Indian firms indifferent to IT security concerns: study

Wednesday, 23 October 2002, 19:30 IST
Printer Print Email Email
NEW DELHI: Most of the top Indian firms do not take IT security concerns seriously even as breaches have assumed alarming proportions with virus attacks and unauthorised access emerging as risk factors, said a study report. Seventy-five percent of top IT-enabled companies spend less than one percent of their revenue on security systems, said the Associated Chambers of Commerce and Industry of India (ASSOCHAM) survey report issued here Tuesday. The nation-wide survey was conducted amongst 136 top executives in banks, financial institutions, IT and IT-enabled services, telecom, manufacturing and technology intensive industries. According to the survey, over 40 percent of the companies are indifferent to information security concerns. Umang Das, chairman (communications convergence) of ASSOCHAM, said that 65 percent of the respondent companies consider natural disasters as a low security threat. While IT-hardware failure, power outage and financial frauds are perceived as moderate risk factors, virus attacks and unauthorised insider access is perceived to be high risk factors, the report said. "This indicates that companies perceive the causes of a business interruption to be multi-faceted and are increasingly recognising the complexities of conducting business in a highly competitive scenario," it added. The study reveals that 41 percent of the respondents already have a business continuity plan (BCP), while 35 percent are in the process of framing one. "Still 23 percent of the enterprises in India are without a BCP. Which makes them extremely vulnerable to security threats," said Das, adding there is a need to spread awareness among companies on information security aspects. To safeguard against technological security threats, 85 percent of the Indian enterprises employ anti-virus software to reduce chances of information security breach. "The point to observe is that Indian enterprises are mainly employing technologies that are superficial and provide only a false sense of security. "Anti-virus software and firewalls can be easily infringed by hackers. Indian enterprises should therefore allocate more resources to adopt sophisticated and advanced technologies," said Das. Around 85 percent of the companies felt the government's procedures and guidelines on information security are inadequate.
Source: IANS
siliconindia