Editorial Team

The COVID-19 pandemic has brought with it numerous challenges for organizations due to remote working and exposure to increasing ransomware and malware attacks. The new State of Cybersecurity 2021 Part 2 survey report from ISACA, sponsored by HCL Technologies, indicates that many organizations in India are experiencing an increase in cybersecurity attacks, with32% of respondents indicating they had experienced more cyber-attacks than the year before.

This second part to ISACA’s annual State of Cybersecurity 2021 survey report examines cyber threat landscape trends, including frequency and type of attacks, confidence in cybersecurity teams and cybersecurity awareness initiatives, nuances related to security operations and reporting structure and cyber maturity as a business imperative.

Higher number of cyberattacks, but similar concerns

While respondents indicate that nearly 1 in 3 enterprises are getting attacked more, the most frequent types of attacks are similar to those faced in prior years, including:

  1. Social engineering –13% have experienced these attacks this year
  2. Advanced persistent threat (APT)

Ransomware–11%

  1. Unpatched system–10%

Injection flaws–10%

Broken authentication–10%

Sensitive data exposure –10%

According to the report, 29% of respondents say that their organization is likely to experience a cyber-attack in the next year. The report also indicates that 34% of the respondents feel organizations under-report cybercrime even if reporting is required.

As the pandemic continues to ravage and remote working appears likely to continue for the foreseeable future, it has become all the more important for organizations to conduct frequent cyber risk assessments to prevent data loss and reputational damage. While the report indicates that 74% of respondents conduct cyber risk assessment to ensure regulatory compliance, 69% also indicated that their organizations conduct cyber risk assessments to prevent data loss, demonstrating that many organizations recognize the importance of addressing this threat.

“With the increase in the number and rate of cyberattacks worldwide, cybersecurity professionals are facing a challenging threat landscape that requires constant vigilance,” says David Samuelson, ISACA CEO. “These survey findings illustrate just how essential it continues to be for the global cybersecurity community to actively keep up to date with best practices and training, and ensure their teams are well staffed to detect and respond to attacks.”

Cybersecurity team and leadership dynamics

When it comes to cybersecurity teams and leadership, the report findings revealed a strong preference to having a CISO at the helm, with 61% of respondents saying their cybersecurity teams report to the CISO compared to 16% reporting to the CIO. Additionally, 40% of those answering the survey noted that they believe cybersecurity training and awareness programs have had a positive impact on overall cybersecurity awareness in their organizations.

“With no end to the pandemic in sight, pre-empting cyberattacks and preventing data loss and reputational damage have become more important than ever before, especially as many teams continue to work remotely,” says RV Raghu, member, ISACA Emerging Trends Working Group; director, Versatilist Consulting Pvt. Ltd; and past ISACA board member.

“Organizations have to commit the time, invest in appropriate cyber tools, and be adequately staffed to effectively conduct cybersecurity risk assessments, which were cited as the top three obstacles that organizations in India face in conducting cyber risk assessments.”

Cybermaturity assessments valued but present challenges

The report found that 72 percent of respondents indicate their enterprises assess their cybermaturity, and those that perform cybermaturity assessments—like those offered through ISACA’s CMMI Cybermaturity Platform—are more likely to have appropriately staffed security teams and report appropriately funded cybersecurity budgets.

However, respondents indicated that they faced some obstacles in defining cybermaturity at their organizations, the top five being:

  1. Hard to communicate concept of maturity vs compliance to management (25%)
  2. Choosing a framework or standard to follow (22%)
  3. Difficult to scale (21%)
  4. Challenge of integrating risk with maturity, and keeping up with industry threats, trends, etc. (21%)
  5. Validating assurance that practices are in place (21%)

Related Articles