NEW DELHI: A majority of Indian Corporates feel the need for a national policy on information security albeit their continued use of traditional business acumen to protect crucial data pertaining to their company, a CII survey said.
While an information security policy was high on the agenda of most companies, the CII survey revealed that only 16 per cent of participating companies had an assigned CSO or a CISO. Sixty-two per cent of them had no such post or person.
Recognizing the sensitivity and vulnerability of information stored in databases, 86 per cent respondents have expressed the need for an information security policy, the survey report titled, “Report on Information Security Baseline 2005,” said.
The survey also revealed that 38 per cent companies do not have an information security policy of which 7 per cent are indifferent to security policy.
CII conducted the survey to assess the awareness levels prevalent among organizations regarding information security needs and the level of implementation.The respondents were mostly CEOs and top management of both large and small organizations.
Almost 43 per cent of the organisations surveyed by CII had more than 500 employees and 38 per cent had less than 100. The survey also covered the whole industry with 26 per cent respondents from the manufacturing sector, 14 per cent from consumer goods and 42 per cent from IT/ITES companies, BPOs, ISPs, consultants, education, insurance, construction, real estate, financial services etc.
Almost 89 per cent of the respondents took backups regularly, 70 per cent had a business continuity plan in place and 63 per cent had a disaster recovery plan in place, according to the CII survey.
The CII report also defines risks that the survey has revealed. According to the report, topping the list is the absence of a CSO/CISO in a company. Having no CSO was an indication of absence of IT security governance in an enterprise, reads the survey.
The report further identifies a great need for Information Security Awareness Program amongst companies. 71 per cent of the respondents to the CII survey had no security process certification, a high-risk area.