Turnaround and Transformation in Cyber Security – India Update

Year after year, cyberattacks continue to escalate in frequency, severity and impact. However, prevention, detection methods, cybersecurity innovation and investments in cyber security are on the rise, as forward-leaning business leaders’ focus on solutions that reduce cybersecurity risks and improve business performance.

The Global State of Information Security Survey 2016, released by PwC in conjunction with CIO and CSO, examines how executives are looking towards new innovations and frameworks to improve security and mitigate enterprise risk.

As cyber risks become increasingly prominent concerns in the C-suite and boardroom, business leaders are rethinking cybersecurity practices and focussing on a nexus of innovative technologies that can reduce enterprise risks and improve performance. These technologies are yielding considerable opportunities to improve cybersecurity and produce holistic, integrated safeguards against cyberattacks.

While the number of incidents has risen significantly over the previous year, organisations in the country have ramped up investments to combat the menace.

Sivarama Krishnan, Leader- Cybersecurity, PwC India said, “Cybersecurity is indispensable. Organisations in India are looking towards innovative cybersecurity solutions, and we have seen a 25% compound annual growth rate (CAGR) in security budgets over the past five years, which support this trend.”

Connected to the emergence of cloud-based systems, Big Data and Internet of Things (IoT) are ascendant technologies that present a host of cyber challenges and opportunities. In the case of Big Data, often considered a cyber liability, 49% of respondents are leveraging data-powered analytics to enhance security by shifting it away from perimeter-based defences, and enable organisations to put real-time information to use in ways that create real value.

Krishnan added, “Not only are leaders adopting innovative solutions, but even fundamental security technologies and practices have seen wider acceptance, and organisations have evolved to master the basics. This has improved security postures of organisations throughout the country.

Some of the key findings of the survey are:

• Security incidents and their impact soars: The average number of information security incidents detected by respondents increased by 117% over the previous year, increasing from 2895 last year to 6284 this year. Attacks on industrial control systems (ICSs) and consumer technologies showed a marked increase. Losses as a result of incidents also surged by 135% over the previous year, and the average cost per incident increased by close to 8%.

• Information security spending increases: Respondents have boosted the information security outlay significantly, reversing last year’s slight drop. They enlarged their budgets by 71% this year. Security budgets have seen a CAGR of 25% over the past five years.

• Organisations look to innovative cybersecurity solutions: Over 70% of respondents employ cloud-based security solutions, which have emerged as an effective way for organisations to efficiently combat cyber threats. Security analytics and identity and access management have been viewed as the most popular cloud based tools.

Organisations are also deploying Big Data analytics to manage insider threats; almost 28% have plans to employ Big Data analytics for improving security in the next 12 months.

• Security fundamentals get a fillip: A vast majority of organisations (81%) have adopted a security framework, or, more often, an amalgam of frameworks. Such frameworks help organisations identify and prioritise risks, detect and mitigate security incidents, gauge the maturity of their
  
  cybersecurity practices, and better communicate and collaborate internally and externally.

• Evolving cybersecurity roles: As many as 63% of the respondents have a CISO (insert full form) in charge of the security programme. The CISO has played an important role in communicating the importance of cybersecurity to the C-suite and the board. Over 61% of respondents believe that their boards are vigorously involved in formulating the overall information security strategy; this figure is significantly higher than the global average of 45%.

• Third-party security focus not yet pervasive: While almost 50% of the respondents cited suppliers and customers as likely sources of incidents, little has been done to strengthen controls around third parties. Only 55% of the respondents conduct compliance audits to check safeguards for personally identifiable information (PII), and even fewer require third parties to comply with the organisation’s security policies.