New Delhi, Mar 14 (IANS): More than 60 per cent of mid-sized Indian organisations fell victim to a cyberattack last year, a new report showed on Monday.

Just under one fifth (19 per cent) of respondents surveyed said they discovered the attack within two weeks, but 22 per cent took three to four weeks to realise they had been targeted, according to Sophos, a global leader in next-generation cybersecurity.

Even then, many only learned about the attack from an external source.

"Organisations in India are at significant risk of a cyberattack, including ransomware, which can have a far-reaching impact on customers, reputation and operations," said Sunil Sharma, managing director, sales, Sophos India and SAARC.

"In addition, many organisations may be under-prepared to detect and respond to an attack," he added.

While half of the respondents said they had discovered the attack when they were unable to access data or systems (21 per cent overall) or were contacted by the attackers (19 per cent), a significant 40 per cent of them only realised they'd been targeted when they found their company data exposed online or were notified by customers or the media.

Almost a quarter (23 per cent) of victim organisations said it took more than a month for the organisation to recover from the impact of the attack.

"Attackers can remain in victim networks for weeks before being detected, and a considerable number of organisations learned of the attack from external sources after the damage was done," Sharma noted.

Human-led, active threat hunting is now a key component of a defense-in-depth security strategy.

While it was encouraging to find that 80 per cent of the cybersecurity leaders believe that threat hunting is an effective approach for strengthening their cybersecurity defenses, the findings suggest that some organisations may need support in putting that into practice, the report said.