India Inc is now focussing on people-related controls apart from technology for security, with over 80 per cent organisations focusing on employee awareness programmes, says a new survey by the Indian Computer Emergency Response Team (CERT-In), FICCI, and research firm PriceWaterhouseCoopers.
The survey notes that monitoring of employee use of the internet and information is the latest trend, with more than 78 per cent of the organisations focusing on this.
Organisations are also hiring specialised security staff, with 51 per cent of the organisations in India having employed Chief Information Security Officers.
“It is encouraging to see that Indian organisations have moved faster than their global counterparts in establishing processes for conducting periodic security audits and in having information security strategy in place,” said Sivarama Krishnan, executive director in the information security practice of PwC.
“We expect this to continue as majority of the organisations have plans to increase their security spending by double digits”.
However, on the flip side, most organisations do not conduct testing of their programmes.
More From This Section
Almost 83 per cent of the organisations were found to have a business continuity/disaster recovery plan, 90 per cent of these organisations do not conduct regular testing of their plans.
In the industry wise analysis, the ITeS segment has gained the leadership position instead of the financial services sector, which has traditionally been at the top in terms of having security that is more effective.
More than 83 per cent of Financial Services and ITeS organisations justify their security investments on grounds of protecting customer information.
Amit Mitra, secretary general, FICCI said, “This clearly establishes the requirement of universities and colleges to come up with specialised training courses, so that information security professionals are equipped with necessary know-how and knowledge. This is amiss at this point of time.