Employee and customer records continue to be the top targets of cyber attacks.
New Delhi, October 20, 2014 – The average cost of a security incident for Indian companies has more than doubled from $194 in 2013 to $414 in 2014 and there has been a 20 per cent increase in the average losses as a consequence. However, even as information security breaches become more frequent and damaging, Indian companies have reduced the average security spending from $4.8 million in 2013 to $4 million in 2014.
As organisations move ahead and embrace new technologies without fully comprehending the implications, they are becoming susceptible to an array of cyber-security threats and these threats today have become increasingly complex. Even with the growing impact that cyber security incidents can have on the entire enterprise, boards of organisations remain oblivious and continue to treat cyber security as an IT problem. This was revealed in PwC’s ‘State of the Information Security Survey- India 2015’.
Current and former employees have been cited by respondents to the survey as the most common causes of incidents.
Sivarama Krishnan, executive director and leader - India Cyber Security, Governance Risk and Compliance Services, said, “Cyber security is no longer an issue that concerns only IT and security professionals. The impact has extended to the C-suite and boardroom. It is now a persistent business risk. Awareness and concern about such security incidents and threats are a priority for the consumers as well”.
“At the heart of organisational security is the ‘human parameter.’ Organisations in India need to increase engagement levels with employees to manage this better”, he added.
Some of the key findings of the survey are detailed below:
The future of cyber-security in India will involve a tripartite model wherein the government, the organisation and the individual work in tandem to secure information and information assets in a concerted unified manner. This will require enhanced collaboration and communication of security posture among individuals, executives and industry organisations, as well as potential future improvements in legal exposure and assistance in regulatory compliance.
Notes to the Editor:
About the Global Information Security Survey 2014
This survey was conducted as part of PwC’s Global State of Information Security Survey © 2015. The Indian edition of this survey is based on the responses from over 350 C-suite executives, vice presidents and directors of IT and information security, across 17 industries. The margin of error is less than 1% and all figures and graphics in this report have been sourced from survey results.
Respondents can be clubbed into the following four major industry verticals:
Around 30% of our respondents had annual gross revenues of over 1 billion USD, and another 30% (approx.) had revenues between 100 million USD and 1 billion USD. Almost a third of our respondents were small enterprises with annual gross revenues of less than 100 million USD, making it an inclusive survey with a distributed respondent base.
About PwC
PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting us at www.pwc.com
In India, PwC has offices in these cities: Ahmedabad, Bangalore, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune. For more information about PwC India's service offerings, visit www.pwc.in
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.