EY India’s Fraud Investigation & Dispute Services Report has found that mechanisms to tackle cybercrime in Corporate India are low. Titled ‘Responding to Cybercrime Incidents in India’, the report said that two-thirds of businesses were unable to detect a cyber incident in real time due to insufficient understanding of the motive behind the attack. Almost 89% of the respondents stated a need to enhance cyber laws. Fifty-five percent laws needed to be strengthened; 34% called for greater clarity over these laws. The report by EY’s Fraud Investigation & Dispute Services team is based on 160 in-depth interviews with senior and mid-management of various companies. Over 50% of the respondents were employed in listed companies.
Here are some of the highlights of the report:
One-fifth of the respondents said employees were one of the weakest links in an organisation’s defence mechanisms. Most companies took concerted efforts to mitigate external threats, but there was not a similar exercise to identify and neutralise insider threats.
Ninety percent of the respondents identified social media as a big risk, possessing a high probability of being used to identify and target key individuals in organisations.
A mobile workforce, increased sharing of personal and professional information on social media channels, and gaps in protecting this information could evolve as a significant cyber hazard. Emerging techniques such as phishing or spoofing can make unsuspecting employees even more vulnerable.
Seventy-two percent of the respondents believe their company’s IT security teams do not have enough specialists to deal with cybercrime incidents. Only 40% of the respondents believe their techniques around proactive monitoring of cybercrime are adequate and 44% stated having robust data protection programmes.