 months despite increasing threats.
More than half (54.55 per cent) of the respondents said they are facing rising threats and 50.91 per cent said they are facing rising vulnerabilities in their information security environment.
About 60 organisations from India were a part of this year's survey, which saw participation from about 1,825 organisations globally across 60 countries.
"Careless or unaware employees" emerged as the number one vulnerability faced by companies (54.1 per cent), while outdated information security controls or architecture and unauthorised access were second and third (40.9 per cent and 22.7 per cent, respectively).
Fraud and cyber attacks to steal intellectual property or data were the top two threats (27.3 per cent and 18.2 per cent, respectively) as per the respondents.
Cyber attacks have the potential to be far-reaching - not only financially, but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non- compliance, EY India Partner and Leader Info Security Devendra Parulekar said.
"Organisations will only develop a risk strategy of the future if they understand how to anticipate cybercrime. They must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries," he added.
He said too many organisations still fall short in mastering the foundational components of cybersecurity.
"Too many of the organisations we surveyed reveal they do not have a security operations centre. This is a major cause for concern," he said.
About 33.93 per cent respondents said mobile technologies will be a high priority for their organisation in the coming 12 months.
Another 46.3 per cent indicated higher security budget and investment in the coming year to prevent threats due to mobile technology in their security architecture.