Indian organisations today are facing increasing compliance obligations and are exposed to reputation risks. While they are increasingly becoming aware of the regulatory requirement; however a lot remains to be done in terms of achieving compliance.

“Organisations in India must realise that there are significant advantages in achieving compliance. It can result in more cost-effective processes and ensure top management support,” says Rai.

Lack of dedicated resources and adequate training are identified as the primary barriers for strengthening information security in India. “This clearly establishes the requirement of universities and colleges to come up with specialised training courses, so that information security professionals are equipped with necessary know-how and knowledge,” adds Mitra. “This is amiss at this point of time.”

The industry-wise analysis has revealed interesting results. The ITeS segment has gained the leadership position instead of the financial services sector, which has traditionally been at the top in terms of having security that is more effective. More than 83 percent of financial services and ITeS organisations justify their security investments on grounds of protecting customer information. 

“Organisations in the ITeS segment have implemented security that goes far beyond in what is practised in the West. For example, BPO agents are required to surrender everything which could facilitate data compromise like mobile phones, PDA’s, pens and notebooks,” concludes Sivarama Krishnan.