Some 73 percent of Indian organizations say they've suffered a cyber incident leading to loss of data in the past 12 months, according to Kroll's 2016 Global Fraud and Risk survey. As cyber threats spread, more corporate boards in India are now paying attention to the issue of cyber risk, says Reshmi Khurana, managing director and head of Kroll's South Asia investigations and disputes practice.
Organizations that have a significant business dependency on data are becoming increasingly sensitive to their cyber risk readiness, she says in an interview with Information Security Media Group.
"It's become a board issue, and audit committees are now talking about it, which forces the importance to trickle down in the organization," she says. Today, security leaders at Indian organizations can get time with their CEO on the same day, while other business function heads, have to wait to get on a CEOs calendar - which speaks to the importance that cybersecurity is being given, she adds.
Kroll defines cyber fraud as any access to IT systems and data that can then ultimately lead to fraud - including inadvertent leakages of data, which aren't necessarily fraud to begin with, but where cyber mistakes then lead to fraud, Khurana says.
The survey's findings that nearly three-fourths of Indian organizations experienced a cyber incident in the past 12 months "shows that cyber risk is being recognized and organizations are having to address them," Khurana says. "This is still lower than the global average which is in the 80's, but that is still indicative of the fact that cyber is still a growing risk."
The lack of breach disclosure requirements in India, and the fact that many sectors are still not completely digitized, could account for the lower percentage of organizations in India saying they've had a cyber incident, Khurana says. Regulatory guidance is going to play a big role in providing the incentive for instilling a consistent and robust cybersecurity culture in Indian organizations, she adds (see: India's Growing Breach Potential).
In this exclusive interview (see audio link below photo), Khurana discusses:
- The survey findings comparing cyber risks in India vs. elsewhere;
- The regulatory landscape and the need for increased cyber oversight;
- Why business leaders need to take a strategic view of cyber risks.
Khurana, managing director and head of Kroll's South Asia investigations and disputes practice, has more than 15 years of experience in the U.S., South Asia and South East Asia conducting complex corruption investigations, litigation support and due diligence on the management, operations and business models of organizations. Previously, she was a consultant with McKinsey & Company in India. Khurana is also an independent director on the board of a leading Indian retail company.