Indian organizations are reluctant to invest in their cybersecurity architecture, despite 53% of those surveyed by EY’s Global Information Security Survey Report (GISS) 2020: India edition, admitting to having experienced a significant cyber breach in the past 12 months.
This year’s survey underlines significant increase in the number of destructive attacks faced by respondents with 72% citing that attacks have become more frequent over the past 12 months, including the 38% who reported an increase of more than 10%. While most businesses continue to remain vulnerable with 59% stating that they are unlikely to detect a sophisticated cyber-attack, only 31% said that their cybersecurity team is involved right from the start of a new business initiative. A key finding indicates that many cybersecurity teams continue to play a secondary role in the business, instead of taking centre stage.
However, the survey also brings to light that boards and senior management teams are engaging more intimately with cybersecurity and privacy matters as the threat continues to loom large. 73% of the boards and executive management teams perceive cyber risk to be a significant threat to the organization while 68% of organizations have a chief of cybersecurity who sits on the board or at executive management level.
The survey captures the responses of 190 organizations across India and examines some of the most compelling cybersecurity issues facing businesses today in the digital ecosystem.
Murali Rao, Partner & Cyber Security Leader, EY India said “The COVID-19 crisis has introduced new challenges for CIOs and CISOs in the areas of business continuity, remote collaboration and communication. The pandemic is proving to be not only a health, economic, political or social hazard but also a cybersecurity scare. Digital hygiene is the need of the hour and CISOs need to protect organizations from disruptive attacks by adopting a ‘Security by Design’ approach. This can help organizations navigate risks involved in the transformation process with equal focus on product or service design at the onset.”
Cybersecurity spending currently is driven by defensive priorities rather than innovation and transformation. The findings highlight that 82% of the spends on new initiatives are focused on risk or compliance rather than opportunity whereas only 7% organisations described cybersecurity as an innovation enabler.
Burgess Cooper, Partner – Cyber Security, EY India said, “COVID-19 has not only changed the way we live and operate but has also challenged businesses to either evolve faster than ever or perish. As organizations settle into the new-normal, CIOs or CISOs will play an increasingly important role in accelerating the adoption of cyber security and driving it as a key business enabler.”
The findings highlight trust and increased collaboration between all business functions as the critical catalysts for driving cyber security as a business enabler in the new normal. This is an area that needs to be given higher focus as 69% continue to cite that the relationship between cybersecurity and the lines of business is at best neutral, to mistrustful or non-existent. While the need of the hour is to enable crisis response on imminent cyber threats, in the medium-term, cybersecurity professionals stand an opportunity to build trust through collaboration in the accelerated digital transformation that businesses will undergo.