/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsPwC India unveiled an assessment of the state of information security in organizations in India. The report is based on an analysis of responses from 738 respondents from 17 industries across the country.
The survey reflects the global mood as sombre, while indian organizations continue to be optimistic about improving their overall security environment through effective strategies and activities.
Slight dilution in implementation of information security technology and policy posture is an area of concern which needs to be addressed by corporate India.
Assessing Security Practices
45% of the respondents rate their organizations highly secure, saying their companies exhibit the attributes of information security leaders. Analysis reveals that only 15% of respondents’ organizations reflect attributes of true information security leaders.
A closer look at the data shows that many of the claims are overly optimistic. PwC categorized respondents according to the way they describe their approaches to security. 45% say their organizations have an effective strategy in place and are proactive in executing their plans.
28% say that they are better at getting the strategy right than executing the plan, 11% admit that they do not have an effective strategy in place and are typically in a reactive mode. Based on the qualifications, PwC analysis reveals that only 15% of the respondents from India rank themselves as true information security leaders.
It clearly indicates that many organizations overrate their security practices. 80% of the respondents have high confidence that their organizations have instilled effective security behaviours in their culture. However data reflects lack of general commitment to information security on the ground. While 37% are very confident and 43% are somewhat confident.
Assesing how Organizations Enhance their Capabilities:
75% respondents from India as compared to 45% of global peers expect an increase in spending on information security. 46% of the respondents reported that both economic environment and business continuity or disaster recovery were primary among the critical factors influencing security budgets. Regulatory complience is the key justification provided by executives for increase in information security spending.
The report states that while financial services companies are striving to maintain leadership in information security practices, telecom, information communications, and entertainment companies are gaining ground especially leading in information security strategies for new technologies–mobile, social media, cloud computing, etc. Consumer, industrial products and services too are improving their information security capabilities. While reported security incidents have increased three folds in India, financial losses due to security breaches have decreased significantly.
Yet, data avers that respondents do not measure losses completely. Almost 85% of respondents claimed a strong alignment of their security strategy with their business objectives. On the flip side there is a lag reported in the security strategy around new technologies including mobile devices, cloud, and social media.
Technology adoption is moving faster than security implementation for new technologies. Just 46% of respondents have a mobile security strategy, while strategies for the cloud (31%) and social media (37%) indicate lag in adoption rates.
The State of Information Security Survey, India, 2013, is the fifth edition of the survey which PwC has been publishing since 1999. This survey, over the years has chronicled the changing nature of risks, created awareness, and driven greater understanding of the information security landscape in India.
This year’s survey provides insights and analysis on aspects like information security behaviors in organizations, security priorities, security spending, safeguards, and security policies implemented by companies to secure their information assets.