The average spend on security infrastructure by Indian companies has declined by 17% in 2013-14 despite an increase in the overall loss due to cyber attacks. The average cost of a security incident for Indian companies has more than doubled from $194 in 2013 to $414 in 2014 and there has been a 20 per cent increase in the average loss as a consequence.
This startling revelation was out from a detailed research on the said topic by global research firm PWC. Just not that, the study said that though there is growth in the loss due to cyber attacks, companies, ironically spend comparatively less in 2014 on the security preparedness. The average spending on security by Indian companies have reduced to $4 million in 2014 from $4.8 million in 2013.
“It seems counter-intuitive that, even though threats have become more frequent and damaging, organisations have not increased their security spending. Rise in the average cost of incidents is primarily a consequence of today’s more sophisticated compromises, often extending beyond IT to other areas of the business,” the research paper by PWC mentioned.
The study also brought the focus back to the ‘insiders’ who it feels as the biggest threat to any kind of security breaches. “Current and former employees have been cited by respondents as the most common causes of incidents. Loss of data through associations with customers and vendors also contribute to a reasonable chunk of incidents caused by insiders,” the survey added.
Sivarama Krishnan, executive director and leader – India Cyber Security, Governance Risk and Compliance Services, PWC said, “Cyber security is no longer an issue that concerns only IT and security professionals. The impact has extended to the C-suite and boardroom. It is now a persistent business risk. Awareness and concern about such security incidents and threats are a priority for the consumers as well”.
Around 37% of respondents in the survey gave a very different view of the security apparatus of an enterprise. They blamed it on the leadership. “The lack of leadership to set a clear direction for the overall information security strategy along with insufficient capital and operating expenditures represent the major areas of concern for organisations today,” added the PWC’s ‘State of the Information Security Survey- India 2015’.
