Only 4% of Indian firms ready for cybersecurity risks

Just 4 per cent of companies in India have a “mature” level of readiness needed to manage cybersecurity risks and 3 per cent are so prepared worldwide, said a report on Thursday.

As many as 37 per cent of companies in India are at the “progressive” stage, 52 per cent are “formative”, and 7 per cent are “beginners”, according to Cisco’s 2024 Cybersecurity Readiness Index.

The report comes at a time when companies are being targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering attacks. While companies are building defences, they are slowed down by their own complex security systems that are dominated by multiple point solutions.

The problem is compounded in distributed working environments where data can be spread across services, devices, applications, and users. This lack of readiness is substantial despite almost three-quarters of companies (73 per cent) believing a cybersecurity incident will disrupt their business in the next 12-24 months. Despite this lack of readiness, 31 per cent of companies feel “very confident” in their ability to stay resilient amidst this evolving cybersecurity landscape.

“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, executive vice-president and general manager of security and collaboration at Cisco. “Today’s organisations need to prioritise investments in integrated platforms and lean into AI (artificial intelligence) in order to operate at machine scale and finally tip the scales in the favour of defenders.”

As many as 88 per cent of respondents admitted that having multiple cybersecurity point solutions – a traditional approach – slowed down their ability to detect, respond and recover from incidents. This is worrying as 78 per cent of organisations said they have deployed 10 or more point solutions in their security stacks, while 38 per cent said they have 30 or more.

“In an era witnessing unprecedented proliferation of devices and rising AI-powered cyberattacks, it’s critical that organisations not only increase their investment in cybersecurity but also embrace an integrated platform approach to protect the five key pillars and take steps to reduce their security readiness gap. They must also ensure that AI is integrated into frontline defences as part of their overall cybersecurity strategy,” said Samir Kumar Mishra, director, security business, Cisco India and SAARC.

The gap in cybersecurity talent persists with 91 per cent of companies highlighting it as an issue. As many as 59 per cent of companies said they had more than 10 roles related to cybersecurity unfilled in their organisation at the time of the survey.

Companies are ramping up their defences, with 71 per cent planning to significantly upgrade their information technology infrastructure in the next 12 to 24 months. This is a marked increase from 51 per cent who planned to do so last year. Most prominently, organisations plan to upgrade existing solutions (70 per cent), deploy new solutions (58 per cent), and invest in AI-driven technologies (60 per cent).

Further, 99 per cent of companies expect to increase their cybersecurity budget in the next 12 months, and 95 per cent said their budgets will increase by 10 per cent or more. Business Standard