Saddled with multiple responsibilities, Indian business leaders are hard-pressed to focus on cybersecurity.

Data breaches are hitting Indian businesses hard. About 35,636 records were compromised in various incidents of data breach in the country between July 2018 and April 2019, according to a report published by technology company IBM in July this year. These cost each organisation about Rs 12.8 crore on average, said the report.

What’s worse is that no organisation, however big or small, is immune. In January this year, the State Bank of India, the country’s largest bank, leaked financial data of millions of customers. In April, technology website ZDNet reported that an Indian government agency had left sensitive medical records of 12.5 million pregnant women unprotected online. And in July, former employees at India-based Magnasoft Consulting were accused of stealing data.

No surprise then that the growing severity of cyberattacks is adding to the workload and stress of Indian executives. A new study by Cisco, a technology company based out of San Jose, reiterates that cyber-attacks remain the biggest concern for top management in India.

Under threat

For most – 92% – organisations in India, cybersecurity is an executive-level priority. However, higher workloads and fatigue leave leaders little time to look into these threats, according to Cisco’s 2019 Asia Pacific CISO Benchmark Study. Given Indian leaders’ heavy workloads, 34% of the organisations acknowledged they were suffering from cybersecurity fatigue.

For the study, Cisco reached out to 2,000 security professionals in APAC region, including India, to gauge the top leadership’s preparedness to deal with cybersecurity threats.

The study underscores that organisations face a number of obstacles in embracing new technologies to counter cyber threats. Some of these challenges include top management being occupied with multiple tasks and a lack of budget.

The good news is that organisations are increasingly fool-proofing themselves, said the study. “To mitigate cyberattacks, Indian firms have increased their security budgets, trained their workforce, and have started integrating their security infrastructure,” said Vishak Raman, director of security business at Cisco India and SAARC.

However, what’s worrying is that even though the number of daily alerts has decreased, India’s record at investigating alerts has worsened. In 2018, Indian companies were able to investigate only 61% of all alerts. Even that has now dropped to 57%. Also, the share of legitimate alerts effectively acted upon by Indian organisations has fallen from 52% in 2018, to 41% in 2019.

Another big concern for Indian organisations is that they suffer significant loss of working hours in case of cyberattacks. Because companies experience downtime as their IT infrastructure is compromised.

Managing cyber attacks

Indian companies are increasingly embracing cloud solutions to secure their IT infrastructure.

Further, to reduce the number of security alerts, more and more Indian organisations choosing to decrease the number of vendors they use than in 2018 so that security systems are fewer, and thus, easier to manage and track. For example, 89% of Indian organisations surveyed found it somewhat or very challenging to orchestrate alerts from multiple vendors. As a result, the drive towards consolidation has also dramatically decreased the number of different security products used by organisations in India. In 2018, up to 24% companies in the country were using more than 50 products. This number in 2019 now stands at 11%.

To get around security threats, the study recommends organisations consider a Zero Trust approach, which involves simplifying security by looking at three key areas: workforce, workload, and workplace. For example, companies need to secure workforce by protecting users and their devices against things such as stolen credentials or phishing. And all this needs to be done with minimal impact on the end-user, the report concluded.

This article first appeared on Quartz.