Most firms in India lack adequate cyber security: Report

NEW DELHI: Cyber security operations at most companies in India are inadequate and do not meet the security needs, a report by Ernst & Young said, here on Thursday.

The ‘EY Global Information Security Survey 2018-19 – India Edition’ suggested that companies should invest in analytical capabilities as they would enhance threat detection and improve awareness in company board rooms.

“Most organisations have cyber security functions that do not fully meet their needs; more than half of the organisations are investing in analytical capabilities as a first step,” it said.

Investments are required in identity and access management and reporting function. For many organisations, forensics are a potential green field, it said.

[also_read url=””]Cryptominers hit firms 10 times more than ransomware in 2018[/also_read]

The EY report noted that it might be difficult to quickly build up forensic capabilities in-house and companies should get in third-party vendors with the required capabilities.

The report also said strategic oversight regarding cyber security issues needs improvement. “The executive management in five of the 10 organisations has limited or no understanding of cyber security,” it said.

The threats related to the use of smartphones, the Internet of Things (IoT) and operational technology are not yet understood well and only a small number of organisations identify them as high risk areas, the survey said.

Although many organisations think about importance of emerging technologies in optimising cyber security, investments in them are not increasing, it added.