Pinkerton's India Risk Survey 2017 puts information and ‘cyber insecurity' at the top of the list for risk ratings this year, topping out terrorism risk, business espionage, intellectual property theft and accidents.
The report says that the increasing number of cyber attacks and cyberespionage require stronger investment in the security of cyber infrastructure.
India is undergoing a phase of ‘information and cyber insecurity' as it moves towards asset digitization and service delivery, the report says.
Information and cyber insecurity is not the top risk across all of India's sectors, however. eCommerce, hospitality, media - entertainment, NGOs and retail scored higher for risks such as natural hazards, terrorism and political governance - instability.
The report cites the WannaCry malware as the worst cyber incident this year. Systems across the private and public sectors were attacked.
“While the WannaCry ransomware was attempting to penetrate into the Indian cyber-domain, the country was put on highlight and official sources have declared that India was not as affected as reported. Several corporations, such as the Power Grid Corporation of India Limited (PGCIL), were ready to block the malware by setting up a precautionary firewall,” the report says.
If organisations were to focus more on creating robust security mechanisms, it would foster stronger trust between Indian firms and foreign industries.
It cites McAfee research that puts the global economic cost of cybercrime at more than US$40 billion. This is expected to reach $2.1 trillion by 2019.
“According to the NCRB1, a total of 8,045 cases were registered in 2015 as compared to 7201 cases in 2014 with a rise of 11.7 per cent in cyber related crime (under the IT Act),” the report says.
“NCRB data reveals that a majority of cyber-crimes were registered for greed and financial gain, which accounts for 33.3% (3,855 out of 11,592 cases).
Although there are high costs associated with cybersecurity enhancement, the implications from weak security will be even higher. Information and cyber insecurity will also remain the top business risk for a number of years.
The report suggests that training sessions can reduce human error; and business and government cooperation can boost security.
Business espionage is also a risk because not only are critical business infrastructures sensitive, but also because it is becoming more covert and harder to detect.
“Therefore, business are advised to ensure recommended firewalls to safeguard from any hacking-activity. Organisational functioning and flow of information must be protected at all cost. More importantly, valuable assets and sensitive data must be secured,” the report says.