Indian firms slow on cyber-security


While Indian firms are proving to be more open than global counterparts in adopting new technologies which set them up to absorb more of the world’s growing digital workload, they’re being held back by lack of cyber governance and risk-management policies.

Cyber-security, EY, Indian firms, EU, India
Image for representational purpose only

Indian firms, which experts say stand to gain from the European Union (EU)’s upcoming General Data Protection Regulation (GDPR), are struggling to understand the policies. A recent EY survey showed 60 per cent of Indian respondents were unfamiliar with the new regulation.

“By virtue of many data controllers offshoring work to Indian businesses, these companies have to be GDPR-compliant. That said, companies are struggling to understand GDPR and this indicates there is still much more work to be done in this area,” said Mike Maddison, advisory cyber leader at EY.

The EY survey showed only 13 per cent of the Indian respondents had a plan on how to become GDPR-compliant. The GDPR, which goes live in the EU in May, asks organisations to implement measures for ensuring confidentiality of data and enable data protection measures “by design and by default”.

Maddison said the recent wave of cyber breaches at leading global organisations make it clear none is immune. For India’s information technology sector, Europe ranks number two in terms of the amount of business it drives, and for many IT firms, it’s their largest global market.

Not being ready to comply with GDPR guidelines could directly hurt business and could put them at a disadvantaged position in winning new deals in Europe. On the contrary, Indian companies that are compliant with GDPR will have a huge advantage and could even flaunt compliance with the regulation as a way to win business in other places.

“It’s a massive opportunity for India to leverage, as a GDPR compliant organisation will be given greater business preference at a global level,” said Burgess Cooper, partner-cyber security at EY India. But, the issue of Indian firms needing to take cybersecurity and privacy norms more seriously still exists.

This is paradoxical, since another EY survey showed Indian organisations are gearing to adopt new technologies. The survey showed 63 per cent of respondents were looking at using artificial intelligence (AI), 53 per cent wanted to use robotics process automation, 50 per cent of them wanted to use blockchain and distributed ledgers and 66 per cent to use user behavioral analytics.

On a global level, Indian firms were found more trusting of new technologies than their global counterparts. But as these studies show, this isn’t translating to them being more open to adopting new norms for cyber security and data protection, which is becoming one of the hotly debated topics for governments across the world.

Regulatory hurdles

* Indian firms might gain from the EU’s upcoming General Data Protection Regulation (GDPR)
* 60 per cent of Indian respondents were unfamiliar with the GDPR
* The GDPR will be implemented in the EU from May
* The GDPR asks firms to implement measures to ensure data confidentiality and data protection
* 13 per cent of the Indian respondents had a plan on how to become GDPR compliant
* Inability to comply with the GDPR could put firms at a disadvantageous position in winning deals in Europe


Please enter your comment!
Please enter your name here

Are you human? *