63% of Indian businesses worry about cyberthreats due to staff error
68 per cent organisations are concerned about employees conducting malicious activities.
- Cyber security, anti-bullying feature: Experts happy with Instagram's new updates
- Use strong passwords, avoid suspicious links: How senior citizens can stay safe in cyber space
- Most laptops, desktops vulnerable to cyber attacks through plug-in devices
- What's your digital data worth? Cyber-security experts say less than Rs 3,580
Why? Across India, the majority (66 per cent) of business decision makers believe lack of security expertise is a challenge for their organisation. There is also a wider issue at play according to the: employee attitude and behaviour, which can impact corporate cyber-security.
As much as 90 per cent of Indian organisations believe the biggest challenge to their security in the next 24 months will be improving cyber-security awareness and education among employees. In fact, 30 percent of Indian organisations said they will be outsourcing and conducting in-house skill development, training, and awareness for their employees in the next 24 months to improve their cyber-security.
Budget for security
In India, two-in-five (43 per cent) organisations have a dedicated cyber-security budget – in most cases budgets are included as part of other broader IT spend. Organisational IT security structures are diverse — one third of those surveyed have a dedicated CISO (Chief information security officer), another third sees cyber-security led by an IT leader, and the remainder gives responsibility to another executive, such as the CTO. The majority of organisations continue to keep most capabilities in-house and only in a few areas such as penetration testing and training, does outsourcing become a more common approach.
Change is around the corner
Only 19 per cent of Indian organisations are regularly making significant changes to their cyber-security approach, with some (38 per cent) intending to make changes to their security approach in the next six to 24 months. In line with this approach, 79 per cent of Indian business decision makers would want to adopt deeply-integrated or synchronized security solutions that can detect, investigate and respond to cyber-threats.
What can we do?
“As the threat landscape evolves, businesses too need to advance their defense mechanisms with synchronized security solutions that are designed to strengthen their cyber-security posture,” said Sunil Sharma, managing director, sales, Sophos India & SAARC. “Cyber-security is a shared responsibility and while IT teams must be proactive in their response to cyber-threats; aware and knowledgeable employees and leadership teams pave the way for organisations to better detect, protect and respond.”
“IT teams should also not shy away from tough discussions on the impact of breaches they have faced and instead leverage them with their CEOs to help invest in predictive synchronized security for their business,” he added.
- 90 per cent of Indian organisations challenged with employee and/or leadership cyber-security awareness and education
- 63 per cent of Indian businesses concerned about being exposed to cyber-threats due to employee error
- 68 per cent concerned about employees conducting malicious activities
- Only 19 per cent of Indian businesses considered making a significant change in their cyber-security posture within the last six months even though one-third of businesses surveyed said that their organisation faced a security breach in the last 12 months
- Lack of security expertise makes it difficult for 59 per cent of Indian businesses to detect, investigate and respond to cyber-security incidents
- 79 per cent of Indian businesses keen to deploy deeply-integrated products capable of synchronizing cyber-security to detect, investigate and respond to cyber-security incidents