McAfee, unveiled its APAC CYBER RESILIENCY AND RISK REPORT, revealing that organizations in India describe their culture of cybersecurity as either strategic (60%) or embedded (33%). The survey, covering 480 cybersecurity decision-makers across eight Asia-Pacific countries including Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore and Thailand, also revealed that 97% of the organizations in India were familiar with the concept of cyber-resilience compared to Australia (73%) and New Zealand (75%). Cyber resilience refers to an entity’s ability to continuously deliver the intended outcome despite adverse cyber events. The concept essentially brings the areas of information security, business continuity and organizational resilience together. An astounding 93% of organizations in India believe that they are cyber-resilient, taking the top position amongst all the other countries in the region.
The survey also measured the cybersecurity maturity levels of organizations in the region:
- Key policy areas such as risk and asset management, governance, culture, education and awareness, were rated lowest in the maturity index, implying an immediate need for high priority improvement
- Cyber resiliency functions such as data protection, response and recovery planning, response and recovery communications were identified as areas that IT would like to see improved by 2021 in relation to their cybersecurity maturity levels
- Investment in categories such as data protection, cloud protection technology and network protection technology were top priorities for enterprises targeting an “optimized” cybersecurity maturity posture. Processes at the “optimized” level focus on continuously improving process performance through both incremental and innovative technological changes/improvements
Commenting on the report findings, Sanjay Manohar, Managing Director, McAfee India said, “The objective of cyber resilience is to enhance an entity’s ability to deliver the intended outcome continuously at all times. While organizations can put a cost on cybersecurity damages related to a data breach, reputational damage, impact on sales and other areas are difficult to measure, implying that the level of belief that a cost can be placed is higher than expected. Organizations in India are most likely to have ‘high’ impact of cybersecurity incidents. Therefore, involvement of cybersecurity in digital transformation at the management level becomes critical in more developing jurisdictions such as India, where regulation and compliance are evolving and therefore may be more of a focus for organisations.”