To get a pulse of cyber crime in India and unearth its extent and modus operandi, KPMG, for its ‘The Cybercrime Survey Report 2015’, surveyed 250 top business executives in the capacities of CIO, CISO, CAE, CRO and COO and found 94 percent respondents indicating cyber crime to be a major threat.
“The last few years have seen multi-fold increase in cyber crimes across regions and sectors. Given the proliferation of connected technologies, organisations today face a significant challenge to be resilient against cyber attacks and incidents,” said KPMG’s head, risk consulting, Mritunjay Kapur in a statement.
However, according to the survey, only 41 percent of the respondents said cyber crime figured in their organisation’s board agenda and the spend on cyber defence mechanism is less than five percent of the IT spend in Indian firms.
“Cyber risk assessment is not a focus area for several enterprises across functions and people. Their emphasis is only on technology with 74 per cent respondents stating that a detailed annual IT and cyber risk assessment is not carried out,” it said.
Banking Financial Services and Insurance (BFSI) sector is the top target for cyber crime in India as highlighted by 74 percent of the respondents followed by pharmaceutical industry, while 63 percent respondents indicated that cyber crimes more often than not amount to gross financial loss.
Nearly 83 percent of the respondents believed in external involvement in cyber attacks while 64 percent respondents said directors and management are the most vulnerable targets.
Kapur also noted that the nature of cyber crime is “constantly evolving, specifically with attackers having a solid arsenal of the ever evolving stealth attack”.
KPMG India’s head, forensics, Mohit Bahl said: “Organisations need to strengthen their cyber incident response process along with building strong prevention and detection systems. Cyber forensics therefore is becoming a critical component of fraud investigations.”
Analysing the impact and complexity of cyber crime in India, the report said: “As businesses throw their doors open to technology, they also expose themselves to the risk of cyber crime that can have far reaching damages ranging from financial, reputational, operational and in certain scenarios, can also impact the physical safety of employees and assets.”
According to 65 percent of the respondents, potential vulnerable system targets include email servers while 46 percent respondents indicated end user systems.
“People and vendors are one of the many critical yet one of the weakest links in the cyber defence chain. Cyber investigations of large cyber crimes reveal that social engineering has predominantly been one of the preferred methods to extract critical information,” said KPMG India partner Atul Gupta.