Indian companies start investing in cyber security as incidents skyrocket: Global State of Information Security® Survey 2016 by PwC, CIO and CSO

• Indian companies start investing in cyber security as incidents skyrocket, according to the Global State of Information Security® Survey 2016, done by PwC, CIO and CSO There was a 117% increase in detected information security incidents in India (globally, this figure is 39% ) and a 71% boost in security budgets in 2015
• Financial losses as a result of cyber incidents increased by 135% over the previous year- a steep rise compared to the trend of 20-30% over the years before
• An increasing number of organisations are now adopting cloud-based security models to manage cyber threats. Over 71% respondents use some form of cloud based security tools, such as, analytics, advanced authentication and identity & access management

New Delhi, 13 October 2015: Year after year, cyberattacks continue to escalate in frequency, severity and impact. However, prevention, detection methods, cybersecurity innovation and investments in cyber security are on the rise, as forward-leaning business leaders’ focus on solutions that reduce cybersecurity risks and improve business performance.

The Global State of Information Security® Survey 2016, released by PwC in conjunction with CIO and CSO, examines how executives are looking towards new innovations and frameworks to improve security and mitigate enterprise risk.

As cyber risks become increasingly prominent concerns in the C-suite and boardroom, business leaders are rethinking cybersecurity practices and focussing on a nexus of innovative technologies that can reduce enterprise risks and improve performance. These technologies are yielding considerable opportunities to improve cybersecurity and produce holistic, integrated safeguards against cyberattacks.

While the number of incidents has risen significantly over the previous year, organisations in the country have ramped up investments to combat the menace.

Sivarama Krishnan, Leader- Cybersecurity, PwC India said, “Cybersecurity is indispensable. Organisations in India are looking towards innovative cybersecurity solutions, and we have seen a 25% compound annual growth rate (CAGR) in security budgets over the past five years, which support this trend.”

Connected to the emergence of cloud-based systems, Big Data and Internet of Things (IoT) are ascendant technologies that present a host of cyber challenges and opportunities. In the case of Big Data, often considered a cyber liability, 49% of respondents are leveraging data-powered analytics to enhance security by shifting it away from perimeter-based defences, and enable organisations to put real-time information to use in ways that create real value.

Krishnan added, “Not only are leaders adopting innovative solutions, but even fundamental security technologies and practices have seen wider acceptance, and organisations have evolved to master the basics. This has improved security postures of organisations throughout the country.

Some of the key findings of the survey are:

• Security incidents and their impact soars: The average number of information security incidents detected by respondents increased by 117% over the previous year, increasing from 2895 last year to 6284 this year. Attacks on industrial control systems (ICSs) and consumer technologies showed a marked increase. Losses as a result of incidents also surged by 135% over the previous year, and the average cost per incident increased by close to 8%.
• Information security spending increases: Respondents have boosted the information security outlay significantly, reversing last year’s slight drop. They enlarged their budgets by 71% this year. Security budgets have seen a CAGR of 25% over the past five years.
• Organisations look to innovative cybersecurity solutions: Over 70% of respondents employ cloud-based security solutions, which have emerged as an effective way for organisations to efficiently combat cyber threats. Security analytics and identity and access management have been viewed as the most popular cloud based tools. Organisations are also deploying Big Data analytics to manage insider threats; almost 28% have plans to employ Big Data analytics for improving security in the next 12 months.
• Security fundamentals get a fillip:A vast majority of organisations (81%) have adopted a security framework, or, more often, an amalgam of frameworks. Such frameworks help organisations identify and prioritise risks, detect and mitigate security incidents, gauge the maturity of their cybersecurity practices, and better communicate and collaborate internally and externally
• Evolving cybersecurity roles: As many as 63% of the respondents have a CISO (insert full form) in charge of the security programme. The CISO has played an important role in communicating the importance of cybersecurity to the C-suite and the board. Over 61% of respondents believe that their boards are vigorously involved in formulating the overall information security strategy; this figure is significantly higher than the global average of 45%.
• Third-party security focus not yet pervasive: While almost 50% of the respondents cited suppliers and customers as likely sources of incidents, little has been done to strengthen controls around third parties. Only 55% of the respondents conduct compliance audits to check safeguards for personally identifiable information (PII), and even fewer require third parties to comply with the organisation’s security policies.

Notes to the Editors:

Methodology

The Indian update of the Global State of Information Security® Survey 2016, which is a worldwide study by PwC, CIO and CSO, was conducted online from 7 May 2015 to 12 June 2015. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to participate in the survey.

The results discussed in this report are based on the responses of more than 480 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from across 17 industry sectors in India. The margin of error is less than 1%. All figures and graphics in this report are sourced from the survey results.

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

In India, PwC has offices in these cities: Ahmedabad, Bangalore, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune. For more information about PwC India's service offerings, visit www.pwc.com/in

PwC refers to the PwC International network and/or one or more of its member firms, each of which is a separate, independent and distinct legal entity in separate lines of service. Please see www.pwc.com/structure for further details.