/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA:Symantec Corp. today released the India findings of its global 2010 State of Enterprise Security study. The study found that 42 per cent of Indian enterprises rate cyber security their top issue. This isn’t a surprise, considering that 66 percent of enterprises experienced cyber attacks in the past 12 months.
These attacks cost Indian enterprises an average of over INR 58,00,000 in lost revenue in 2009, apart from bigger financial losses due to loss of confidential data and productivity. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues.
Also Read: Tips to prevent Cyber Attacks
“Protecting information today is more challenging than ever,” said Vishal Dhupar, Managing Director, Symantec India. “By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today’s information-driven world.”
Study Highlights:
Enterprise security is IT’s top concern
Security is of great concern to Indian enterprises. Forty-two per cent of the enterprises surveyed rank cyber risk as their top concern, more than natural disasters, terrorism and traditional crime combined. Reflecting that perception, Indian enterprises are intently focused on IT security.
In fact, the study revealed that 81 per cent of the organizations feel better managing business risk related to use of IT is an important focus area for 2010. Furthermore, 92 per cent of the organizations said IT security budgets would stay the same or increase in 2010.
Enterprises are experiencing frequent attacks
In the past 12 months, 66 per cent of Indian enterprises experienced cyber attacks. Worse, 51 per cent reported that cyber attacks have stayed the same or grown over the past 12 months. The attacks experienced in 2009 were a combination of external and internal attacks.
While 34 per cent experienced an extremely/somewhat high number of external malicious attacks, 23 per cent experienced an extremely/somewhat high number of internal malicious attacks. Insider negligent actions were also a significant factor, with 31 per cent of the Indian enterprises surveyed experiencing an extremely/somewhat high number of these attacks. Interestingly, while 51 per cent stated that external malicious attacks grew quickly in 2009, over 40 per cent revealed that internal attacks increased rapidly too.
Costs of cyber attacks are high
Each of the cyber attacks mounted by Indian enterprises in 2009 had a financial impact, with 100 per cent of the surveyed organizations reporting a loss of revenue and 81 per cent reporting a direct financial cost. Apart from these, costs of damaged brand reputation, loss of customer trust and litigation were also high. Ninety per cent of enterprises faced a cost to comply with regulations after an attack, reflecting the need for enterprises to prevent such attacks in the first place.
While the average revenue lost by Indian enterprises due to cyber attacks was INR 58,59,234 in 2009, the value of lost confidential data and lost productivity was also high. Indian enterprises lost an average of INR 94,56,216 in organization, customer and employee data in 2009, and an average of INR 84,57,037 in productivity.
Enterprise security becoming more difficult
Not surprisingly, IT security is becoming an imposing issue for Indian enterprises, with 58 per cent being extremely concerned and 19 per cent somewhat concerned about loss of confidential data. However, enterprise security is becoming more difficult due to a number of factors. First, enterprise security is understaffed, with the most impacted areas being network security, endpoint security, web security and data loss prevention. Second, enterprises are embarking on new initiatives that make providing security more difficult. Initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualization, endpoint virtualization, and software-as-a-service.