McAfee has unveiled its APAC CYBER RESILIENCY AND RISK REPORT, revealing that organizations in India describe their culture of cybersecurity as either strategic (60%) or embedded (33%). The survey, covering 480 cybersecurity decision-makers across eight Asia-Pacific countries including Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore and Thailand, also revealed that 97% of the organizations in India were familiar with the concept of cyber-resilience compared to Australia (73%) and New Zealand (75%). Cyber resilience refers to an entity’s ability to continuously deliver the intended outcome despite adverse cyber events. The concept essentially brings the areas of information security, business continuity and organizational resilience together. An astounding 93% of organizations in India believe that they are cyber-resilient, taking the top position amongst all the other countries in the region.
The survey also measured the cybersecurity maturity levels of organizations in the region:
- Key policy areas such as risk and asset management, governance, culture, education and awareness, were rated lowest in the maturity index, implying an immediate need for high priority improvement
- Cyber resiliency functions such as data protection, response and recovery planning, response and recovery communications were identified as areas that IT would like to see improved by 2021 in relation to their cybersecurity maturity levels
- Investment in categories such as data protection, cloud protection technology and network protection technology were top priorities for enterprises targeting an “optimized” cybersecurity maturity posture. Processes at the “optimized” level focus on continuously improving process performance through both incremental and innovative technological changes/improvements
Commenting on the report findings, Sanjay Manohar, Managing Director, McAfee India said, “The objective of cyber resilience is to enhance an entity’s ability to deliver the intended outcome continuously at all times. While organizations can put a cost on cybersecurity damages related to a data breach, reputational damage, impact on sales and other areas are difficult to measure, implying that the level of belief that a cost can be placed is higher than expected. Organizations in India are most likely to have ‘high’ impact of cybersecurity incidents. Therefore, involvement of cybersecurity in digital transformation at the management level becomes critical in more developing jurisdictions such as India, where regulation and compliance are evolving and therefore may be more of a focus for organisations.”
The Digital Transformation agenda
Enterprises in India are at different stages of their digital transformation journey. Organisations have either been ‘always’ digitally focused or have fully implemented digital transformation or at the nascent stages. Organisations in the technology/IT sector are much more likely than other types of businesses to be at an advanced stage of digital transformation. As the cyber threat landscape continues to evolve, cybersecurity is fast becoming an integral part of digital transformation, with 49% ‘extremely’ involved and 41% ‘very involved’ in the digital transformation process.
- Data breach (62%), data tampering (49%) and fraud (43%), were predicted to be the top three risks enterprises will be prone to in 2021. However, the findings also show that in 2021, new risks will spread through a range of other potential issues such as an increase in fraud (23% – 30%) and defacement (24% – 28%)
- The report revealed that an enterprise faced up to 120 data breaches on an average in the past year, with the respondents across APAC, estimating an average loss of USD $298,812. Interestingly, when asked whether they could put a cost on their recent cyber incidents, Indian organizations led with 91 percent believing that they were able to quantify the financial impact.
- Larger organizations were prone to more cyber incidents but organizations with more than 500 staff suffered an average of 209 incidents, which is almost 8 times higher than businesses with 50 to 100 employees. However, there is little difference in detection, response or recovery by country, type of business or size of the organization
Despite regulatory and compliance pressures, the results suggest many businesses still lack the technological sophistication and management support to detect and recover from cybersecurity attacks quickly enough to avoid damaging the business. We live in a digital age, meaning that while cyber resilience has the capability to get stronger, so too does the level of sophistication of cyber-attacks to counteract this. Looking forward to 2021, the survey infers that enterprises would be pursuing a broad range of initiatives to bolster their cyber resilience initiatives, including automation and integration, both of which are enablers for better cyber resilience through data-driven responses modelled after set policies.