Press Release: CyberSecurity Maturity of Indian Industries

CyberSecurity Maturity of Indian Industries Show Grim Picture: Large Banks Score 61 & Online/FinTech Startups Score 8 (Out Of 100), As Per FireCompass Report


India, August 31, 2017 – FireCompass, a Cyber Security product company that specializes in security maturity assessment, has released industry’s first vertical wise maturity report for India. Based on extensive research of 200+ organizations from across India, FireCompass unveils report on CyberSecurity Maturity Score of Indian Industries.


Cyber Security is now a persistent business risk, across organizations of all sizes, large or small. To  secure businesses, an organization needs to have in place a variety of security technologies along with skilled personnel and mature processes. In this report, FireCompass has researched the current CyberSecurity maturity of Indian enterprises, based on the kind of technical security controls they have in place against modern day attacks.


Speaking on the launch of FireCompass CyberSecurity Maturity ReportBikash Barai, Co-Founder of FireCompass and a serial IT Security technology entrepreneur said, “Management / Board are increasingly asking about the cybersecurity posture and the relative benchmark against industry peers, but so far we were not able to measure cybersecurity performance based on objective, quantitative data. Organizations traditionally have been using informal approaches to communicate security posture to the management/board, making it difficult to benchmark security across industry.”


He added, “FireCompass has standardized the approach and uses quantitative data to measure security posture across organizations. Based on this we’re pleased to launch the first report on cybersecurity performance of industry for India”. Barai earlier founded iViZ Security, an IT Security product company funded by IDG Ventures and later acquired by Cigital / Synopsys.


FireCompass has assessed 50+ data point of more than 200 organizations, both from an internal & external perspective to give a holistic view of security performance. NIST CyberSecurity Framework (promoted by USA government) was leveraged to classify the technology controls capabilities across 5 dimensions – Identify, Protect, Detect, Respond, Recover. The score is based on data on actual security controls implemented as well as open source security intelligence.


The scores are especially important for board / management to measure/benchmark their organization’s cybersecurity maturity, understanding gaps and building security roadmap. Such scores can also help insurance companies to calculate the cyber risk insurance premiums.


Research Methodology

  • Online survey was conducted for which 200+ CISOs (or equivalent) in India responded, across verticals. Survey comprised questions around current technology controls in place and roadmap
  • The scores were calculated based on the statistical models created by FireCompass based on NIST CSF


Key insights from the report

  • Large Indian Banks and Telcos are the most mature in terms of CyberSecurity with Small Banks and Startups lagging far behind. Average industry scores are as follows:
    • Large Banks: 61%
    • Telco: 61%
    • Financial Services: 58%
    • IT/ITeS: 52%
    • Manufacturing: 51%
    • Insurance: 45%
    • Small Banks: 43%
    • Online Startups / FinTech: 8%
  • Security investments have primarily been done around prevention technologies like Firewalls, AV etc., where as investments in detection & response capabilities  were largely neglected. Security should be designed considering that an organizations may be breached and there should be adequate preparedness to respond and recover from such breaches. Average scores are:
    • Prevention: 63%
    • Detection: 51%
    • Response: 30%
  • Indian organizations are primarily compliance driven & reactive, with average security scores  hovering around ~50/ 100. India ranks 23 out of 164 countries in ITU’s Global CyberSecurity Index (2017).
  • Response Capabilities is grossly neglected across sectors with very poor score, ranging between 3% to 40% and an average of 30%.
  • Preliminary research on online startups show that the security maturity is abysmally low at around 8%. One of the major reasons for this is that FinTech & Online Startups are primarily focussing on Application Security, which covers only 5 out of the 25 capability areas, and have not focussed on rest of the 20 capability areas.


You can access the full report using the following link:

1000+ Products (Product Comparison Platform)

The product comparison platform is the world’s first AI-Assistant for CyberSecurity Strategy & Buying. It helps organizations to measure their CyberSecurity maturity for reporting to management/Board as well as creating their security strategy and roadmap. FireCompass also has detailed, granular data on capabilities of 1,000+ CyberSecurity products, which it leverages to assess the CyberSecurity posture of organizations as well as helping organization to choose the right technology for bridging the security gaps. More than 1,200 Enterprises across the globe uses FireCompass, which includes the 8 out Top 10 Indian Banks and 4 out of Top 5 Indian Telcos etc.

For more information, please visit:

Media Contact

Denise Bailey :

Views: 157

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash Mar 3. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */