Poor Cyber Preparedness Exacts High Toll on Indian FirmsIndian CISOs Worry About Reputational and Financial Losses in Cyberattacks
More than a one-fourth of Indian organizations suffered over $2 million in losses to cyberattacks in the past year as a result of a lack of skilled cybersecurity workforce and funds, according to a recent survey by cloud cybersecurity vendor Cloudflare.
A majority of IT security decision-makers at Indian organizations struggled to find talented personnel to strengthen their systems, Cloudflare found in a survey of Asia-Pacific organizations across 14 countries.
A lack of cyber preparedness resulted in 83% of organizations suffering at least one cybersecurity incident in the past year, and half of those firms suffered losses of at least $1 million in remediation costs.
Cloudflare said organizations find it increasing difficulty to secure their hybrid workforce. An overreliance on VPNs and IP addresses for application protection and the inability to control what devices access their networks prevented companies from building secure defenses, the survey found.
Rising incidents of cybercrime - most of them in the form of web application attacks, phishing attacks and supply chain attacks - are taking a toll on Indian organizations, and many of them are now resorting to restricting hybrid work.
IT security decision-makers - including CISOs from critical infrastructure, healthcare, manufacturing, transportation and government sectors in the Asia-Pacific region - said they also fear the prospect of reputational damage, data loss and loss of customers in the aftermath of successful cyberattacks.
NordPass ranked India second in a global list of countries with the most data breaches resulting in a consumer data leak. Since late 2019, at least 750 companies in India have suffered data breaches that exposed consumers' private information, compared to 2,264 organizations in the U.S. and 608 organizations in the U.K.
Since the vast majority of companies in India are at the developing stage of their secure networking journey, many have not deployed a cloud access security broker and browser isolation.
To address the breach problem, the Indian government recently passed the first-of-its-kind Digital Personal Data Protection Act, which proposes a maximum fine of up to $30 million for privacy violations, based on the severity of each violation.
The law also requires data fiduciaries to appoint data protection officers and independent data auditors, collect and process consumer data only for specific purposes and ensure the security and confidentiality of consumer data.