Cybersecurity maturity of Indian startups are abysmally low, says report

By : |September 14, 2017 0

From the data theft of reportedly 3.2 million debit cards that affected many big banks including SBI, HDFC Bank, ICICI, Yes Bank and Axis Bank, to recent security breach at Zomato that involved user data of over 17 million users, the state of cybersecurity in one of the world’s most rapidly growing market doesn’t look very promising.

If data breaches of the last couple of years are anything to go by, then Indian startups don’t look adequately prepared to deal with cyber-attacks.

The same was reinforced by the Cyber Security Maturity Report of Indian Industry (2017) by Fire Compass that found that Indian organizations across different sectors on an average scored only around 50 out of 100 on the cyber security scale.


The large banks and telcos emerged as the best performers with a compliance percentage of 61. They were followed by Financial services and the IT industry with a score of 58 percent and 52 percent respectively.

The most worrisome finding was regarding startups and Fintechs that performed rather abysmally with a score of 8 out of 100 as per security maturity benchmark.

Source: FireCompass

It was an online survey for which 200+ organizations in India responded, across verticals to provide a holistic view of security performance. NIST Cybersecurity Framework (promoted by the USA government) was leveraged to classify the technology controls capabilities across 5 dimensions: Identify, Protect, Detect, Respond, Recover. The score is based on data from actual security controls implemented as well as open source security intelligence.

The report also highlighted that majority of internal technology controls are primarily based around prevention, with not sufficient measure implemented around detection and response. While the score in terms of prevention techniques was 63 percent, for detection and response they were 51 percent and 31 percent respectively. The picture does not change much for the startups in terms of identification, prevention, response and detection also. It is alarming to see how ill-equipped the startups are in terms of dealing with cyber attacks.

firecompass1Source: FireCompass

According to Fire Compass, cybersecurity investment should be spread out across the spectrum, by taking a balanced approach to investments, like a financial portfolio.

The firm has a word of caution for startups especially fintech that they shouldn’t assume ‘that startups are not a target for hackers. Most of the startups are easy prey for opportunistic hackers and startup breaches are rapidly rising.’ A strong security posture can be achieved with low cost tools and a small team of skilled professionals. Security should be considered right from the design stage of the product and be continuously assessed throughout the lifecycle. Fixing issues later can be 30x higher than at design stage.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.