Dr Reddy's, BigBasket and now JusPay, there are just a handful of data breach instances that have been reported over the last quarter, and not to mention the ones that we aren't aware of yet. Surprising it may sound but in 2019, India was amongst world's top 5 cyber-targeted nations along with US, UK, Singapore and Ukraine wherein it held the top position for three months. A growing economy and also an outsourcing hub, India is on the radar of cybercriminals.
"India is among the most cyber-attacked countries in the world and hence it is imperative to have stricter cybersecurity and data protection laws to mitigate data thefts and cybercrimes. With over half a billion internet users and over 1.2 billion mobile accounts, India as a country is a breeding ground for cybercriminals. Several reports have registered that in the first 9 months of 2020 alone, organisations and individuals estimated losses of about $6 trillion due to cyber thefts with organisations deploying the highest level of security also falling susceptible to cyber-attacks. Researches have further predicted that by 2027, over 900 million Indians will have a digital presence and coupling it with the unscrupulous use of personal data and information by service providers, it is vital to implement stringent cybersecurity laws," says Ram Seethepalli, CEO, Cyberior by Europ Assistance India.
While large companies and organisations have the capital and the resources to deploy various technologies and solutions, on an individual level, the threat looms large. "According to a recent survey by Sophos, Indian organisations have incurred costs of around Rs 8.02 crore to rectify the impact of each ransomware attack, hinting at the seriousness of the cyber-attack. It also highlighted that only 8 per cent of victims were able to stop the attack before their data could be encrypted, compared with a global average of 24 per cent," adds Tony Velleca, Chief Executive Officer, CyberProof and CISO, UST Global.
While India will soon have a robust cybersecurity policy, current laws do not mandate notification of data breach to customers. Companies in India largely tend to report cybersecurity incidents to regulators only where it is mandatory under applicable laws. Secrecy rather than reporting and remediation remains an issue in the event of data breaches. All of these inefficiencies are expected to improve with the upcoming Personal Data Protection Bill 2019 (PDP). Commenting on how the Indian policies can be strengthened, G V Anand Bhushan, Partner at Shardul Amarchand Mangaldas & Co., explains, "Firstly, the legal and regulatory environment needs clarity. India should fast track the enactment of the Data Protection Act and set up a strong and effective Data Protection Authority. This regulatory framework will provide for appropriate consents to collect and process data and also prescribe the fines and penalties for non-compliance. Since the draft bill already provides for high fines (Rs.5 crores or 2% of worldwide turn over) it is expected to usher in a strong compliance culture."
India too should have strict laws and regulations, similar to the European Union's General Data Protection Regulation (GDPR) which was brought into force in May 2018. "It inspects and monitors companies' efforts in protecting citizens' personal data while the Indian Personal Data Protection Bill of 2019 is currently awaiting clearance from the parliamentary committee. The inability to meet the GDPR regulatory standards levy heavy legal fees for the European organisations and that fall under the EU jurisdiction, a similar bill in India can have a profound impact and curb the surge of cyber-attacks," adds Seethepalli.
The Indian Computer Emergency Response Team (CERT-In) is the nodal government agency dealing with threats like hacking and phishing. While several MOUs have already been signed to deal with information sharing and intergovernmental cooperation, CERT-In should continue to expand on cross border cooperation with international governments to deal with cross border threats.
Also read: Guardians of the Online World