Corporate Readiness in a Cyber-Centric world
As one of the most technology-focused economies in the world, India has set a vision for Global Leadership in AI by 2047.1 Not surprisingly, this has also put a target on the world’s fastest-growing economy, as in 2023 India faced 13.7% of all cyberattacks in the world.2 This risk of cyber attacks has also been witnessed globally with 9 out of 10 CISOs claiming they have experienced a cyber incident in the last 12 months, as per FTI’s latest CISO Redefined Survey. The urgency of cyber preparedness cannot be overstated.
Rising vulnerabilities in the ecosystem: AI, Supply Chain Disruptions, & more
At the G20 last year, India spared no effort in showcasing its digital public infrastructure (DPI), known as India Stack, with UPI standing out as its largest and most widely recognised foundational component. This continuous evolution and then, export of India’s digital stack has made India an attractive destination for cyber attacks; difficult for corporates to navigate alone. For instance, cloud storage systems, chosen for their convenience and accessibility, are becoming a prime target for cyber attackers as well. In fact, 82% of breaches in 2023 involved data stored in the cloud.3
With the popularity of ChatGPT & allied products, AI and cyber risk have become the flavor of Boardrooms and Governments. India recently concluded the largest democratic elections in the world and was challenged with deep fakes and fake news propaganda, led by AI. There were calls being made to prospective voters imitating local leaders responding empathetically to the voter’s concerns about electricity cuts and promises to address the issue if elected, demonstrating the sophisticated use of generative AI to mimic real-world political interactions. Such interactions exploited the lack of policies around AI as well as augmented reality to expand voter outreach.4 Therefore it comes as no surprise that the 100-day plans shared by various ministries aim to combat cyber fraud and curb excessive tele-calling (additional to the AI and Data Protection acts by the government) which usually leads to desensitization of consumers towards cyber crime attempts.5 A Cyber Fraud Mitigation Center is also expected to be announced to combat financial fraud, including online scams.6
India has also embarked on its journey for Indigenous AI with Reliance Industries partnering with Nvidia to develop a large language model to be trained on Indian languages, 11 for starters.7 India’s multi-lingual cultural fabric faces unique hurdles with almost no digitised data for most of the top 125 languages – known as Zero-Corpus.8 This makes the AI systems underprepared for the Indian dynamics and opens it up for locale attacks.
Supply Chain disruption has become another key cyber governance issue. Healthcare is the largest cyber-impacted sector and its biggest tech scare comes from the increasing digitization of the hospital chain as well as the complete automation of medical devices – costing patients’ lives and not just money.
No Silver Bullet for Cybersecurity
As attackers continuously refine their tactics, it becomes imperative for cybersecurity to evolve, diversify, and strengthen its problem identification, expertise, and practices. One of the foremost challenges for AI experts has been to identify genuineness of AI within the chaotic landscape of information. Concurrently, the establishment of a comprehensive policy framework by governments is underway, exemplified by the US Executive Order on AI policy and the EU’s adoption of the AI Act in late 2023/early 2024.
As technologies continue to mature and robust policies are put in place, corporate and board readiness become critical components of cyber resilience. Yet, the lack of cybersecurity expertise at the board level is concerning, with over 40% of Russell 3000 9 companies lacking directors with cybersecurity expertise.10 A staggering 53% of CISOs do not feel fully aligned with their Executive Team, exacerbating cybersecurity liabilities and the cost of insufficient training and readiness assessments.11
India mirrors this scenario with 47% of the top 100 companies not undertaking regular cyber audits or training to build preparedness. And, 80 out of 100 have said that there have been zero cyber incidents, as per the India Disclosure Index 2023, creating a false sense of security against these systemic attacks.
It is clear that the Chief Information Security Officers (CISOs) are under immense pressure as the cyber attack community persists and capitalises on systemic vulnerabilities. This can also be noted in the CISCO Readiness Index 202412, which highlights the substantial cost of being unprepared with 55% of the respondents of the survey saying it cost them at least USD 300,000. As India strives to lead in the digital age, a fundamental shift in corporate mindset is imperative. Cybersecurity resilience will hinge not only on robust infrastructure but also on investments in cybersecurity expertise, comprehensive training programs, and stringent oversight mechanisms tailored to the evolving cyber threat landscape. Only through concerted efforts can India navigate the complexities of the cyber world and emerge stronger and more resilient in an AI-ready future.
7 https://www.fortuneindia.com/long-reads/the-great-indian-search-for-indigenous-ai/116680
9 Russell 3000: The Russell 3000 Index measures the performance of 3,000 stocks and includes all large-cap, mid-cap and small-cap US equities, along with some microcap stocks. The index is designed to represent approximately 98% of investable US equities by market capitalization.
11 https://fticommunications.com/ciso-redefined-navigating-c-suite-perceptions-and-expectations/
The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
©2024 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com
