Over half of Indian firms store digital data abroad

Although the situation is marginally better than it was a few years ago, 55% of Indian corporates have little faith in the e-security apparatus of the country, and feel more comfortable storing sensitive IT data on servers abroad.

The estimated value of this information is  around 5.6 crore dollars (Rs249 crore). The findings are the outcome of a recent survey of 1,000 Indian firms conducted by e-security giant McAfee. The figure was 61% in 2008.

The companies attribute the decision to safety concerns and more efficient means of moving the information around. The destination depends on how stringent and effective data privacy laws are in a country, with the US and European countries scoring over others. As many as 84% of the firms went through a formal risk assessment study before deciding to store sensitive information outside the country. These organisations have allocated around 20% of their annual revenue towards IT, and 18% of it is used to secure data.

The survey, which was conducted globally, suggests that online information is becoming more vulnerable to attacks. All countries dipped in 2010 rankings compared to 2008 on being able to pursue an investigation over a security breach involving an organisation's sensitive information. Curiously however, Indian firms seem unwilling to store information in the country despite it being ranked number 3 for being able to pursue a security breach investigation, after the US and the UK. Pakistan and China are considered to be the most dangerous from a threat perspective owing to the respondents' disbelief in the capabilities of the two countries in resolving security breach issues.

“Indian companies do not use up-to-date e-security solutions and are not spending much to ensure their data is not breached or stolen. They need to educate staff, as well as take proper measures so that this data can be stored in the country,” said an e-security expert from Mumbai.

In 2008, 70% of the respondents thought that they spend just about the right amount to protect sensitive information, but this percentage has dropped to 59% in 2010.

Out of those affected, 66% reported data breaches and/or losses to government and private agencies, while 55% reported it to stockholders. 

A massive 32% of Indian firms reported they only occasionally take steps to remediate and protect systems for the future after a breach or an attempt. More alarmingly, 11% of respondents said that their organisations accrued a loss of up to $500,000 (Rs2 crore) due to security breaches, while 27% indicated a loss of up to $1,000,000 (Rs4.45 crore).

Forty-five percent of the respondents think more sensitive data will be moved outside India, whereas 39% say there will be no change. This shows a renewed confidence, since in 2008 only 25% respondents shared this view.