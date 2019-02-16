By Express News Service

With the steady increase in cyber threats detected in India and rising targeted attacks, cybersecurity has become a boardroom concern for organisations across verticals, revenue bands and geographies.

As per the findings of EY’s ‘Global Information Security Survey (EY GISS) 2018-19’, 70 per cent of Indian organisations plan to increase their cybersecurity budgets. EY surveyed responses of 230 C-suite leaders representing India’s most recognised organisations with revenues ranging from less than $10 million to over USD 10 billion. In India, while 62 per cent of the boards are taking active steps to strengthen their cybersecurity understanding, only 46 per cent of boards or executive management teams have a comprehensive understanding of information security to fully evaluate cyber risks and related preventive measures.

According to the report, the interest in cybersecurity reporting at the board level has grown from attempts to understand technology to the point where boards now have a fiduciary responsibility to manage cybersecurity risk. However, only in 30 per cent of organisations surveyed are board members are taking an ultimate responsibility for cybersecurity.

“As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country. The need of the hour is to enable and foster a cyber-secure culture and ecosystem,” said Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India.

One of the most important findings of the survey was that while 70 per cent of Indian organisations plan to increase their cybersecurity budgets, only 19 per cent have a sufficient budget to provide the levels of cybersecurity and resilience as required. Furthermore, the survey reveals that 69 per cent of organisations are still spending a very limited portion of their overall IT budget on cybersecurity with low levels of awareness of their most critical information and assets are.

While organisations are focusing more on security, the availability of right talent is a major concern. About 56 per cent of the organisations consider cyber security as an integral part of their strategy and plans, but the skills shortage has emerged as a key overarching problem wherein even organisations from relatively well-resourced sectors are struggling to recruit the talent they require. The survey also said that 32 per cent respondents have cited careless or unaware employees as their topmost vulnerability with the most increased risk exposure over the last 12 months.

On a sectoral basis, 87 per cent of organisations in the technology sector, and 70 per cent in the telecom sector regard careless employees as the most likely source of attack.

“In comparison to previous years, organisations are planning to spend more on cybersecurity, devoting more resources for improving their defences, and working harder to embed security-by-design. With the rise in digital movement and subsequent exponential increase in data generation, there is a growing realisation that security is also about maintaining the continuity of business operations,” said Burgess Cooper, Partner, Cyber Security, EY India.

