An overwhelming 91 percent of businesses in India fear that their organisation is at risk of cyber attacks because of the ‘complexity of business and IT operations’. The shift to a more flexible and productive workforce seems to have brought along its own set of security concerns. A majority of respondents to a survey by leading IT firm Citrix and Ponemon Institute have stated that employees and third parties ‘bypass security policies and technologies’ because these are too complex. However, another perspective to this problem is given by the business practices firm EY, which has pointed out that more than 60 percent of the software used by companies in India is unregulated — which leaves them vulnerable to cyber attacks. According to the EY study, over 49 percent of chief information officers of companies surveyed identified security threats from malware as the major threat posed by unlicensed software, while 26 percent employees admitted to installing outside software on their work computers. Using older software versions and connecting persol devices like smartphones to corporate IT networks are other such bad practices. The problem is acute with middle level companies, which are more concerned with cutting costs to increase profits, while ignoring cyber security aspects. The EY study has called for stringent software asset magement practices to prevent idvertent downloads of malware through uuthorised software, software of unknown vendors and use of removable media to download software not supported in a corporate environment. What this means is cultivation of a different mindset by both corporate magements, so that they invest in genuine software and IT solutions that will prove cost-effective in the long run. And it is the responsibility of their employees to keep the office IT environment uncontamited and secure. This in turn will call for a change in the country’s ‘chalta hai’ and ‘jugaad’ culture in offices.