Cyber security: 32% of Indian firms see careless, unaware employees as the biggest vulnerability, reveals EY survey

There is hardly any IT or IT-related event in which PM Narendra Modi has participated and not spoken on Cyber Security; such is the importance of the issue. Digital India is PM Narendra Modi's one of the most ambitious projects, and the success of this project is highly dependent on Cyber Security. To shed more light on Cyber Security, EY, an organisation dealing in assurance, tax, transaction and advisory services, on Thursday launched the 21st edition of Global Information Security Survey (EY GISS) 2018-19 - India edition at The Imperial Hotel of New Delhi. The details, key findings and insights of EY’s GISS 2018-19 – India edition was made public in presence Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India.

According to EY’s GISS 2018-19 – India edition, one of the highest number of cyber threats were detected in India, and the country ranks second in terms of targeted attacks. "Cybersecurity has become a boardroom concern for organizations across verticals, revenue bands and geographies," as per EY’s GISS 2018-19 – India edition.

EY’s GISS 2018-19 – India edition

The survey captures responses of 230 C-suite leaders. These C-suite leaders represent India’s most recognised organisations with revenues ranging from less than $10 mn to over $10 bn.

Speaking on the occasion, Dr. Gulshan Rai said, “Cyber is a man-made domain, unlike sea, land and air space. And, this domain is becoming even more complex with every passing day. Hence, keeping all this mind Cyber Security becomes of foremost importance." "We are accelerating towards becoming a trillion-dollar digital economy. Thus, building the right framework for cyber resilience and security is critical for India. 

"The need of the hour is to enable and foster a cyber-secure culture and ecosystem. The Government on its part has taken a number of initiatives in this direction; however, the involvement of each citizen and all organizations to make it a collective and coordinated movement is must for the success of the cyber secure eco system," he further added.

PHOTO DESCRIPTION: (From Left to Right) -  Jaspreet Singh, Partner - Cyber Security, EY India; Burgess Cooper, Partner - Cyber Security, EY India; Gulshan Rai, Cyber Security Chief, PMO, Govt of India, Rishi Rajpal, Director - Global Security, Concentrix; Seema Bangera, Director - Information Security, Intelenet Global Services; Sanjay Gogia, VP - Information Security, Aricent Technologies

Burgess Cooper, Partner - Cyber Security, EY India, commenting on the findigs of EY’s GISS 2018-19 – India edition, said, "In comparison to the previous years, organisations are planning to spend more on cybersecurity." 

"There is a growing realisation that security is also about maintaining the continuity of business operations — and not restricted to only security of data and privacy, due to rise in digital movement and subsequent exponential increase in data generation," Cooper added.

Key findings of EY’s GISS 2018-19 – India edition:-

• 70% of Indian organizations plan to increase their cybersecurity budgets
• 62% of the boards are taking active steps to strengthen their cyber security understanding
• 46% of the boards/senior management has a comprehensive understanding of information security, higher compared to 38% last year
• 32% of Indian organizations see careless/unaware employees as the biggest vulnerability
• More than half (53%) of the organizations are spending on cyber analytics
• Only 19% of Indian organizations have sufficient budgets to provide the level of cybersecurity and resilience they want

 Major challenges highlighted by the survey:-

• The survey highlights major challenges that limit the value delivery as well as the operational effectiveness and efficiencies of the information security function 
• Skills shortage has emerged as a key overarching problem 
• 69% of organizations say their information security function is at least partially meeting their needs
• 70% of the organizations agree that their information security function needs improvement
• 32% respondents have cited careless or unaware employees as their topmost vulnerability with the most increased risk exposure
• 46% of respondents have no program – or an informal program 

Sector insights from EY’s GISS 2018-19 – India edition:-

• 87% of the organizations in the Technology sector, and 70% of the organizations in the telecom sector regard careless employees as the most likely source of attack
• 84% of Consumer products and Retail brands do not have a functional Security Operations Centre (SoC). Additionally 90% them do not have a direct representation for information security at the board level
• 25%-50% of additional funding is required over existing security budget to better protect against emerging threats by 100% of Telecom organizations, 92% of Technology organizations, and 58% of Power and Utilities organizations. However, 75% of the organizations in the Consumer products and Retail have identified that more than 50% of the additional funding over existing security is required
• Almost 75% of organizations in the Power and Utilities sector have reported an absence of adequate or formal programs for threat intelligence, vulnerability identification, breach detection and incident response

Further, reacting to the findings of  EY’s GISS 2018-19 – India edition, Dr Rai said that in future CEOs who will have sound knowledge of technology will be able to contribute better to the organisations because the in-depth understanding technology and cyber security will bring in more investments.