A whopping 93 per cent Indian companies say lack of cybersecurity awareness among the employees as well as board level executives is the biggest challenge even as ransomware incidents are rising daily.
UK-based next-generation cybersecurity firm Sophos commissioned research to understand cybersecurity expenditure and self-assessed maturity in organisations across the Asia Pacific and Japan over the past 12 months. The third edition of its survey report The Future of Cybersecurity in Asia Pacific and Japan captured a total of 900 responses across Australia, India, Japan, Malaysia, Philippines, and Singapore.
According to the report only 61 per cent of companies in India believe their board truly understands cybersecurity. More worse is that their executives assume cybersecurity is easy and cybersecurity personnel over exaggerate threats and issues.
Eighty six per cent of respondents also believe cybersecurity vendors do not provide them with the information they need to help educate executives. About 93 per cent of companies agree their biggest security challenge in the next 24 months will be the awareness and education of employees and leadership.
“With ransomware attacks continuing to become more complex, organisations need a genuine, actionable cybersecurity education programme,” said Aaron Bugal, global solutions engineer, Asia Pacific and Japan, at Sophos, in a statement.
“Cybersecurity professionals continue to face many frustrations in their roles this year, with many feeling their warnings and messages fall on deaf ears. The challenge for cybersecurity professionals faced with low levels of security understanding among company boards is that many are unlikely to invest in the necessary programmes to alleviate these frustrations.
“The issue isn’t technology, it’s education. Increasing spend on cybersecurity won’t help unless organisations understand from the top down the true nature and critical threat that cyberattacks constitute to their organisational capabilities, their customers and their own existence,” Bugal said.
He suggested making cybersecurity education a focus. Boards must help to understand it’s impossible to protect everything, and learn to prioritise the most critical information, data and systems to protect.
Education courses on basic principles, genuine likelihood of an attack, attack vectors, threat actors, and other terminology should be available to all staff.
Businesses also need to clearly understand compliance, the regulatory environment under which the business operates, what’s legally required when breached and what are the appropriate controls around data security and management.
“Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organisations,” Bugal said.