With Cyberthreats on a Rise, Enterprises Grapple with Funding, Talent and Human Error Only 63 per cent of enterprises, out of 1,800-plus surveyed, reported that their cybersecurity budgets are appropriately funded
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Recently, renowned Indian business tycoon S.P. Oswal from the Vardhman Group was reported to have lost INR seven crores in a "digital arrest" scam. In a different incident, a fake crypto wallet app on Google Play drained USD 70,000 from users—not a first as Google Play leaves notorious applications unchecked for months. The third scam- of VPN- has been active for years now. We are continuously being fooled into sharing our critical information under the lure of privacy—which is not the case. It has been reported that VPN service providers are often found storing data, leaking, or sharing it with agencies—the promise of hiding your information is not always kept and you end up giving up your sensitive credentials.
The growing complexities of the cyber attack landscape, combined with a lack of awareness about cyberspace hygiene, make the present scenario even more challenging, where 90 per cent of our lives rely on technologies and smart devices. The business side of this is also concerning.
According to a recent survey, State of Cybersecurity by ISACA, it was reported that in 2024, cybersecurity funding has dropped significantly, with an incremental year-over-year decline, indicating a potential multiyear freefall. Additionally, only 63 per cent of enterprises, out of 1,800-plus surveyed, reported that their cybersecurity budgets are appropriately funded. Furthermore, 44 per cent of respondents believe their budgets are somewhat underfunded—an increase of four percentage points. Just 47 per cent of respondents believe funding will increase, while 41 per cent believe there will be no change, and 13 per cent expect budgets to shrink over the next year.
The aging workforce in the cybersecurity domain is a growing concern. According to the report, for the first time in ten years, 34 per cent of respondents are between the ages of 45 and 54, surpassing the 30 per cent of respondents aged 35 to 44. This is especially concerning for developing countries such as India. Among 122 Indian cybersecurity professionals surveyed, many reported increasing stress due to complex cybersecurity landscapes, insufficiently trained staff, worsening hiring and retention challenges, a lack of prioritization of cybersecurity risks, and low budgets.
The lower rate of hiring younger talent is alarming. One potential reason for this is the lack of proper educational training and clear career paths in cybersecurity. Enterprises need to hire more young talent to build an ecosystem of cybersecurity awareness, accelerate employment in different sectors, ensure preparedness for emerging risks, and account for the sudden retirement of older professionals.
Many organizations are leveraging Artificial Intelligence (AI) within their cybersecurity risk ecosystems.
There is still a long way to go. The increasing complexities of cyberattacks require proper education for both employees and consumers. Nearly 29 per cent of Indian respondents reported that their companies are increasingly experiencing social engineering, malware, denial-of-service attacks, and zero-day exploits. Human error, however, remains the major cause behind 90 per cent of cyberattacks, as per IBM. This underscores the need for basic cyberspace training.
"Social engineering attacks, such as phishing, are a growing concern for organizations, as human error remains a major factor in data breaches. With the increasing frequency and sophistication of these attacks, it is essential for organizations to adopt secure authentication methods to strengthen their defenses," said Mike Mellor, VP of Cyber Operations at Adobe.