Tenable Study Finds Indian Organisations Cannot Prevent 42% of Cyberattacks

64% of cybersecurity teams are too busy fighting critical incidents to take a proactive stance

Tenable®, Inc., the Exposure Management company, published a new study revealing that Indian organisations could not prevent 42% of cyberattacks on their businesses, only successfully thwarting 58% of cyberattacks over the past two years. Consequently, organisations have had to rely on reactive measures rather than preventing attacks from occurring in the first place.

The study further revealed that 78% of Indian respondents believe their organisations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 64% indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hampering their capacity to take a proactive stance.

The data is drawn from, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in India,” a commissioned study of 825 IT and cybersecurity professionals including 69 Indian respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.

The study, which emphasises the significance of adopting a  proactive cybersecurity approach, found that a core reason for the prevalent reactivity in  Indian organisations’ cybersecurity practices is the lack of alignment in goals between IT and security teams. Seven in 10 (71%) organisations say their IT teams are more concerned with uptime than patching and remediation. The disparity results in a lack of coordination between the two teams, a challenge acknowledged by 43% of Indian organisations.

“In today’s threat landscape, by the time organisations react to cyberattacks, the battle is half lost,” said Kartik Shahani, Country Manager for Tenable India. “Organisations in India simply cannot afford to remain in reactive mode. The study we conducted sheds light on the inherent issues within Indian organisations’ own structure and operations. This misalignment in goals between IT and security teams results in a palpable lack of synchronisation, making it challenging for these vital components of an organisation to work cohesively toward a shared goal.”

This goal misalignment is further exacerbated as organisations race to adopt new and emerging software-as-a-service applications from third-party providers. Eight in 10 respondents (81%) of their organisations use a third-party program for SaaS apps and services. However, only over half (54%) have visibility into these third-party environments making proactive security measures elusive.

Shahani noted, “While there are no quick fixes to these challenges, implementing an exposure management program enables security professionals to better allocate time and resources so they can focus on taking the preventive actions that legitimately reduce an organisation’s cyber risk. It requires security teams to place as much importance on proactive efforts as they currently do on reactive incident response efforts. It requires security and IT professionals to consider how siloed organisational structures — and the myriad security tools used in support of those silos — are hindering their ability to see what an attacker sees. And it requires a way for security professionals to analyse the data coming from disparate tools to empower them to draw meaningful insights they can apply to their risk reduction goals.”

To read the full study, visit: here

Note to Editors:

• Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals including 69 Indian respondents at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia. The study was fielded in March 2023.

• Maturity Modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritise resources to reduce threat exposure, and the degree of visibility and collaboration within their organisation. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.