Cyber risks pose as top threat faced by Indian firms: PwC

Cybersecurity threats are considered the most significant threat faced by Indian companies of all sizes and industries, with over 38% of respondents feeling highly or extremely exposed to it, according to global consulting firm PwC's 2023 Global Risk Survey — India edition. Compared to the 2022 Global Risk Survey, cybersecurity has moved up two spots from number three to number one on the risk radar. 
 
The survey, conducted by PwC, gathered responses from 3,910 Business and Risk Management leaders, including CEOs, board members, risk management experts, operations managers, technology professionals, finance managers, and auditors, across 67 territories. The final results are based on these responses. Of the total participants, 163 Indian organisations took part in the survey. The survey also revealed that digital and technology risks are the top concerns for business leaders in India, accounting for 35% of the total responses. 
 
Indian organisations are facing various challenges in terms of cybersecurity, and to counter these challenges, they are actively investing in cybersecurity tools (55%) as well as artificial intelligence (AI), machine learning, and automation technologies (55%). According to the survey findings, this investment is expected to happen in the next one to three years. To support these investments, 71% of Indian organisations are collecting and analysing cybersecurity and IT data to identify opportunities and manage risks. Globally, 61% of organisations are doing the same. 
 
Sivarama Krishnan, Partner and Leader of Risk Consulting at PwC India, said that the 2023 Global Risk Survey indicates that Indian business leaders are showing a greater willingness to take risks while also being able to identify opportunities that arise from those risks. Krishnan believes that this shift in mindset is a crucial factor in an organisation’s progress. It will not only allow businesses to be better equipped to manage risks but will also enable them to grow, develop resilience, achieve outcomes, and create value for all stakeholders. 
 
According to the survey, 99% of Indian business leaders are confident in their organisation's ability to balance growth with managing risk effectively. Out of these, 66% are very confident in the same. Globally, these figures stand at 91% and 40%, respectively. 
 
Furthermore, the survey revealed that Indian businesses view technology disruptors as opportunities. Specifically, 69% of Indian executives see Generative AI (GenAI) as an opportunity, compared to 60% globally. 
 
The survey also highlighted how organisations are utilising emerging technologies like GenAI for risk management. In India, 48% of enterprises have deployed AI and machine learning for automated risk assessment and response to a large extent, which is slightly lower than the global response of 50%. 
 
According to the survey, 88% of Indian organisations have been actively investing in building resilience in their ecosystem over the last 12 months to make the most of the opportunities presented by risks and disruptions. This figure is higher than the global average of 77% of businesses investing in the same. 
 
Cyber security threats on companies is growing exponentially in recent months, as another study by the IT and cybersecurity company Cloudfare published in November also revealed that 83% Indian organisations experienced at least one cybersecurity incident, spanning from web attacks, phishing, supply chain attacks in the past few years. On top of that, they suffered huge losses due to these incidents. 
 
Last week, a report, published by the Data Security Council of India (DSCI) in partnership with Seqrite, also found that India witnessed more than 400 million cyber threats across approximately 8.5 million endpoints in 2023, averaging 761 detections per minute.  
 
As threats are likely to intensify the coming months too, cybersecurity resilience, preparedness, and response must be at the forefront, believe experts. Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC, underscores the need for businesses to reassess their cybersecurity strategies, adapt to the changing environment, and improve their cyber defense. 
 
“As the world becomes more connected, the need for security controls and alignment to compliance regulations will essentially mandate security to be the core component to any new innovation, and the users and customers of those services will demand it too,” he said, adding that with data becoming the foundation of everything today, organisations must embed data protection and privacy deeply into their culture and ongoing operations.