Information Security Strategy Lagging in India

Sudha Nagaraj Bharadwaj, Journalist | 12/27/2012 | 21 comments

Sudha Nagaraj Bharadwaj
The Global State of Information Security Survey, 2013 by PwC found that 75 percent of respondents in India as opposed to 45 percent of global peers expect their companies to increase spending on information security in 2013, but they’re probably spending it on the wrong things.

The improved economic environment, business continuity, disaster recovery, and regulatory compliance are the main reasons for the increase in spending. Before CIOs spend their budgets, they should know that there are several potential issues with Indian CIO security habits revealed by PwC’s India specific report.

While 45 percent thought they had all the attributes of an information security leader, the report found only 15 percent could say they had all of the following basic requirements for good security: an overall information security strategy; a chief security office (or equivalent); reviews of the effectiveness of information security practices within the past one year; complete knowledge of security events in the past year.

While 80 percent were confident that their organizations had instilled effective security behavior in their work culture, the truth was entirely different. Only 32 percent actually incorporated information security into a project at inception. 29 percent brought it in at the design and analysis phase; 13 percent thought of it only during implementation; and one in six admitted that it was brought in on an as-needed basis. Most of them lacked an incident-response process to report and handle breaches at third-party sites and there was no compliance requirement for third parties regarding privacy policies.

While there was a three-fold increase in reported security breaches -- mostly traced to employees -- the financial losses incurred showed a dip. A closer look has revealed that while a majority of companies count the loss of customer business, many of them neglect to factor in damage to brand and reputation, audit and consulting services, investigation and forensics, legal defense services, and costs of court settlements. So the dip is probably, in fact, a hump.

The most disturbing trend, however, is the decline in the use of basic information security detection technologies and a relaxation of fundamental security principles. Companies have reduced use of malicious code detection tools, tools for spyware, and adware and intrusion detection tools. Use of tools for vulnerability scanning, security event correlation, and data loss prevention have also decreased. Policies defining backup and recovery, business continuity, user administration, application security, physical security, and management practices like segregation of duties have all seen a decline.

Though India is one of the fastest growing mobile technology markets, adoption of security strategies for mobile (46 percent), social media (37 percent), and cloud (31 percent) are lagging. Interestingly, 52 percent of the respondents had a security strategy to address personal devices in the workplace, but only 38 percent had malware protection for mobile devices, indicating a lag between strategy and basic execution.

The report paints a rather bleak picture of current Indian security practices. So it is a good thing that they are spending more. What are the lessons from these findings CIOs can use to make next year’s spending more meaningful? Clearly, CIOs or CISOs should:

  1. Align security strategy to business objective and make it integral to every project at the start.
  2. Analyze security breaches accurately and stop exploitation of mobile devices, data, and removable devices by employees.
  3. Compute costs incurred due to security compromises in a holistic manner to understand the extent of damage and focus efforts on anticipation and prevention of breaches.
  4. Ensure comprehensive policy, up-to-date processes, and use of basic tools that cover both old and new technologies.
  5. Not overestimate their own preparedness. Hire an external consultant to facilitate constant evaluation if needed.
The money and the commitment seems to be out there, but the execution and best-practices are behind. CIOs need to make sure they are getting this right for the sake of the enterprise.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
geeky   Information Security Strategy Lagging in India   2/9/2013 11:28:12 PM
Re: Why the disconnect?
I think we all have to hope for the best isnt it ?
Susan Nunziata   Information Security Strategy Lagging in India   2/4/2013 3:05:43 PM
Re: Why the disconnect?
@geeky: Here's hoping!
geeky   Information Security Strategy Lagging in India   2/3/2013 8:17:22 AM
Re: Why the disconnect?
Exactly susan but we also have technology at its best by that time so we might be able to fight and keep it at a low level.. Well maybe :)
Susan Nunziata   Information Security Strategy Lagging in India   1/30/2013 6:27:15 PM
Re: Why the disconnect?
@geeky: that's quite true. So for the sake of sleeping at night perhaps it's human nature for us to think our systems are more secure than they actuallly are. This, however, can lead to frightening consequences. 
geeky   Information Security Strategy Lagging in India   1/29/2013 9:49:49 AM
Re: Why the disconnect?
No well you are right susan. Everywhere the risk is there but I would say you simply cannot stop it at any point. It will remain with technology since its a part of technology.
eethtworkz   Information Security Strategy Lagging in India   1/4/2013 9:39:57 AM
Re: Why are the results surprising?

I agree.

But still this changing very rapidly and quickly Globally.

Thanks to awesome colloborative initiatives like SANS,OWASP and the latest one HACK.ME

I am really-really impressed how the wider community of Web Developers has gotten together to share , exchange and patch vulnerabilities today.

eethtworkz   Information Security Strategy Lagging in India   1/4/2013 9:36:49 AM
Re: Why are the results surprising?

Yeah,People need to stop engaging in a race to the bottom when it comes to Services.

Can't blame Service providers for skimping in that scenario either.

batye   Information Security Strategy Lagging in India   1/2/2013 12:59:11 AM
Re: Why are the results surprising?
could not agree more... you have to pay the piper/security now or much more later...
kicheko   Information Security Strategy Lagging in India   12/31/2012 5:05:12 PM
Re: Why are the results surprising?
In general though, looks like information security strategy isn't that stabilized anywhere even though the US may be doing a little better. With the number of compromises reported each year, there's a lot to be desired in that industry.
Skr2011   Information Security Strategy Lagging in India   12/31/2012 2:49:28 PM
Re: Why are the results surprising?
If you consistently compromise on Cost(even at the expense of Quality and Service);sooner or later you will lose.

So true!! You do get what you pay for.
Page 1 / 3   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Sudha Nagaraj Bharadwaj
Sudha Nagaraj Bharadwaj   5/13/2014   32 comments
Internet surveillance in India is turning really fierce. A Facebook transparency report reveals that the social network removed 4,765 pieces of content originating in India in the second ...
Sudha Nagaraj Bharadwaj   4/30/2014   50 comments
With the growing importance of enterprise data, big data, and the Internet of Things, the Indian CIO will be forced to wear the cap of the CDO as well. Though the Chief Digital Officer ...
Sudha Nagaraj Bharadwaj   4/25/2014   15 comments
The much-dreaded April 4 deadline for certification of imported electronic products in India has passed. The Department of Electronics and Information Technology (DeitY) had mandated that ...
Sudha Nagaraj Bharadwaj   4/18/2014   15 comments
India will soon offer reliable, affordable, and efficient cloud services for the private sector through a unique government-private sector joint effort. With an eye on helping the micro, ...
Sudha Nagaraj Bharadwaj   4/11/2014   15 comments
If you are a CIO hiring or planning to hire IT professionals for onsite projects in the US, you will have to wait to see if luck favors you this season. For the second year in a row, the ...
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
A Video Case Study – Translational Genomics Research Institute

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.