While India Inc is spending more on cyber-security each year, organisations are still not confident of their ability to sense, resist and respond to cyber threats, a survey by global professional services organisation EY said on Wednesday.
Sixty nine percent of the Indian respondents reported an increase in their cyber-security budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year.
Despite the increased investments, 75 percent of the Indian respondents say that their cyber-security function does not fully meet their organisations' needs.
"We will need immense focus to encourage technological innovations in cyber-security to secure national critical infrastructure from cyber criminals," said Gulshan Rai, National Cybersecurity Coordinator, National Security Council, Prime Minister's Office, Government of India, during the release of the survey findings at an event in New Delhi.
Management and governance issues (42 percent), followed by lack of quality tools for managing information security and lack of executive awareness and support (41 percent) were seen as the main challenges for information security operations by the Indian respondents as compared to lack of budgets (61 percent) and skilled resources (56 percent) globally.
Thirty eight per cent of the respondents say that boards are not fully knowledgeable about cyber risks. Thirty seven percent cited budget constraints and lack of skilled resources (39 percent) as obstacles.
"While respondents are more confident of their ability to predict and detect a cyber-attack with 52 percent saying that they would be able to do so, but not enough attention is being given to building basic, yet essential capabilities," the findings showed.
More than half of the respondents (55 percent) do not have a formal, threat intelligence programme, while 44 percent do not have a vulnerability identification capability.
Further, 33 percent do not have a security operations centre (SoC), which serves as a continuous monitoring mechanism.
"Since cyber resilience cannot be achieved by buying security-in-a-box, organisations need to focus on gathering periodic threat intelligence, enhancing their threat-hunting and breach-detection capabilities, and institutionalising a robust incident-response framework," said Nitin Bhatt, EY India's Risk Advisory Leader.