India may be considered the export hub for engineering talent and the fastest growing tech market in the world, but there is still a whole lot of room for improvement when it comes to data privacy and cybersecurity. India stood 19 on the ranking of 21 countries in the National Privacy Test, according to the recent survey by virtual private network (VPN) provider NordVPN.
The survey was launched in November 2020 and assessed the digital habits, privacy awareness and risk tolerance of over 48K participants from around the world.
India scored 51.1 points on the scale of 100, while Germany topped the list with 71.2 points. India had been awarded about 37 points for digital habits, 57.6 for privacy awareness and 65.2 in risk tolerance. In comparison, the global averages in these criteria were 47.1 in digital habits, 72.2 in privacy awareness and 84.2 in risk tolerance. Overall, India scored about 14 points below the global average of 71.2, which is one of the worst performances by countries with a similar economy.
The top ten countries in ranking of this survey were — Germany (71.2), Netherlands (69.5), Switzerland (68.9), USA (68.5), Belgium (68), France (67.7), Denmark (67.6), Norway (67), Spain (67) and Sweden 66.2). Meanwhile, India was followed by Turkey (46.7) and Japan (44.4) in the bottom two spots.
Why India’s Failed The Global Privacy Test
NordVPN’s National Privacy Test highlighted that India is the worst country in terms of paying attention to the term of services in apps and services they use. The survey outlined that India should focus on five aspects:
- Which sensitive data to avoid sharing on social media
- The importance of reading terms of services of apps and online services
- What tools to use to become more private online
- Facebook’s ability to collect data of people who don’t even have a Facebook account
- How to secure their home Wifi network
The test also revealed that Indian users understand the security benefits of updating apps as soon as they are available, creating strong passwords, how devices are infected with malware and how to react to online privacy threats.
Japan, despite being among the most digitally competitive countries, performed the weakest in the National Privacy Test with an overall score of 44.4. The country scored 34.8 points in digital habits, with 45.3 points in how to secure online privacy and 57.7 points in how to react to online privacy threats.
But Are Users To Blame?
While the NordVPN’s National Privacy test focuses only on consumers, companies in India are not doing any better in managing the customer’s privacy and cybersecurities either. Indian companies have been subjected to several massive cybersecurity attacks, compromising the privacy of millions of users. In 2021 alone, data of about 200 Mn (20 Cr) users have been compromised with the data breaches of two fintech startups JusPay and Mobikwik.
The dataleak of about 100 Mn (10 Cr) users of mobile payment solutions company JusPay was serious as the leaked data included sensitive financial details — user’s card brand (VISA/Mastercard), card expiry date, the last four digits of the card, the masked card number, the type of card (credit/debit), the name on the card, card fingerprint, card ISIN, customer ID and merchant account ID, among several other details.
Mobikwik’s database of 110 Mn (11 Cr) users included personal and financial details of individual customers, along with the details of merchants that have procured loans from the company. However, Mobikwik has continued to deny any breach, with CEO Bipin Preet Singh also laying the blame on users.
Besides this, data of grocery delivery giant BigBasket (acquired by Tata), edtech startup Unacademy, crowdfunding platform Impact Guru, Indian prime minister’s website Narendramodi.in and many others have also been leaked on the darkweb since last year, highlighting India’s poor cybersecurity infrastructure.
Indian Government Delays Cybersecurity Policy
According to the data shared by state-owned Indian Computer Emergency Response Team (CERT-In), over 26,100 Indian websites were hacked in 2020. This included 110 central ministry websites, 54 departmental websites and 59 state government websites. On the other hand, 17,560 websites were hacked in 2018 and 24,768 were hacked in 2019.
Indian government had decided to strengthen the country’s cybersecurity infrastructure by launching a policy in January 2020, but there hasn’t been an update on that front since then. The government has taken other measures like Cyber Swachhta Kendra (or botnet cleaning and malware analysis centre), formulation of cyber crisis management plan, and empanelment of security auditing organisations to support and audit the implementation of best practices.
Even the Reserve Bank of India (RBI) has decided to take notice of the data leaks and breaches and has updated its policies and tightened supervision norms.