BENGALURU: As Indian IT companies face a slew of cyberattacks, their clients are asking for more security audits and are looking into whether vendors are making adequate investments to keep their data safe, analysts said.
Clients typically had broad language in their contracts to ensure they were protected but with increasing attacks by hackers, more is needed. “It is now apparent to the whole industry that not enough attention was being paid to security, including the vendors networks. Clients are moving to increase the level of commitment, introduce more audits to inspect the level of compliance and work with their vendors to ensure the appropriate investments in security are made and maintained,” Peter Bendor-Samuel, CEO of IT advisory Everest Research, told ET.
He said that for clients, this appears to be a case of the cobblers daughter having no shoes as IT companies sometimes provide security services to their clients but may have not done enough to protect their own systems. “We can expect to see more attention being paid to this, more demanding contracts, more aggressive audits and substantially more money being spent,” Bendor-Samuel added.
IT executives said more clients were asking about security and that reports about an attempted attack at one company lead to questions for others. “In the past, even for clients, there wasnt that much understanding about it. Now, with hacks becoming more sophisticated and expensive, clients want more than just contract terms protecting them. They want to be involved in how their data is protected,” an IT executive told ET, asking not to be identified.
Earlier this year, Wipro said it had faced an attack that looked to garner client data. Newswire Reuters reported that Tata Consultancy Services and other IT services companies such as DXC Technology, IBM and Hewlett Packard were subject to an attack by China-sponsored hackers.
Indian IT companies, which have access to client systems and their data, are significant targets for hackers. Wipro said it investigated 4.5 million security alerts a year. However, IT companies point out that not all attacks lead to a breach and that they have a successful track record of fending off attacks and work to ensure that their data is protected. “Our corporate security team conducts re