As instances of cyber crime rise all around the world, Indian companies are becoming increasingly aware and ramping up their security spends. Research firm Gartner states in a new report that information security spending in India will grow 12 percent to reach $1.5 billion in 2017, with detection and response systems garnering maximum attention. Most Indian companies do not report security breaches as their Western counterparts do, because there are no disclosure laws in the country. As a result, the extent of business loss is never ascertained, says Gartner.
While companies are now allocating more budgets to monitoring cyber threats, a systematic operation that covers all aspects of security is still lacking. “There is no nuanced discussion on security because there is no ROI in this area. Companies are outsourcing their security functions; there is no definite program,” Siddharth Deshpande, Principal Analyst, Gartner, tells BGR India. Most of the market — 63 percent — is focused on prevention, i.e. building firewalls, setting up anti-virus services, and so on. “However, attackers have become more skilled now. They can break through that,” says Deshpande. ALSO READ: North Korea’s Lazarus Group behind WannaCry ransomware attacks: Report
But increasing awareness among CEOs and CIOs have led to a spurt in spends in this sector, with security programs now ranking among the top-five cloud-based services in India. And 90 percent of new security technologies coming to the market are cloud-based delivery models. More interestingly, AI-driven capabilities are gaining traction. By 2020, about 40 percent of security services would be based on artificial intelligence, says Gartner. And overall spending in the sector would go up to $4.5 billion. “43 percent of CIOs consider security as a transformational capability,” says Deshpande.
Despite all the attention, only about seven percent of IT budgets on an average are being spent on security. Banking and financial services (BFSI) and information technology are the most risk-prone industries, that spend more. “However, basic practices often get ignored because companies are running for greater technology,” says Gartner’s Deshpande. “You don’t need the best technology if you have the right processes in place,” he adds. These processes would include centralized log management, vulnerability management, internal network segmentation, backups and more. ALSO READ: WannaCry ransomware attack: Microsoft Windows 7 most affected OS, XP count insignificant says Kaspersky
Until 2013, India had no cyber security policy. But now, things are moving fast as the government’s Digital India vision picks up steam. According to Cybersecurity Ventures’ Cybersecurity Jobs Report, there were 1 million cyber security job openings in 2016. That is expected to grow to 1.5 million by 2019. Banking and e-commerce industries, which have maximum personally identifiable information (PII), need the highest number of security professionals. The RBI had stated late last year that it is improving its security capabilities and has asked other banks to follow suit. India has even partnered with cyber security agencies in the UK to improve its capabilities in the sector.