BANGALORE, INDIA: CISO Platform has launched a report on the IT Security maturity of the industry, based on data from 400+ organizations.Small and Medium sized organizations are not included in the sample.
Key insights from the report
India vs. Globe
· Indian enterprises are more than 80pc at par with the USA in terms of adoption of Prevention or Detection technologies. However, they are less than 10pc at par for Response and Predictive Technologies.
· India is far behind in hiring IT Security Staff when compared globally: Average IT Security team size as a percentage to overall IT staff is less than 1pc for all verticals in India, whereas recommended figure globally is 3-5pc.
· Maturity of India for one of the most trending security initiative i.e. mobile security is 35pc whereas in US its almost 50pc
· Indian companies are not prepared for large scale Distributed Denial of Service (DDOS) attacks. Adoption of DDOS technologies is less than 50pc compared to USA.
Vertical Wise Maturity
· The security maturity Index for Large Scale Telecom emerged as the highest, with a score of 76.62 (out of 100). Major IT/ITES stood 2nd with 74.66, followed by Major BFSI (Banking and Financial Services) with score of 70.16.
· The score for other major industry verticals are as follows: Financial Services (56.06), healthcare (53.13), Manufacturing (52.43).
· Smaller BFSI emerged as the least secured vertical and has achieved a score of 44.95. Online and retails achieved a score of 51.52 is the second from the bottom.
Technology Adoption
· With 56pc companies planning to implement Mobile Security this year, it tops the IT security initiative of the year; IT GRC Management Tools bagged second rank with 50pc and DRM ranked 3rd position with 40pc.
· Top 3 Mature Security Markets: Anti-spam/Anti-malware (98% implementation), Content Security (93% implementation) and Patch Management (87% implementation) are top 3 Mature IT Security market in 2015.
· More than half of the companies in the sample data set, tested their IT security infrastructure once in a quarter.
· ISO 27001 tops the security compliance with 66pc implementation by the companies in India across all verticals.
State of Online/E-commerce Security
· Online and E-commerce companies rank the second lowest, with a score of 51.52 compared to the Large Scale telecom companies with a maturity of 76.62.
· Online and E-commerce companies lack in terms of IT Security maturity and most of the companies do not have adequate protection against DDOS attacks or a well tested Incident Response Program.
· More than 90pc of the e-commerce companies do not have a dedicated Chief Information Security Officer and typically their engineering head doubles up as the IT Security Head.
Biggest Risks for the Indian Industry
· The Board/CEO in a usual company does not consider Security as a top priority. The IT Security teams are generally not trained in emerging areas of security. India is at least 10 times behind USA in terms of adopting emerging IT Security technologies like CASB, Threat Intel and Containerization etc.
· There is a lack of indigenous IT Security technology companies from India. India has produced less than 25 indigenous IT security product companies compared to more than 500 in USA. As a nation, we need to allocate more resources towards building security technologies.