CHENNAI: Indian companies show little regard towards e-security and absence of a security risk assessment mechanism and lack of internal security audits can cause huge damages in future, experts warned here today.

"A typical problem (with companies in India) is that there is a lack of internal security audits. Many companies have inadequate skills and tools for security protection," said Murali Manohar, practice head (internal security audit), Sify Ltd at a seminar organised jointly by Nasscom and Sify, on `e-security and trusted sourcing.'

Another major problem was that the risk assessment was deficient in many companies in India, he said.

Manohar said, in many companies, where he had gone for security audits, the IT security reportings were incomplete. In many cases, the reporting was even "misleading," he said.

Bimal Bhavanani, associate director, KPMG, said companies must adhere to the security requirements all the time. Internal regulations are a must in companies, he said.

Companies must focus on awareness, training and education for all the employees, so that the importance of data and security were given due importance, he said.

There should also be a mechanism to monitor compliance, Bhavanani said.

He said Indian companies were getting outsourcing contracts based on the trust that the high-risk data will be treated with proper care. However, lack of security monitoring systems may damange the entire boom in the offshore business, Bhavanani said.