CyberSecurity Maturity of Indian Industries Show Grim Picture: Large Banks Score 61 & Online/FinTech Startups Score 8 (Out Of 100), As Per FireCompass Report
India, August 31, 2017 – FireCompass, a Cyber Security product company that specializes in security maturity assessment, has released industry’s first vertical wise maturity report for India. Based on extensive research of 200+ organizations from across India, FireCompass unveils report on CyberSecurity Maturity Score of Indian Industries.
Cyber Security is now a persistent business risk, across organizations of all sizes, large or small. To secure businesses, an organization needs to have in place a variety of security technologies along with skilled personnel and mature processes. In this report, FireCompass has researched the current CyberSecurity maturity of Indian enterprises, based on the kind of technical security controls they have in place against modern day attacks.
Speaking on the launch of FireCompass CyberSecurity Maturity Report, Bikash Barai, Co-Founder ofFireCompass and a serial IT Security technology entrepreneur said, “Management / Board are increasingly asking about the cybersecurity posture and the relative benchmark against industry peers, but so far we were not able to measure cybersecurity performance based on objective, quantitative data. Organizations traditionally have been using informal approaches to communicate security posture to the management/board, making it difficult to benchmark security across industry.”
He added, “FireCompass has standardized the approach and uses quantitative data to measure security posture across organizations. Based on this we’re pleased to launch the first report on cybersecurity performance of industry for India”. Barai earlier founded iViZ Security, an IT Security product company funded by IDG Ventures and later acquired by Cigital / Synopsys.
FireCompass has assessed 50+ data point of more than 200 organizations, both from an internal & external perspective to give a holistic view of security performance. NIST CyberSecurity Framework (promoted by USA government) was leveraged to classify the technology controls capabilities across 5 dimensions – Identify, Protect, Detect, Respond, Recover. The score is based on data on actual security controls implemented as well as open source security intelligence.
The scores are especially important for board / management to measure/benchmark their organization’s cybersecurity maturity, understanding gaps and building security roadmap. Such scores can also help insurance companies to calculate the cyber risk insurance premiums.
- Online survey was conducted for which 200+ CISOs (or equivalent) in India responded, across verticals. Survey comprised questions around current technology controls in place and roadmap
- The scores were calculated based on the statistical models created by FireCompass based on NIST CSF
Key insights from the report
- Large Indian Banks and Telcos are the most mature in terms of CyberSecurity with Small Banks and Startups lagging far behind. Average industry scores are as follows:
- Large Banks: 61%
- Telco: 61%
- Financial Services: 58%
- IT/ITeS: 52%
- Manufacturing: 51%
- Insurance: 45%
- Small Banks: 43%
- Online Startups / FinTech: 8%
- Security investments have primarily been done around prevention technologies like Firewalls, AV etc., where as investments in detection & response capabilities were largely neglected. Security should be designed considering that an organizations may be breached and there should be adequate preparedness to respond and recover from such breaches. Average scores are:
- Prevention: 63%
- Detection: 51%
- Response: 30%
- Indian organizations are primarily compliance driven & reactive, with average security scores hovering around ~50/ 100. India ranks 23 out of 164 countries in ITU’s Global CyberSecurity Index (2017).
- Response Capabilities is grossly neglected across sectors with very poor score, ranging between 3% to 40% and an average of 30%.
- Preliminary research on online startups show that the security maturity is abysmally low at around 8%. One of the major reasons for this is that FinTech & Online Startups are primarily focussing on Application Security, which covers only 5 out of the 25 capability areas, and have not focussed on rest of the 20 capability areas.
You can access the full report using the following link:
FireCompass is world’s first AI-Assistant for CyberSecurity Strategy & Buying. It helps organizations to measure their CyberSecurity maturity for reporting to management/Board as well as creating their security strategy and roadmap. FireCompass also has detailed, granular data on capabilities of 1,000+ CyberSecurity products, which it leverages to assess the CyberSecurity posture of organizations as well as helping organization to choose the right technology for bridging the security gaps. More than 1,200 Enterprises across the globe uses FireCompass, which includes the 8 out Top 10 Indian Banks and 4 out of Top 5 Indian Telcos etc.
For more information, please visit https://www.firecompass.com/
Denise Bailey : [email protected]