Palo Alto Networks surveyed 200 Indian IT decision-makers, CTOs, CIOs, and Senior Directors to understand the state of cybersecurity in India. The respondents belonged to sectors such as Banking & Finance, Essential Services, Telco/Tech/Communications, Retail/Hotel/F&B, Transport & Logistics, and Manufacturing.
The survey findings revealed that, although India saw a remarkable 75% increase in cybersecurity budget allocation for 2023 compared to the previous year (one of the highest increases in the APAC region), it also experienced the highest number of disruptive cyber attacks
Furthermore, India faces a substantial risk of cyber attacks targeting its critical infrastructure, public sector, and essential services. A notable 67% of Indian government and essential service entities reported encountering a surge of over 50% in disruptive attacks. Prioritizing the cybersecurity of essential service networks is paramount as it safeguards critical infrastructure and ensures seamless delivery of crucial services, thereby maintaining public safety and national stability.
Key findings from the survey include:
· 66% of Indian manufacturing firms faced increased risks from unsecured IoT devices connected to the network, far more than other sectors.
· 83% of Transport and Logistics organizations perceive their risk level as high or very high.
· An overwhelming 95% of businesses in India claim they are actively moving to an increasingly automated security stack.
· 48% of Indian Public, Transport & Logistics organizations and 50% of Manufacturing organizations sectors believe 5G adoption will widen security loopholes.
· A higher than average 34% of Indian banking and financial services say cloud attacks will disrupt business.
· 69% of Indian Telcos have faced newfound risks from increased reliance on cloud-based services and apps.
· 45% of Indian businesses saw more than 50% increase in disruptive attacks - the highest in APAC.
· 67% of Indian government and essential services experienced more than 50% increase in disruptive attacks.
· At 35% Indian organizations are more concerned about social engineering attacks than the APAC average (29%).
· 60% of Indian organizations are concerned about malware (ransomware, spyware, adware) attacks the most. 57% of Indian Telcos are concerned about Ransomware the most.
· 94% of Indian organizations perform regular assessments and forensics for OT related cybersecurity incidents, this is positive news. Likely driven by the fact that 89% of these organizations have IT and OT cybersecurity professionals working under the same/ combined team, higher than the SEA average of 82%.
· On the other hand, 24% of these organizations have their OT systems connected with their Enterprise IT network (not fully air gapped or protected via a dematerialized zone); a definite cause of concern.
· 68% of Indian respondents say ChatGPT will positively impact business tasks like content creation and report generation.
· India leads APAC in cloud migration, with 80% of businesses already having a large proportion of infrastructure on the cloud.
· Over 80% of Indian businesses discuss cybersecurity at the board level at least every quarter.
· 42% of Indian organizations say they are adjusting their cybersecurity strategy to adopt cloud security.
· 94% of Indian organizations said they have a 5G strategy in place. However, 45% of these organizations said that proper segmentation of 5G networks was of top concern to them (highest in APAC).
“Securing essential services networks is crucial to protect critical infrastructure and ensure the uninterrupted delivery of essential services, safeguarding public safety and national stability. Our findings show that the transport, manufacturing, and public sectors have borne the brunt of advanced attacks. As India embraces digital transformation, it is mission critical to have a cybersecurity-first approach,” said Anil Valluri, Managing Director & Regional Vice President of India & SAARC, Palo Alto Networks.
“While budgets may be expanding, it is essential to utilize these resources diligently. Enterprises, regardless of their size, must proactively adopt a Zero Trust architecture to secure distributed enterprise networks. Automating the SOC is also essential for improving efficiency, enabling faster detection and response to cyber threats, and allowing analysts to focus on strategic initiatives. The convergence of IT and OT has made lateral threat movement easier than ever and defending against it requires robust security automation and orchestration,” Anil continued.