Indian organizations gears-up with IT security Security in Indian organizations is evolving at a rapid pace. According to the recent Information Systems Security Survey, 2007-08 titled ‘From strength to strength’, conducted by the Indian Computer Emergency Response Team (CERT-In), Federation of Indian Chambers of Commerce and Industry (FICCI) and PricewaterhouseCoopers (PwC), security is no longer a mere line item in the overheads budget of Indian enterprises, nor is it a technical issue easily addressed by an off-the-shelf technology product, More than 140 organizations from a broad range of industries took part in the survey and the results of the survey have been benchmarked with ‘The Global State of Information Security 2007’ study, conducted by CIO magazine, CSO magazine and PwC. Sivarama Krishnan, Executive Director-Information security practice, PwC. “It is encouraging to see that Indian organizations have moved faster than their global counterparts in establishing processes for conducting periodic security audits and in having information security strategy in place. We expect this to continue as majority of the organizations have plans to increase their security spending by double digits.” Indian enterprises have traditionally relied on technological controls for information security. Besides perimeter security, desktop security, the source of a number of security breaches, has also assumed importance. In terms of employing technology safeguards, 91% of respondents indicated having data backup mechanisms in place. Organizations have identified enhancement of security awareness as a top strategic priority. Today, more than 80% of the organizations focus on employee awareness programmes, as compared to 47%, as per global figures. Monitoring of employee use of the internet and information use is the latest trend, with more than 78% of the organizations focusing on this, as compared to the global figure of 48%. India Inc. is also increasingly hiring specialized security staff. 51% of the organizations in India, as against 32% globally, have employed Chief Information Security Officers. However, there is a flip side too. While, almost 83% of the organizations were found to have a business continuity/disaster recovery plan, 90% of these organizations do not conduct regular testing of their plans. “In the event of a service disruption or disaster, these organizations might not be able to effectively resume their operations,” says Amit Mitra, Secretary General, FICCI. The industry-wise analysis has revealed interesting results. The ITeS segment has gained the leadership position instead of the financial services sector, which has traditionally been at the top in terms of having security that is more effective. More than 83% of Financial Services and ITeS organizations justify their security investments on grounds of protecting customer information.
Indian organizations today are facing increasing compliance obligations and are exposed to reputation risks. While they are increasingly becoming aware of the regulatory requirement; however a lot remains to be done in terms of achieving compliance.