How true is this picture IT experts that I checked with bristle at such allegations and believe that foreign media reports tend to paint all IT companies with the same brush. That is definitely true.
For instance, Infosys points out that most Indian companies which serve multinational corporations from the developed world (and they are the ones who matter) have an information security framework and implementation aligned with globally accepted security standards, such as BS 7799. They also have Global Business Continuity plans that are operational and tested. Infosys is the first company to be assessed as compliant under the Technical Reference standards of the Singapore Standards Body. It also has dedicated IT security teams to review organisational security on an ongoing basis.
But then, Infosys and a few dozen others are exceptional companies. Prakash Hebalkar, president of Profitech, says Security preparedness is as much a matter of technology as mindset. The first is usually on offer directly, but the second is harder, as the CEOs of many banks are not IT-savvy and tend to brush these things away as unduly alarmist. On the other hand, the ministry of finance has regular security audits. So standards vary, both among Indian companies that are heavy users of Information Technology (IT), as well as IT and BPO operations.
IT experts also refute the Global Security Surveys comment that nearly one in three Indian organisations suffered some financial loss because of a cyber attack last year, compared with one out of five worldwide and one out of eight in the United States. They say that while IT security is always a serious concern, there have been only been a handful of data security incidents in the past three years, of which two led to financial losses. More importantly, the perpetrators were caught very quickly in each case.
Few companies initiate strict action against employees who fudge academic qualifications or employment records, which is short-sighted
While this is all true, there is unfortunately a yawning chasm between, say, Infosys, Wipro and TCS on the one hand, and someone like Dinesh Dalmia at the other. Dalmia ran three BPO outfits in India, while absconding from this country and has cheated investors in the
US and UK to the tune of over $130 million. He is by no means the only dubious operator in India. If foreigners tend to generalise about security concerns while dealing with Indian firms, the fault also lies with us.
The industry and its trade bodies like Nasscom are entirely focused on image building, lobbying for the industry and focusing on less important issues such as resume ramping by employees. Few companies initiate strict action against employees who fudge academic qualifications or employment records, although such employees are most likely to be lured into data theft as well. Some think that background verification is protection enough. If the IT industry is irked by security concerns expressed by international firms, it must push for a cleansing and ensure that dubious companies are not allowed to ride the BPO bandwagon and tarnish Indias image.