Indian organisations are reluctant to invest in their cybersecurity architecture, despite 53 per cent of those surveyed by EY’s Global Information Security Survey Report (GISS) 2020: India edition, admitting to having experienced a significant cyber breach in the past 12 months.
This year’s survey underlines significant increase in the number of destructive attacks faced by respondents with 72 per cent citing that attacks have become more frequent over the past 12 months, including the 38 per cent who reported an increase of more than 10 per cent. While most businesses continue to remain vulnerable with 59 per cent stating that they are unlikely to detect a sophisticated cyber-attack, only 31 per cent said that their cybersecurity team is involved right from the start of a new business initiative. A key finding indicates that many cybersecurity teams continue to play a secondary role in the business, instead of taking centre stage.
However, the survey also brings to light that boards and senior management teams are engaging more intimately with cybersecurity and privacy matters as the threat continues to loom large. 73 per cent of the boards and executive management teams perceive cyber risk to be a significant threat to the organisation while 68 per cent of organisations have a chief of cybersecurity who sits on the board or at executive management level.
The survey captures the responses of 190 organisations across India and examines some of the most compelling cybersecurity issues facing businesses today in the digital ecosystem.
Commenting on the development, Murali Rao, partner and cyber security leader, EY India, said “The Covid-19 crisis has introduced new challenges for chief information officers (CIO) and chief information security officers (CISO) in the areas of business continuity, remote collaboration and communication. The pandemic is proving to be not only a health, economic, political or social hazard but also a cybersecurity scare. Digital hygiene is the need of the hour and CISOs need to protect organisations from disruptive attacks by adopting a ‘Security by Design’ approach. This can help organisations navigate risks involved in the transformation process with equal focus on product or service design at the onset.”
Cybersecurity spending currently is driven by defensive priorities rather than innovation and transformation. The findings highlight that 82 per cent of the spends on new initiatives are focused on risk or compliance rather than opportunity whereas only 7 per cent organisations described cybersecurity as an innovation enabler.
Further, Burgess Cooper, partner, cyber security, EY India, said, “COVID-19 has not only changed the way we live and operate but has also challenged businesses to either evolve faster than ever or perish. As organisations settle into the new-normal, CIOs or CISOs will play an increasingly important role in accelerating the adoption of cyber security and driving it as a key business enabler.”
The findings highlight trust and increased collaboration between all business functions as the critical catalysts for driving cyber security as a business enabler in the new normal. This is an area that needs to be given higher focus as 69 per cent continue to cite that the relationship between cybersecurity and the lines of business is at best neutral, to mistrustful or non-existent. While the need of the hour is to enable crisis response on imminent cyber threats, in the medium-term, cybersecurity professionals stand an opportunity to build trust through collaboration in the accelerated digital transformation that businesses will undergo.