Research & WhitepapersSecurity

Firms Fail To Create A Security-Aware Culture, Shows Infosys Study


In today’s hyper-connected and digitized world, cyber security has become an important strategic imperative owing to the sophistication of cyber crime. Digital businesses require complex and distributed interactions among people, applications and data — on-premise, off premise, on mobile devices and in the cloud. The result is an increase in the attack surfaces that are hard to protect and defend.

As the perimeter continues to diminish, visibility into the environment gets tougher. Operational Technology (OT) and the Internet of Things (IoT) massively expand the scope of security strategy and operations. The absence of a well-defined cybersecurity program can cause substantial damage to an enterprise’s operations, reputation and financial condition, and threaten its very existence.

To better understand the specifics of cybersecurity initiatives, Infosys surveyed over 850 executives representing firms from 12 industries. What clearly stood out was that despite cybersecurity takes center stage – across industries and geographies, organizations are finding it challenging to embed security in their enterprise IT architecture, battling with a shortage of skilled workforce and are unable to keep up with technological advancements.

The study shows that 83 percent enterprises view cyber security as critical. Over two thirds of respondents have implemented a well-defined enterprise-wide strategy and roadmap. However, the top concerns faced by enterprises are Hackers/Hacktivists (84 percent), low awareness among employees (76 percent), insider threats (75 percent), and corporate espionage (75 percent). Challenges in building a security aware culture combined with embedding security into design affects nearly two thirds of enterprises, said the study.

Nonetheless, to overcome security challenges, over half of the organizations are focusing on adopting integrated security solutions and are working with technology and service integrator partners. In addition, they are also following a series of ‘soft’ methods. These include training/certifications (61 percent), enablement sessions (54 percent) and creating security awareness among employees (51 percent)

Network segregation (65 percent), threat intelligence platform (57 percent), and advanced threat protection (55 percent) are the top implemented security solutions, it said.

The study further shows that top trends that will shape the future of cybersecurity are Artificial Intelligence (41 percent); Privacy and Personal Data Protection (35 percent); Blockchain and cloud technologies (33 percent)

“As enterprises continue to add new technologies to the business, it is crucial to defend themselves against a sophisticated threat environment. At Infosys, our approach is to embed cybersecurity at every stage of business, thereby minimizing risk while maximizing the visibility of the security landscape.  A relentless focus on innovation by studying newer technologies and methods, ensures we can better secure an enterprise’s business,” Vishal Salvi, CISO & Head Cyber Security Practice, Infosys, said.

Despite certain challenges, across industries, cybersecurity is viewed as critical in an enterprise’s digital transformation journey, shows the study, with manufacturing emerging at the top (87 percent), followed by energy and utilities (85 percent), and banking, financial services and insurance (83 percent). From that context, Salvi concluded, “We believe a holistic approach to cybersecurity is what it takes to instill digital trust in companies, and this research offers a good understanding of the current cybersecurity landscape. The insights, if applied appropriately can accelerate the cyber defense of enterprises.”

Leave a Response