Threat of cybercrime looms large in India as nearly 72% Indian companies faced cyber attacks in 2015 with financial gain or corporate espionage as the main motives, professional services firm KPMG said on Monday.
To get a pulse of cybercrime in India and unearth its extent and modus operandi, KPMG, for its "The Cybercrime Survey Report 2015", surveyed 250 top business executives in the capacities of CIO, CISO, CAE, CRO and COO and found 94% respondents indicated cybercrime to be a major threat.
"The last few years have seen multi-fold increase in cybercrimes across regions and sectors. Given the proliferation of connected technologies, organisations today face a significant challenge to be resilient against cyber attacks and incidents," said KPMG's head, risk consulting, Mritunjay Kapur in a statement.
However, according to the survey, only 41% of the respondents said cybercrime figured in their organisation's board agenda and the spending on cyber defence mechanism is less than five percent of the IT spend in Indian firms.
"Cyber risk assessment is not a focus area for several enterprises across functions and people. Their emphasis is only on technology with 74% respondents stating that a detailed annual IT and cyber risk assessment is not carried out," it said.
Banking Financial Services and Insurance (BFSI) sector is the top target for cybercrime in India as highlighted by 74% of the respondents followed by pharmaceutical industry, while 63% respondents indicated that cybercrimes more often than not amount to gross financial loss.
Nearly 83% of the respondents believed in external involvement in cyber attacks while 64% respondents said directors and management are the most vulnerable targets.
Kapur also noted that the nature of cybercrime is "constantly evolving, specifically with attackers having a solid arsenal of the ever evolving stealth attack".
KPMG India's head, forensics, Mohit Bahl said: "Organisations need to strengthen their cyber incident response process along with building strong prevention and detection systems. Cyber forensics therefore is becoming a critical component of fraud investigations."
Analysing the impact and complexity of cybercrime in India, the report said: "As businesses throw their doors open to technology, they also expose themselves to the risk of cybercrime that can have far reaching damages ranging from financial, reputational, operational and in certain scenarios, can also impact the physical safety of employees and assets."
According to 65% of the respondents, potential vulnerable system targets include email servers while 46% respondents indicated end user systems.
"People and vendors are one of the many critical yet one of the weakest links in the cyber defence chain. Cyber investigations of large cybercrimes reveal that social engineering has predominantly been one of the preferred methods to extract critical information," said KPMG India partner Atul Gupta.