Average security spend by Indian firms has come down by 17 per cent to USD 4 million this year even as information security breaches have become more frequent and damaging.
According to consultancy firm PwC, Indian companies spent an average of about USD 4.8 million on security last year.
This is despite the average cost of a security incident for Indian companies spiralling to USD 414 in 2014, from USD 194 in 2013.
"The average cost of a security incident for Indian companies has more than doubled from USD 194 in 2013 to USD 414 in 2014 and there has been a 20 per cent increase in the average losses as a consequence," said the PwC report - State of the Information Security Survey - India 2015.
However, even as information security breaches become more frequent and damaging, Indian companies have reduced the average security spending, it added.
"As organisations move ahead and embrace new technologies without fully comprehending the implications, they are becoming susceptible to an array of cyber-security threats and these threats today have become increasingly complex," said the report.
Even with the growing impact that cyber security incidents can have on the entire enterprise, boards of organisations remain oblivious and continue to treat cyber security as an IT problem, it added.
"Cyber security is no longer an issue that concerns only IT and security professionals. The impact has extended to the C-suite and boardroom," PwC ED and Leader (India Cyber Security, Governance Risk and Compliance Services) Sivarama Krishnan said.
It is now a persistent business risk. Awareness and concern about such security incidents and threats are a priority for the consumers as well, he added.
The report revealed that current and former employees have been cited by respondents as the most common causes of incidents.
Loss of data through associations with customers and vendors also contribute to a reasonable chunk of incidents caused by insiders. The lack of effective mechanisms to manage risks to data stemming from third parties is largely responsible, it said.