There is growing cybersecurity vulnerabilities in India, with nearly 8 in 10 IT and C-suite business leaders experiencing increased cyber-attacks on their firms in 2015, said a report on corporate data security practices.
According to the study, the Indian businesses are under increasing risk from serious cyber-attacks, with a third (33%) of the respondents expecting to be targeted within 90 days – a number higher than the Asia-Pacific region.
Conducted in the first quarter of 2016, by The Economist Intelligence Unit (EIU), with the prime objective to analyse the differences, if any, between the C-suite and senior IT executives on data security, the EIU surveyed 1,100 senior executives recruited from companies between $500 million and $5 billion in revenues, on data security practices within their firms.
The study was sponsored globally by US-based technology firm VMware.
A key finding from the study is the opposing view of the perceived importance of cybersecurity as a high-priority initiative in India. 32% IT leaders in India regard cybersecurity as their number one corporate priority, while only 8% of C-suite business leaders share a similar point of view. Similarly, while 36% of IT leaders believe security budgets will significantly increase in the next two years, only 21% of C-suite business leaders foresee likewise.
Critical risks identified by both groups were ‘unknown cyber threats that move faster than their defenses’, ‘resources and data that may unknowingly reside in the cloud’, ‘employees who are careless or untrained in cybersecurity’, and ‘illegitimate users and devices accessing corporate networks’.
According to the study, the leaders in India are more concerned about the ‘theft of customer data’ than their regional counterparts, with four in 10 (31.8%) believing that this could cause the greatest harm to their businesses.
As cyber threats grow in sophistication, any gaps in security resulting from a ‘disconnect’ between C-suite and IT leaders can lead to the loss of intellectual property, competitive positioning and customer data, said the report.
The report suggest that IT leaders must become more conversant with business risks and objectives. By having deeper conversations and translating cyber risks into business terms, IT leaders can justify requests for more investment in security. The C-suite can then better understand the business implications associated with evolving threats and make informed decisions around strategy and budgets.