India Inc. lags in adequate cyber incident response strategies: EY India

04 May, 2017

  • Share
  • Employees emerged as one of the weakest links in the company’s defence systems
  • 89% of the respondents stated a need to enhance cyber laws
  • Over 90% identified social media as a big risk area

India, Mumbai, 04 May, 2017: Corporate India have encountered rising cases of cybercrime but incident response mechanisms to tackle these risks remains low, states EY’s Forensic & Intergrity Services report, Responding to cybercrime incidents in India. The report highlighted that a majority (about two third) of businesses were unable to detect a cyber incident in real time due to insufficient understanding of the motive behind the attack. Almost 89% stated a need to enhance cyber laws - 55% said laws need to be strengthened and 34% said they need to be more clear.

Arpinder Singh, Partner and Head - India and Emerging Markets, Forensic & Intergrity Services, EY says, Corporate India’s exposure to cybercrime risks has magnified significantly over the last few years, with attacks becoming exceedingly complex, targeted and globalized. The shift to a digital economy has also uncovered vulnerabilities in many organizations and highlighted the need to build strong cyber strategies. The ability to foresee and remediate future threats will separate the better prepared organization from the rest.”

Brijesh Singh, IPS, Inspector General - Cyber, Maharashtra adds, “The threat from cybercrime is multi-dimensional, targeting citizens, corporates and the Government at an alarming rate. Increased public awareness and regulatory initiatives such as ‘Digital India’ have directed organizations to invest in setting up cybersecurity measures in line with the nation’s objectives. Equipping companies with innovative strategies and tools will be paramount going forward.”

The report by EY’s Forensic & Intergrity Services team comprises over 160 in-depth interviews with senior and mid management. Over 50% of the respondents employed from listed companies. Some key highlights of the report include:

  • Inside threats on the rise
    One fifth of the respondents asserted that employees are one of the weakest links in an organization’s defence mechanisms. Most companies tend to put in a concentrated effort to mitigate external threats, but the impact of insider threats is undermined. Organizations should realize that insider threats could pose a significant risk to their proprietary information and it’s important to strike a balance in managing both internal as well as external risks to protect critical assets.
  • Social media – the big cybercrime vector
    Almost all respondents (90%) identified social media as a big risk, possessing a high probability of being used to identify and target key individuals in organizations. A mobile workforce, increased sharing of personal and professional information on social media channels, and gaps in protecting this information could evolve as a significant cyber hazard. Emerging techniques such as phishing or spoofing can make unsuspecting employees even more vulnerable.
  • Cyber specialists are critical to deal with incidents
    72% of the respondents believe their company’s IT security teams do not have enough specialists to deal with cybercrime incidents, directing companies to invest in quality staff who can tackle these concerns. Only 40% of the respondents believe their techniques around proactive monitoring of cybercrime are adequate and 44% stated having robust data protection programs.
  • Increased investments required in investigation capabilities
    Less than half of the respondents surveyed are planning to increase cybersecurity spends, indicating that incident response is still not on the priority list. Organizations need to understand that the quantum of losses suffered because of a cyber breach will continue to escalate in the future, and there is a heightened need to make investments in building robust cyber diagnostic programs, provide remediation approach, cyber threat intelligence and incident response.

Notes to editors

    About EY
    EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

    This news release has been issued by EY Services Limited, a member of the global EY organization that also does not provide any services to clients.

    About EY’s Forensic & Integrity Services
    Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter the size or industry sector. With approximately 4,500 forensic professionals around the world, we will assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the benefit of our broad sector experience, our deep subject-matter knowledge and the latest insights from our work worldwide.