More than half (52%) of Indian companies experienced fraud or economic crime in the last 24 months, with 45% of Indian organisations reporting cybercrime as the second biggest fraud after customer frauds (47%) involving mortgage, credit cards, claims and cheques to name a few, according to PwC’s recent report titled: ‘Global Economic Crime and Fraud Survey 2022’.
The global survey that polled 1,296 organisations globally, including 112 CXOs from India across diverse industries further said that businesses have been exposed to new risks related to digital security, employee safety and disinformation due to uncertainties created by the pandemic and the subsequent shift to digital operations and remote working. For example, one of the key reasons for cybersecurity attacks, for instance, is implementation of siloed security solutions that are as little as 5-6 years ago may already be outdated and are posing greater threats to businesses.
A Trellix study published in September 2022 also noted that over two thirds or 67% of cybersecurity professionals in India work with more than ten different security tools or solutions across their organisation, making the setup extremely ‘disconnected’ and increasing chances of cyber-attacks.
Good news, in an earlier report, PwC noted that eight (82%) out of 10 business executives in India foresee an increase in cybersecurity budgets in 2023.
The survey said that 69% saw their security budget increased in 2022 and 65% plan to spend more on cybersecurity in 2023. In fact, for Indian CXOs, a catastrophic cyber-attack ranks higher than global recession, a resurgence of Covid-19 or a new geopolitical conflict among the top three risks. Also, one in four companies (27%) globally has suffered a data breach that cost between $1 and $20 million or more in the past three years, the survey noted.
Further, a September 2022 study conducted by ISACA, a professional association focused on IT security said that four in 10 consumers in India have had their personal information stolen by cyber criminals in the last one year and notably, companies in India that experienced a breach in security of their customers’ personal identifiable information (PII), with 40% of consumers report having severed ties with such a company, it said.
“Businesses must continually focus on policies, training and internal controls,” said Puneet Garkhel, partner and leader, forensics services, PwC India, adding that it is increasingly becoming important for organisations to understand the end-to-end life cycle of customer-facing products and also strike a balance between user experience and fraud controls.
Vishak Raman, vice president of sales, India, SAARC and Southeast Asia at Fortinet recommended that a deep understanding of the risks related to the cyber system is mandatory for organisations looking to improve customer experience.
For example, he said, besides, strong in-house cybersecurity policies, companies should ensure consumer products are positioned to face new cybersecurity requirements, properly respond to data breaches and make activities like patching an essential part of cybersecurity in order to align with the organisation’s specific business needs.