Directors and managers of Indian firms are the most vulnerable to cybercrimes, according to the Cybercrime Survey Report 2015 published by consulting firm KPMG.
The survey had over 250 respondents, 64% of whom said directors and managers were the most vulnerable to cyber-attacks. Over 80% said that there was external involvement in cyber-attacks on their firms.
Commissioner of police Javed Ahmed released the survey report at Prerna Hall on Monday. The survey attempts to find out how prepared organisations in India are to deal with cybercrime and cyber incidents by unearthing their extent and modus operandi and highlighting preventive measures. The 250 respondents included top executives from industries such as oil and gas, IT, manufacturing, telecom, infrastructure, pharmaceuticals and chemicals, among others.
While 94% of respondents indicated that cybercrime was a major threat, only 41% said tackling it was part of their firm’s board agenda. This indicates that most companies are yet to fortify themselves against the threat of cybercrime, which still does not feature in most firms’ top 10 organisational priorities. Most companies do not have response plans for cybercrimes; 58% of respondents said that spending on cyber defences comprised less than 5% of their firm’s total IT budget.
Javed said, “The advancement and adoption of technology has enabled criminals to leverage it to carry out crimes. It is critical for citizens, both corporates and individuals, to be aware of cyber risks and not fall prey to scams. We are undertaking a drive to educate and create awareness among citizens.”
Mritunjay Kapur, head of risk consulting for KPMG in India, said, “The past few years have seen a multifold increase in cybercrimes across regions and sectors. Given the proliferation of connected technologies, organisations today face a significant challenge to be resilient against cyber-attacks and incidents.” Ahmed touched upon an important aspect of cybercrime, saying its underreporting is also a matter of concern. For various reasons, including the risk of a tarnished reputation, companies that fall prey to cybercrime often don’t report it to the police.