New Delhi: Threat of cybercrime looms large in India as nearly 72 percent Indian companies facing cyber attacks in 2015 with financial gain or corporate espionage the main motives, said a survey report.
To get a pulse of cybercrime in India and unearth its extent and modus operandi, KPMG, for its ‘The Cybercrime Survey Report 2015’, surveyed 250 top business executives in the capacities of CIO, CISO, CAE, CRO and COO and found 94 percent respondents indicating cybercrime to be a major threat.
“The last few years have seen multi-fold increase in cybercrimes across regions and sectors. Given the proliferation of connected technologies, organisations today face a significant challenge to be resilient against cyber attacks and incidents,” said KPMG’s head, risk consulting, Mritunjay Kapur in a statement.
However, according to the survey, only 41 percent of the respondents said cybercrime figured in their organisation’s board agenda and the spend on cyber defence mechanism is less than five percent of the IT spend in Indian firms.
“Cyber risk assessment is not a focus area for several enterprises across functions and people. Their emphasis is only on technology with 74 per cent respondents stating that a detailed annual IT and cyber risk assessment is not carried out,” said the report.
Banking Financial Services and Insurance (BFSI) sector is the top target for cybercrime in India as highlighted by 74 percent of the respondents followed by pharmaceutical industry, while 63 percent respondents indicated that cybercrimes more often than not amount to gross financial loss.
Nearly 83 percent of the respondents believed in external involvement in cyber attacks while 64 percent respondents said directors and management are the most vulnerable targets.
Kapur also noted that the nature of cybercrime is “constantly evolving, specifically with attackers having a solid arsenal of the ever evolving stealth attack”.
KPMG India’s head, forensics, Mohit Bahl said that organisations need to strengthen their cyber incident response process along with building strong prevention and detection systems. Cyber forensics therefore is becoming a critical component of fraud investigations.
“As businesses throw their doors open to technology, they also expose themselves to the risk of cybercrime that can have far reaching damages ranging from financial, reputational, operational and in certain scenarios, can also impact the physical safety of employees and assets,” said the report, analysing the impact and complexity of cybercrime in India.
According to 65 percent of the respondents, potential vulnerable system targets include email servers while 46 percent respondents indicated end user systems.
“People and vendors are one of the many critical yet one of the weakest links in the cyber defence chain. Cyber investigations of large cybercrimes reveal that social engineering has predominantly been one of the preferred methods to extract critical information,” said KPMG India partner Atul Gupta.