India has been the second most cyber attacks affected country between 2016 to 2018, according to a new Data Security Council of India (DSCI) report. Further, the average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record mounting to INR 4,552 ($64).
The rising cyber attacks has resulted in more and more companies opting for cyber insurance policies to mitigate the cyber-breach risk. About 350 cyber insurance policies have been sold in India till 2018, which is a 40% increase from that in 2017.
While IT, banking and financial services were early adopters of cyber insurance, a new demand has arisen among manufacturing, pharmaceutical, retail, hospitality, R&D and IP-based organisations.
“Prominent data breach cases in the U.S. and the Western world, and recently enacted laws such as the European Union’s General Data Protection Regulation (GDPR), is driving the uptake of cyber insurance by Indian firms, with global exposure”, said Anup Dhingra, president of FINPRO and private equity M&A, Marsh.
Data Breach Cases In India
According to a CISCO Annual Cyber Security Report, 53% of all cyber attacks led to financial damages of more than $500K (including lost revenue, customers, opportunities, and out-of-pocket costs among others) for organisations in 2018.
When it comes to data breach in the Indian context, the first thing we think of is Aadhaar. As recently as February 2019, Aadhaar details of over 6.7 Mn users containing details such as names, addresses and the numbers were leaked on Indane’s website.
Prior to this in 2018, French cybersecurity expert Baptiste Robert (who goes by the pseudonym Elliot Alderson on Twitter) had uploaded website links containing the Aadhaar data of thousands of Indian citizens. And that’s just two examples among multiple leaks related to Aadhaar from state government bodies.
Also earlier this month, two security loopholes were discovered in Mumbai-based hyperlocal search engine Justdial’s database that was said to have exposed user data from over 100 Mn users.
Other Indian startups including Pune-based fintech company EarlySalary, restaurant discovery company Zomato, foodtech startup FreshMenu and travel platform Ixigo have also witnessed data breach cases.
Government Across The World Clamp Down On Data
The Indian government is taking some steps on promoting data protection at a policy level. In July end, a high-level panel headed by Justice B N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad. Since then, the Indian government has faced a backlash from members of the business community and associations such as the Internet and Mobile Association of India, NASSCOM, and ecommerce companies like Amazon and Walmart over the provisions of the draft bill.
The European Union (EU) had also expressed reservations about the draft bill. “If implemented, this kind of provision would also likely hinder data transfers… contrary to what is sometimes suggested, India’s striving tech industry does not need this type of forced-localisation measures,” wrote Bruno Gencarelli, head of the International Data Flows and Protection Unit at the European Commission (EC).
After the Facebook-Cambridge Analytica scandal, governments across the world are drafting and implementing laws around the flow of data.
Countries such as Japan, Korea, and New Zealand have already passed data protection laws based on the principle of data localisation. Meanwhile, in Latin America, Brazil passed its own law in August 2018, while Chile announced the setting up of an independent data protection authority.