India Inc lags adequate cyber incident response strategies: EY

Corporate India has encountered rising cases of cyber crime, but response mechanism to tackle these risks remains low, according to Ernst and Young’s Fraud Investigation and Dispute Services report, which was released on Thursday.

It says about two thirds of businesses are unable to detect a cyber incident in real time due to insufficient understanding of the motive behind the attack. Almost 89% state a need to enhance cyber laws — 55% say laws need to be strengthened and 34% say they need to be more clear. The report is based on over 160 in-depth interviews with senior and mid-management positions in top businesses, half of which are listed firms.

One fifth of the respondents asserted that employees are one of the weakest links in an organisation’s defence mechanism. Most companies tend to put in concentrated efforts to mitigate external threats, but the impact of insider threats is undermined.

Organisations should realise that insider threats could pose a significant risk to their proprietary information, and it’s important to strike a balance in managing both internal as well as external risks to protect critical assets.

About 90% respondents identified social media as a big risk, possessing a high probability of being used to identify and target key individuals in organisations. A mobile workforce, increased sharing of personal and professional information on social media channels, and gaps in protecting this information could evolve as a significant cyber hazard.