While India Inc is spending more on cyber security each year, organisations are still not confident of their ability to sense, resist and respond to cyber threats, a survey by global professional services organisation EY said on Wednesday.
Sixty nine per cent of the Indian respondents reported an increase in their cyber security budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year.
Despite the increased investments, 75 per cent of the Indian respondents say that their cyber security function does not fully meet their organisations' needs.
"We will need immense focus to encourage technological innovations in cyber security to secure national critical infrastructure from cyber criminals," said Gulshan Rai, National Cybersecurity Coordinator, National Security Council, Prime Minister's Office, Government of India, during the release of the survey findings at an event here.
Management and governance issues (42 per cent), followed by lack of quality tools for managing information security and lack of executive awareness and support (41 per cent) were seen as the main challenges for information security operations by the Indian respondents as compared to lack of budgets (61 per cent) and skilled resources (56 per cent) globally.
Thirty eight per cent of the respondents say that boards are not fully knowledgeable about cyber risks. Thirty seven per cent cited budget constraints and lack of skilled resources (39 per cent) as obstacles.
"While respondents are more confident of their ability to predict and detect a cyber attack with 52 per cent saying that they would be able to do so, but not enough attention is being given to building basic, yet essential capabilities," the findings showed.
More than half of the respondents (55 per cent) do not have a formal, threat intelligence programme, while 44 per cent do not have a vulnerability identification capability.
Further, 33 per cent do not have a security operations centre (SoC), which serves as a continuous monitoring mechanism.
"Since cyber resilience cannot be achieved by buying security-in-a-box, organisations need to focus on gathering periodic threat intelligence, enhancing their threat-hunting and breach-detection capabilities, and institutionalising a robust incident-response framework," said Nitin Bhatt, EY India's Risk Advisory Leader.