52% of Indian organisations suffered a successful cybersecurity attack in the last 12 months: Survey

Despite having the highest percentage of companies with an independent security budget, 52 per cent of organisations in India have fallen victim to a successful cybersecurity attack in the last 12 months, according to a survey by cybersecurity firm Sophos.

According to the survey report, The Future of Cybersecurity in the Asia Pacific and Japan, by Sophos release in collaboration with Tech Research Asia (TRA), a majority of Indian organisations have suffered a successful cyberattack over the past year.

Of these successful breaches, 71 per cent of organisations admitted it was a serious or very serious attack. For 65 per cent of organisations, the breaches took longer than a week to remediate.

“Despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations,” the report said.

“While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021,” it said.

India however reported the highest percentage of companies that have an independent security budget. Furthermore, the median percentage of technology budgets spent on cybersecurity are expected to rise from 9 per cent today to 10 per cent in the next 24 months.

Sunil Sharma, managing director – sales, Sophos India and SAARC, said, “Cyber breaches are a reality that we cannot afford to ignore. Within an organisation, there will always be multiple threats that can exploit various vulnerabilities and launch full-blown cyberattacks. The only way to stop these threats is to actively hunt for them and neutralise them.”

“This makes threat hunting an important function to mitigate the damage caused by cyberattacks. Hence, there is a strong need for increased cybersecurity budgets to include threat hunting in house or outsourced services like managed detection and response (MDR). Our findings show there is budget allocated for cybersecurity in India, but it isn’t enough. Indian organisations need to view cybersecurity as a value to the business and increase their budgets accordingly,” added Sharma.

Overall, 44 per cent of the Asia Pacific and Japan (APJ) organisations surveyed suffered a data breach in 2020, up from 32 per cent in 2019, the report said.

55 per cent of these companies that suffered successful breaches rated the loss of data as either “very serious” (24 per cent) or “serious” (31 per cent). 17 per cent of organisations surveyed suffered at least 50 attacks, per week.

“As cyberattacks continue to rise, the report found that malware, AI/ML-driven attacks and nation-state attacks will be the most serious threats to enterprise cybersecurity over the next 24 months,” the report said.

“Ultimately, security is about right-sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.