Cyber security will cost the world $2 trillion in the next three years, and India, given the incidents of 2016, will continue to be the target, said Nitin Bhatt, national head and partner, risk advisory, Ernst & Young. Bhatt was speaking at the launch of the India report, part of the larger Global Information Security Survey 2016-17.

Bhatt said that India would a victim of cyber-attack, especially because of the “rapid stride it is making in the digital transaction, leveraging the internet to improve the critical infrastructure, and enhance citizen services through programmes like Smart Cities and Digital India”.
“Indeed the growing number of cyber-attacks on our network has indeed become the most serious economic and national security threat that India faces today,” he said.

The business continuity of organisations is under threat, he said. “In some cases it is lone wolf, insiders, hacktivists, while others show sign of cyber terrorism including those with the involvement of the state actors. The situation is grave,” Bhatt said.

The report, titled ‘Path to cyber resilience: Sense, Resist, React: EY’s 19th Global Information Security Survey 2016-17’, was released on Wednesday by Gulshan Rai, national cyber security coordinator, national security council, prime minister’s office.

Now in its 19th year, the E&Y survey is based on responses from 1,735 global C-suite executives (senior corporate executives), including 124 CXOs from India. “69% of Indian respondents reported an increase in their cyber security budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year. Despite the increased investments, 75% of the Indian respondents say that their cyber security function does not fully meet the organization’s needs,” the report said.

These findings are in line with the global trend where more than half of the respondents reported increased budgets on cyber security, but 86% are still not confident of their cyber security function.

The report also states that 61% of Indian organizations placed outdated information security architecture and controls as the most important reason for increasing exposure to risk. Around 55% respondents were concerned about poor user awareness of mobile devices.  58% of respondents fear that the next attack will be due to carelessness of employees, whiles 38% say that boards are not fully knowledgeable about cyber risks.