Advertisment

Indian enterprises to double security spends

author-image
CIOL Bureau
Updated On
New Update

NEW DELHI, INDIA: Security in Indian organizations is evolving at a rapid pace. No longer is security merely a line item in the overheads budget of Indian enterprises, nor is it a technical issue easily addressed by an off-the-shelf technology product, according to the Information Systems Security Survey, 2007-08 titled ‘From strength to strength’, conducted by the Indian Computer Emergency Response Team (CERT-In), Federation of Indian Chambers of Commerce and Industry (FICCI) and PricewaterhouseCoopers (PwC).

Advertisment

More than 140 organizations from a broad range of industries took part in the survey.

The results of this year’s survey have been benchmarked with ‘The Global State of Information Security 2007’ study, conducted by CIO magazine, CSO magazine and PwC.

Indian enterprises have traditionally relied on technological controls for information security. Besides perimeter security, security of desktops, the source of a number of security breaches, has also assumed importance. In terms of employing technology safeguards, 91 percent of respondents indicated having data backup mechanisms in place.

“It is encouraging to see that Indian organizations have moved faster than their global counterparts in establishing processes for conducting periodic security audits and in having information security strategy in place,” said Sivarama Krishnan, Executive Director—Information Security Practice, PwC. “We expect this to continue as majority of the organizations have plans to increase their security spending by double digits,” he added.

Advertisment

Unlike the trends shown in previous surveys, it is also encouraging to note that a lesser percentage of organizations have suffered security breaches, with viruses being the single largest source of breach. “Indian enterprises can avoid security breaches further if they develop and implement an effective information security strategy and framework,” said Dr Gulshan Rai, Director, CERT-In.

Amit Mitra, Secretary General, FICCI. “Organizations need to re-look at their BCP/DRP strategies in a holistic manner to ensure effective recovery in the event of a disaster.”

Indian organizations today are facing increasing compliance obligations and are exposed to reputation risks. While they are increasingly becoming aware of the regulatory requirement; however a lot remains to be done in terms of achieving compliance.

Advertisment

“Organizations in India must realize that there are significant advantages in achieving compliance. It can result in more cost-effective processes and ensure top management support,” added Dr Rai.

The industry-wise analysis has revealed interesting results. The ITeS segment has gained the leadership position instead of the financial services sector, which has traditionally been at the top in terms of having security that is more effective. More than 83 percent of financial services and ITeS organizations justify their security investments on grounds of protecting customer information.

“Organizations in the ITeS segment have implemented security that goes far beyond in what is practiced in the West. For example, BPO agents are required to surrender everything which could facilitate data compromise like mobile phones, PDAs, pens and notebooks,” concluded Krishnan.

tech-news