BFSI VISION | Cyber Security


Sunder Krishnan

Chief Risk Officer, Reliance Life Insurance
and Chairman, ISACA India Growth Task Force

The emerging Cyber Security Landscape in the BFSI segment in India

The current cyber security landscape in India presents a far more risky scenario in terms of sophistication of the attacks. Today, cybercriminals are leveraging sophisticated tools to execute various modes of cyber-attacks such as Advanced Persistent Threat attack, hacking, data leakage and so on. According to recent reports there has been a 40 percent quantum jump in the number of security breaches in the country in the past two years, and the value tickets of these breaches are also on the rise in equal proportion, if not more.

As elsewhere in the world, the BFSI sector is more prone to cyber-attacks in comparison to any other industry. On an average, an Indian BFSI company today spends between 10 to 15% of the IT budget on Cyber Security and the IT budget is the number two spend after people if not the number one spend in some of the BFSI companies. However, the cyber security problem persists because the cyber security strategy is not an embedded part of the long term business IT strategy. Additionally, the disintegrated and heterogeneous systems at all IT layers viz. Operating System, Application, Network, Database pose serious challenges to cyber security processes, people and technologies. To make matters worse there is a shortage of security professionals worldwide, which according to industry reports can be as high as one million. Furthermore, ISACA’s 2014 APT Study found that one in five enterprises has experienced an advanced persistent threat (APT) attack and, of those, one in three could not determine where it originated.

Amidst this grim situation there is a ray of hope. IT professionals across the globe are getting increasingly aware of various cybercrimes, and are considering implementing robust IT governance frameworks such as COBIT 5, which can helps them to safeguard the Cyber Landscape from a plethora of cybercrimes. According to the 2014 Global COBIT 5 Governance Study 73% of IT users surveyed felt that COBIT 5 can help in better integration of business and IT and 60% of users felt it could help in better IT risk management. Close to half of users felt this framework could uncover security gaps and blips.

Going forward BFSI organizations should ensure that they adopt COBIT 5 for cyber security, which can also provide greater IT visibility with the Board of Directors so that they can make the right and well considered IT decisions at the right time.