Organisations in India are facing longer downtimes and higher financial costs from cybersecurity breaches, compared to the global average, according to Cisco’s 2019 Asia Pacific CISO Benchmark Study.
According to the study, 37 percent of companies in India experienced a downtime of over 9 hours after their most severe breach in the past year, compared to just 30 percent globally. Longer downtimes often result in higher financial costs. This was evident across India, as 24 percent of companies saw a financial impact of USD one million or more from their most significant breach in the past year.
With the number of cyber threats increasing rapidly, the real challenge lies in what comes after the alert is received. How many of the alerts are investigated, and how many of those found to be genuine are eventually remediated. According to the study, 46 percent of respondents reported receiving more than 5,000 threat alerts a day; however, 43 percent of them go unattended, compared to 39 percent in 2018. Of the threats that were investigated and found to be genuine, only 41 percent were remediated (down from 52 percent in 2018).
Cyber-attacks are evolving rapidly. Hackers are no longer just targeting IT infrastructure but have started to attack operational technology infrastructure, intensifying the challenge for companies. In India, 25 percent of respondents have already experienced an attack on their operational infrastructure (versus 21 percent globally), and 34 percent expect this trend to increase in the next year.
The study also highlights that the use of multiple vendors is adding to the complexity for security professionals. According to the survey, 29 percent of companies in India are using more than 10 vendors, compared to 33 percent globally, and 4 percent are using more than 50 vendors, compared to 3 percent globally. When asked how challenging it is to manage a multi-vendor environment, 89 percent said it was somewhat or very challenging to orchestrate multiple vendor alerts. This is in line with the global trend, with 79 percent of respondents across the world highlighting this as an issue.
The study, based on close to 2,000 security professionals from across the APAC region, highlights that security practitioners in the Asia Pacific are being kept busier than their global counterparts.
Vishak Raman, Director, Security Business, Cisco India & SAARC, “Organizations in India have made significant improvements to their cybersecurity postures, in the last year. They have increased their security budgets, focused on training their workforce, and have started integrating their security infrastructure. However, high workloads and alert fatigue continue to be a big challenge. Hence, enterprises in India are looking at increasing the level of automation in their security strategy as well as opting for an integrated end-to-end solution to secure their infrastructure.”