Over a third of organisations in India (31.48 per cent of respondents) have no real-time insights to combat cyber risks, even as most firms (54.55 per cent) are facing rising threats, according to an EY study.

About 50.9 per cent of organisations face rising vulnerabilities in their information security risk environment, says EY’s annual Global Information Security survey, Get Ahead of Cybercrime, released today.

“Organisations will only develop a risk strategy of the future if they understand how to anticipate cybercrime. Cyber attacks have the potential to be far-reaching – not only financially - but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non-compliance,” said Devendra Parulekar, Partner & Leader, Info Security, EY India.

“Organisations must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries,” he added.

The study surveyed 60 organisations in India, while 1,825 organisations were interviewed across 60 countries.

According to the survey, companies lack agility, budget and skills to mitigate known vulnerabilities and successfully prepare for and address cyber security.

About 32.14 per cent of respondents in India say that their organisation’s total information security budget will stay about the same in the coming 12 months despite increasing threats.


The biggest vulnerability, according to the survey, is ”careless or unaware employees”, with 54.1 per cent of respondents saying it is their first priority. ”Outdated information security controls or architecture” and “unauthorised access” are second and third respectively (40.9 per cent and 22.7 per cent).

Fraud and cyber-attacks to steal intellectual property or data are among the top two threats (27.3 per cent and 18.2 per cent).

About 33.93 per cent of the respondents said mobile technologies will be a high priority for their organisation in the coming 12 months, while 46.3 per cent have indicated a higher security budget and investment in the coming year to prevent threats due to mobile technology in their security architecture.

“Beyond internal threats, organisations also need to think broadly about their business ecosystem and how relationships with third parties and vendors can impact their security posture. It’s only by reaching an advanced stage of cyber security readiness that an organisation can start to reap the real benefits of its cyber security investments,” said Ken Allan, EY’s Global Information Security Leader.
