Careless employees pose the biggest cybersecurity threat to Indian companies

Image: Reuters/Shailesh Andrade
We may earn a commission from links on this page.

The state of internet security in Indian companies is in shambles, and the firms’ worst vulnerabilities come from their own workforce.

Over three in 10 firms say careless or unaware employees constitute the biggest vulnerability that exposes them to security risks, according to consulting firm EY’s Global Information Security Survey 2018-19. Outdated security controls and social media are the other threats.

The survey, conducted between April and July 2018, captures the responses of over 230 C-suite leaders and information security and IT executives and managers.

This scepticism has come at a time when massive breaches have been reported in private as well as public establishments’ internet firewalls across the country. India was the third worst-hit nation by ransomware WannaCry with over 40,000 computers affected. A series of other attacks like NotPetya, Meltdown, and Spectre followed in 2017 and 2018. In fact, India has been the second-most affected country by targeted attacks in the past few years, according to EY. The worst-hit was the US.

What’s worse, Indian companies are ill-equipped, too.

Over 45% of them have no programme for one or more of the following: threat intelligence, vulnerability identification, breach detection, incidence response, data protection, and identity and access management.

“More than three-quarters (81%) of organisations do not yet have a sufficient budget to provide the levels of cybersecurity and resilience they want,” EY stated. “Protections are patchy, relatively few organisations are prioritising advanced capabilities, and cybersecurity too often remains siloed or isolated.”

Still, investments are in order. A higher proportion of firms are increasing their spending towards robust cybersecurity measures.

Spending on “securing cloud infrastructure remains as a high priority area for respondents in India,” the report stated.