72% of Indian business establishments have suffered a cyber attack, revealed a report released by KPMG on Monday. The report, titled the Cybercrime Survey Report 2015 had 250 respondents including CIOs, CISOs, CAEs, CROs and COOs from around the country,

94% of the respondents felt that cyber threats are one of the major threats to businesses, with 41% admitting that these discussions form part of the agenda in the boardroom.

The report also revealed that 74% respondents felt that the BFSI sector is a top target for cyber crime, with 63% indicating these crimes more often amount to gross financial loss. 55% of respondents said that there was theft of sensitive information, with 49% reporting reputational damage.

83% respondents indicated that there is usually external involvement in cyber attacks, with the management being most vulnerable according to 64%. 54% respondents said that the annual spend on cyber defences is less than 5% of IT spend.

74% respondents said that there was no detailed cyber risk assessment in their establishments while 78% did not have a cyber incident response plan, with 62% of them admitting to having no logging and monitoring of critical systems.

“Cyber criminals have understood the potential of an illicit financial gain and have begun executing highly sophisticated technology-driven frauds. These cyber frauds, by nature, are complex and difficult to detect. Organisations need to strengthen their cyber incident response process along with building strong prevention and detection systems,” said Mohit Bahl, Partner and Head Forensics, KPMG in India. Sameer Ratolikar, CISO at HDFC Bank said that in the digital age, cyber frauds have become more complicated. “Social engineering, advanced malware, such as ransomware, application layer attacks and cyber extortion, are some of the varied vectors used by cybercriminals. Organisations need to have a comprehensive prevention, detection and cyber resilience framework in place,” he said.

Amit Pradhan, CISO at Vodafone said that an early response to cyber frauds revealed the organisations' preparedness. “Collaborative intelligence from various sources enhances the organisation’s readiness to respond to various types of cyber crimes. However, organisations are unable to limit the impact of cyber crime as they are still faced with challenges of increasing reaction agility, reducing incident response time and absence of a strong legislation to help in effective legal recourse,” he said.