Most CEOs In India Seek Cyber-risk Management Plan Next Year: PwC Study

Most chief executive officers (CEOs) in India would demand a cyber-risk management plan for major business or operational changes in the next 12-18 months, said a PwC report on Wednesday.

One in four companies across the world has suffered a data breach that cost between $1 million to $20 million or more in the past three years. Despite cyberattacks costing businesses millions of dollars, less than 40 per cent of executives surveyed worldwide said they have fully mitigated cybersecurity risk exposure in several critical areas.

More than 82 per cent of business executives in India foresee an increase in cybersecurity budgets in 2023, said PwC’s '2023 Global Digital Trust Insights'. Around 52 per cent of the CEOs said they would drive initiatives that improve cyber security.

Senior executives said their enterprise isn’t fully prepared to address heightened threats. In the Indian context, as far as threat actors are concerned, cybercriminal activity (77 per cent) takes the top spot in line with global findings. However, beyond that, insider threat (current employee, past employee, contractor) emerges as a unique challenge in India, with 62 per cent of the respondents highlighting it.

The majority of respondents (52 per cent) from India reported that attacks against cloud management interfaces saw the highest increase compared to last year. This was a reflection of the rapid rise in cloud adoption witnessed post the pandemic.

The report contains the views of senior executives on the challenges and opportunities to improve and transform cybersecurity within their organization in the next 12-18 months. The survey includes 3,522 respondents across 65 countries.

As many as 103 executives in India participated in the survey. These belonged to business and technology/ security roles, with 40 per cent working for organisations with more than $1 billion in revenue and 32 per ent with over $5 billion.

Business email compromise/ account takeovers (42 per cent), software supply chain compromise (43 per cent), and theft of intellectual property for commercialisation (40 per cent) were the other types of attacks that spiked in the past year.

According to the survey, 89 per cent of Indian business executives say their organisation’s cybersecurity team detected a significant cyber threat to business and prevented it from affecting their operations, as against 70 per cent globally. It also highlights that 83 per cent of Indian business executives say their organisation’s cybersecurity team has improved supply chain risk management.

“The digitalisation of business demands that corporates and boards invest in becoming more cyber resilient. This needs to be across the spectrum – in technology, people, processes, and engineering capabilities. Our survey clearly reveals that organisations that have made cybersecurity a strategic priority have witnessed less disruption to the business. Cyber resilience is not only key to the survival of businesses but also a key driver of public trust,” said Sivarama Krishnan, Partner and APAC Cybersecurity Leader at PwC.

Organisations across the globe worry about more threats and cyber events in 2023 – 65 per cent of surveyed business executives feel cybercriminals will significantly affect their organization in 2023 compared to 2022. In India, cloud-based pathways (59%) and the internet of things (58%) were the top areas of concern, followed by mobile devices and software supply chains (54%). Globally, mobile devices were considered the most insecure (41%), as per the study.