Mumbai: 52% of Indian organisations fell victim to a successful cybersecurity attack in the last 12 months reveals Sophos‘ new sponsored study.
The second edition of Sophos’ The Future of Cybersecurity in Asia Pacific and Japan survey in collaboration with Tech Research Asia (TRA). reveals that despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations.
Insignificant rise in budgets, despite significant rise in attacks
Despite having the highest percentage of companies with an independent security budget, 52% of Indian organisations say they fell victim to a successful cybersecurity attack in the last 12 months.
Of these successful breaches, 71% of Indian organisations admitted it was a serious or very serious attack, and 65% said it took longer than a week to remediate.
While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021. At the same time, India reported the highest percentage of companies that have an independent security budget.
Furthermore, they expect a rise in the median percentage of technology budgets spent on cybersecurity from 9% to 10% in the next 24 months.
“Cyber breaches are a reality that we cannot afford to ignore. Within an organisation, there will always be multiple threats that can exploit various vulnerabilities and launch full-blown cyberattacks,” said Sunil Sharma, MD – Sales, Sophos India and SAARC.
“The only way to stop these threats is to actively hunt for them and neutralize them. This makes threat hunting an important function to mitigate the damage caused by cyberattacks,” added Sharma.
Hence, there is a strong need for increased cybersecurity budgets to include threat hunting in the house or outsourced services like managed detection and response (MDR).
“Our findings show there is a budget allocated for cybersecurity in India, but it isn’t enough. Indian organisations need to view cybersecurity as a value to the business and increase their budgets accordingly,” commented Sharma.
Overall, 44% of Asia Pacific and Japan (APJ) organisations surveyed suffered a data breach in 2020, up from 32% in 2019. Of these successful breaches, 55% of companies rated the loss of data as either “very serious” (24%) or “serious” (31%).
!7% of organisations surveyed suffered at least 50 attacks, per week. As cyberattacks continue to rise, the report found that malware, AI/ML-driven attacks and nation-state attacks will be the most serious threats to enterprise cybersecurity over the next 24 months.
“Ultimately, security is about right-sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, Lead Analyst and Director – Tech Research Asia.