In the wake of growing cyber threats and targeted attacks, cybersecurity has become a boardroom concern for organizations across verticals, revenue bands and geographies, cites EY’s Global Information Security Survey (EY GISS) 2018-19 – India edition.
Speaking at the launch of the report, Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India said, “As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country. The need of the hour is to enable and foster a cyber-secure culture and ecosystem. The Government on its part has taken a number of initiatives in this direction; however, the involvement of each citizen and all organizations to make it a collective and coordinated movement is must for the success of the cyber secure eco system.”
The latest EY GISS India edition captures responses of 230 C-suite leaders and the findings reveal that in India, while 62% of the boards are taking active steps to strengthen their cybersecurity understanding only 46% of boards or executive management teams have a comprehensive understanding of information security to fully evaluate cyber risks and related preventive measures. The interest in cybersecurity reporting at board level has grown from attempts to understand technology to the point where boards now have a fiduciary responsibility to manage cybersecurity risk. However, only in 30% of organizations surveyed, board members are taking the ultimate responsibility for cybersecurity.
Commenting on the findings, Burgess Cooper, Partner – Cyber Security, EY India said, “In comparison to the previous years, organizations are planning to spend more on cybersecurity, devoting more resources for improving their defences, and working harder to embed security-by-design. With the rise in digital movement and subsequent exponential increase in data generation, there is a growing realization that security is also about maintaining the continuity of business operations — and not restricted to only security of data and privacy.”
The survey highlights that while 70% of Indian organizations plan to increase their cybersecurity budgets, only 19% have a sufficient budget to provide the levels of cybersecurity and resilience as required. Furthermore, the survey reveals that 69% of organizations are still spending a very limited portion of their overall IT budget on cybersecurity with a lower level of awareness of where their most critical information and assets are, and inadequate safeguards to protect these assets.