Indian companies have suffered the highest numbers of ransomware attacks in the last year, a survey by research firm Vanson Bourne found. Vanson Bourne, an independent research firm was commissioned to do a cybersecurity incidents and awareness survey in 12 countries by cybersecurity company CrowdStrike.
In its results, it found that 49% of Indian companies have suffered multiple ransomware attacks in the past year while 76% of Indian companies have suffered at least one, the highest in the Asia Pacific Region. There were also other concerning findings for India in areas such as amount of ransom paid, types of cyberattacks, preparedness for cyberattacks and so on.
The survey’s findings are concerning as cybersecurity has been an area of concern in India for privacy and security-related reasons. Meanwhile the National Cyber Security Strategy for 2021-2025, which has been in the pipeline since 2019, has not been finalised yet and India still does not have a data protection law.
Key findings on cybersecurity in India
In a press release, CrowdStrike revealed the following findings from its research:
Highest average ransom payment: At $2.92million, India had the highest average ransom amount. Further, they found that 26% of Indian companies paid between $5- $10million and 26% paid between $1million and $2.5million in the last one year.
Impacted by supply-chain attack: 56% of Indian business had experienced a software supply chain attack, highest in the APAC region.
Password compromise a prominent concern: 49% of cybersecurity concerns came from password or credential being compromised followed by 46% Industrial control systems (ICS)/Supervisory Control and Data Acquisition (SCADA) attacks and 41% malware attacks.
Loss of trust with IT suppliers: 66% of Indian organisations said they were losing trust with legacy IT vendors, such as Microsoft, due to frequent cybersecurity issues. However 72% said they have total confidence in their organsiation’s supply chain IT security.
Belief in government action against threats: 76% of respondents believed that the Indian government takes necessary action against threat actors, to create a safe business environment. In perceived threats 58% of respondents felt most threatened by China followed by 47% being threatened by Pakistan.
Ready response to cyberthreats: 60% respondents said that they had a comprehensive strategy in place to deal with cyberthreats- the highest globally, the survey found.
India’s pending cybersecurity policy
At an event, National cyber security coordinator Lt. Gen. (Retd) Rajesh Pant reportedly said that India’s cybersecurity strategy (2020-25) is awaiting cabinet approval and thus is in the final stages of being implemented. The strategy will succeed the 2013 cybersecurity strategy and contains provisions related to cyberinsurance, cyber audit, drones, IoT, etc.
- More cybersecurity incidents reported till October 2021 than whole of 2020
- UN Cyber Stability Conference: Understanding threats in cyberspace
- Finance Ministry identifies weak link in CDSL that put sensitive data of investors at risk
- A closer look at Biden’s cybersecurity policies since becoming US President in 2021
- Telangana to come up with a cyber crime law with deliberations currently underway