32 pct careless employee, 21 pct outdated security at risk of cyber attack: Report
- Country:
- India
"Careless or unaware" employees have been rated as the biggest vulnerability for increased risk exposure of enterprises, followed by factors like outdated security controls and unauthorised access, according to a report by EY. The EY Global Information Security Survey 2018-19 India edition found that about 32 per cent respondents attributed "careless or unaware employees" as the leading vulnerability with the most increased risk exposure over the past 12 months.
This was followed by factors like outdated security controls (21 per cent), unauthorised access (19 per cent), related to cloud computing use, smartphones/tablets and social media (8 per cent each) and related to the Internet of Things (4 per cent). Interestingly, 87 per cent of the organisations (surveyed) in the technology sector and 70 per cent in the telecom sector put careless employees as the most likely source of the attack, with the fear of losing their most valuable information - personally identifiable information of customers.
The survey includes responses from 230 C-suite leaders from various organisations in India across sectors like consumer products and retail, government and public sector, banking, health, automotive, media and entertainment, power and real estate. About 70 per cent of the organisations said they plan to increase their cybersecurity budgets next year, but only 19 per cent said they have sufficient budget to provide the levels of resilience required.
EY India Partner Burgess Cooper said while spending on cybersecurity depends on various factors including the size of the organisation and scope of work, it ranges between 3.5-8.5 per cent of the annual tech budget. National Cyber Security Coordinator in the PMO Gulshan Rai, who unveiled the report, said companies have enhanced their security spending by 15-20 per cent over the last year.
"With the rise in digital movement and subsequent exponential increase in data generation, there is a growing realisation that security is also about maintaining the continuity of business operations - and not restricted to only security of data and privacy," Cooper said. The report said in India, 62 per cent of the boards are taking active steps to strengthen their cybersecurity understanding, but only 46 per cent of boards have a comprehensive understanding of information security to fully evaluate cyber risks and related preventive measures.
Citing multiple sources, the report said 6.95 lakh cyber attacks were identified in India between January-June 2018 and the country ranked third (after the US and China) as the most vulnerable nation in terms of risk of cyber threats in 2017. The average cost of a data breach in 2017 was estimated to be about USD 1.7 million. The report said while a large number of organisations consider cyber security as an integral part of their strategy and plans, skill shortage has emerged as a key challenge.
(With inputs from agencies.)
- READ MORE ON:
- Employees Only
- Employee benefits
- Employees' State Insurance
- Registered training organisation
- Organizational structure
- National Health Service
- Piramal Enterprises
- Lee Enterprises
- Rush Enterprises
- Qualitative research
- Opinion poll
- Survey methodology
- Companies House
- Companies Office
- Moving company
- iPhone 6
- Samsung Galaxy Note 5
- Sony Mobile
- Graphics tablet
- Tablet computer
ALSO READ
"Muslim organisations have no fear regarding CAA," BJP leader Shahnawaz Hussain
Yahsat, UAE, to bring satellite connectivity to standard smartphones
Marine organisation reports missiles flying over ship near Yemen's al Hudaydah
Samsung Holi Sale kicks off Friday; up to 60% off on Galaxy smartphones
IUML, other Muslim organisations to move ECI seeking change in LS poll date which falls on Friday