Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
4-min read

Increased Budgets Not Enough to Meet Cyber Security Needs, Finds EY Survey

The report, titled Path to cyber resilience: Sense, Resist, React: EY’s 19th Global Information Security Survey 2016-17, was released here today by Gulshan Rai, National Cybersecurity Coordinator, National Security Council, Prime Minister’s Office, Government of India.


Updated:January 11, 2017, 7:29 PM IST
Hackers, Russian, Technology news
Levashov denies the charges in an eight-count indictment handed down by a federal grand jury in Connecticut in April. (Representative image.)

While India Inc. is spending more on cybersecurity each year, organisations are still not confident of their ability to sense, resist and respond to cyber threats, says the latest survey by EY, the global professional services organisation.

The report, titled Path to cyber resilience: Sense, Resist, React: EY’s 19th Global Information Security Survey 2016-17, was released here today by Gulshan Rai, National Cybersecurity Coordinator, National Security Council, Prime Minister’s Office, Government of India.


Now in its 19th year, the EY Survey is based on responses from 1,735 global C-suite executives, including 124 CXOs from India. 69 percent of Indian respondents reported an increase in their cyber security budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year.


Despite the increased investments, 75 percent of the Indian respondents say that their cyber security function does not fully meet the organisation’s needs.

Speaking on the occasion, Gulshan Rai said: “We are at the cusp of a cybersecurity paradigm shift and it is imperative that for the overall national security we join hands to share, evaluate and acquire threat intelligence and develop a robust operational framework to use this with security technologies.”

Also read: Cybersecurity Cannot be an Afterthought While Adopting IoT: PwC

Increasing risk exposure

According to the survey, 61 percent of the respondents cited outdated information security architecture and controls as the topmost vulnerability factor.

Careless or unaware employees is their second-most important concern (58 percent), while vulnerabilities related to mobile computing, social media and cloud computing also feature prominently.

Among threats, the majority (54 percent) believe that cyber-attacks are primarily targeted at defacing/disrupting organisations or towards stealing intellectual property or data (51 percent),

followed by fraud (48 percent).

The survey highlights that respondents are more confident of their ability to predict and detect a cyber-attack with 52 percent saying that they would be able to do so, but more than half of the respondents (55 percent) do not have a formal, threat intelligence program, while 44 percent do not have a vulnerability identification capability.

Further, more than a third (33 percent) do not have a security operations centre (SoC), which serves as a continuous monitoring mechanism.

More than half (52 percent) would not increase their cybersecurity spending after experiencing a breach which did not appear to do any harm, which the report highlights as a matter of concern, observing that ‘cyber criminals often making test attacks or lie dormant after a breach.’

“Since cyber resilience cannot be achieved by buying “security-in-a-box,” organisations need to focus on gathering periodic threat intelligence, enhancing their threat-hunting and breach detection capabilities, and institutionalising a robust incident response framework,” said Nitin Bhatt, EY India’s Risk Advisory Leader.

According to the Indian respondents, management and governance issues (42 percent), followed by lack of quality tools for managing information security and lack of executive awareness and support (41 percent) were seen as the main challenges for information security operations as compared to lack of budgets (61 percent) and skilled resources (56 percent) globally. 38 percent of the Indian respondents say that boards are not fully knowledgeable about cyber risks

More than a third of the Indian respondents (37 percent) cited budget constraints and lack of skilled resources (39 percent) as obstacles.

More than three-fourth of the respondents indicated that they do not evaluate the financial impact of every significant breach and those that have had a cyber breach in the last year, more than half (57 percent) have no idea of the financial damage incurred.

Also read: Cisco India Unveils Three Cyber Security Initiatives

Challenges of the digital ecosystem and connected devices

On the impact of the Internet of Things (IoT), the report states that organisations are struggling with the huge number of devices that will become part of their networks, challenges related to the size of data traffic and the expanding ecosystem of business partners.

The most important information security challenges of IoT were identified as finding hidden or zero-day attacks (50 percent), identifying suspicious traffic over the network (44 percent) and ensuring that implemented security controls are meeting the requirements of the day (40 percent).

On the growing use of mobile devices such as laptops, tablets and smartphones, more than half (55 percent) see poor user awareness as the most significant risk, followed by (41 percent) loss of device which leads to loss of information and identity.

Among information security priorities over the next 12 months, business continuity and disaster recovery was rated by respondents as their top priority (63 percent), along with data leakage and data loss protection (60 percent).

Although 43 percent plan to spend more on business continuity in the coming year and 37 percent plan to spend more on data leakage, there is also considerable focus on higher spends on security awareness and training of employees, vendors and business partners, cloud computing and threat and vulnerability management (38 percent).

Also read: Data Security Council of India, Lockheed Martin Launch Cybersecurity Portal to Educate SMBs

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Sarthak Dogra
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results