Indian enterprises rate cyber attacks higher than terrorism, natural disasters: Symantec survey

09 Mar 2010

Symantec corporation, today released the findings of its 2010 State of Enterprise Security global study pertaining to India.

As per the study, 42 per cent of Indian enterprises rate cyber security their top issue as enterprise security is becoming more difficult to attain due to understaffing, IT compliance issues and new IT initiatives that intensify security issues.

It reported that 66 per cent of enterprises experienced cyber attacks in the past 12 months causing losses in revenue of over Rs58,00,000 on an average in 2009,  apart from financial losses due to loss of confidential data and productivity.

''Protecting information today is more challenging than ever,'' said Vishal Dhupar, managing director, Symantec, India. ''By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information driven world.''

The study foccused on the enterprise security concerns, high frequency of cyber attacks, the losses incurred by affected organisations and complications encountered in enforcing enterprise security. It also made recommendations for organisations to tackle these problems.

Study highlights:

  • Enterprise security is IT's top concern:  Forty-two per cent of the enterprises surveyed rank cyber risk as their top concern, more than natural disasters, terrorism and traditional crime combined. In fact, the study revealed that 81 per cent of the organizations feel better managing business risk related to use of IT is an important focus area for 2010. Furthermore, 92 per cent of the organizations said IT security budgets would stay the same or increase in 2010.
  • Enterprises are experiencing frequent attacks: In the past 12 months, 66 per cent of Indian enterprises experienced cyber attacks. Worse, 51 per cent reported that cyber attacks have stayed the same or grown over the past 12 months. The attacks experienced in 2009 were a combination of external and internal attacks.

    While 34 per cent experienced an extremely / somewhat high number of external malicious attacks, 23 per cent experienced an extremely/somewhat high  number of internal malicious attacks. Insider negligent actions were also a significant factor, with 31 per cent of the Indian enterprises surveyed experiencing  an extremely/somewhat high number of these attacks. Interestingly, while 51 per cent stated that external malicious attacks grew quickly in 2009, over 40 per  cent revealed that internal attacks increased rapidly too.
  • Costs of cyber attacks are high: Each of the cyber attacks mounted by Indian enterprises in 2009 had a financial impact, with 100 per cent of the surveyed organisations reporting a loss of revenue and 81 per cent reporting a direct financial cost. Apart from these, costs of damaged brand reputation, loss of customer trust and litigation were also high. Ninety per cent of enterprises faced a cost to comply with regulations after an attack, reflecting the need for enterprises to prevent such attacks in the first place.

    While the average revenue lost by Indian enterprises due to cyber attacks was INR 58,59,234 in 2009, the value of lost confidential data and lost productivity was also high. Indian enterprises lost an average of INR 94,56,216 in organization, customer and employee data in 2009, and an average of Rs84,57,037 in productivity.
  • Enterprise security becoming more difficult: IT security is becoming an imposing issue for Indian enterprises, with 58 per cent being extremely concerned and 19 per cent somewhat concerned about loss of confidential data. However, enterprise security is becoming more difficult due to a number of factors. 

    First, enterprise security is understaffed, with the most impacted areas being network security, endpoint security, web security and data loss prevention.  

    Second, enterprises are embarking on new initiatives that make providing security more difficult.

    Initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualization,  endpoint virtualisation, and software-as-a-service.

Symantec is a global leader in providing security, storage and systems management solutions to consumers and organisations worldwide.