India saw the second-highest number of cyber-attacks between 2016 and 2018
The Asian country makes for about 12% of the world's internet user base
Just this year, multiple Indian startups were reported to have cybersecurity risks
In 2018, global internet users have touched 3.8 Bn, which is more than half of the world’s population. Of this, India’s internet user base accounts for about 12%, making it the second-largest internet user base globally. This is a significant feat in terms of digital inclusivity but also intensifies the potential impact of cyberattacks worldwide.
According to the Data Security Council of India (DSCI) report, India saw the second-highest number of cyber-attacks between 2016 and 2018. The average cost incurred for a data breach in the country has also risen 7.9% since 2017, with the average cost per breached record amounting to INR 4,552 ($64).
Just this year, multiple Indian startups were reported to have discovered a security loophole including cashback platform CashKaro, financial marketplace Chqbook, online directory Justdial, foodtech major Zomato and many more.
Further, as new-age business models shift from supply chain centricity to value chain centricity; the link between various companies’ technologies has become one of the biggest security gaps that businesses will have to fight in the near future, said Pankit Desai, founder of a cybersecurity company Sequretek.
Another significant shift in the cybersecurity space will come with the launch of the 5G network. On a low bandwidth network, one can afford to be a little bit disconnected. But in a completely connected world, with IoTs taking over all aspects of the business, any potential threat could have a cascading effect very quickly, Desai added.
The Data Security Council of India (DSCI) has found the rising cyber-attacks in the country has resulted in more and more companies opting for cyber insurance policies to mitigate risks. About 350 cyber insurance policies have been sold in India till 2018, which is a 40% increase from that in 2017.
What are the latest trends in cybersecurity?
- Cybersecurity Is An Afterthought Among Indian Startups
- Fintech Startups Adopt Cybersecurity Measures
- Private Cos Depend On Govt To Fight Cybersecurity Risks
- Cybersecurity Concerns Among Government Bodies
- Indian Govt To Bring In Cybersecurity Policy
Trend 1: Cybersecurity Is An Afterthought Among Indian Startups
The biggest issue among Indian startups is that the sole focus is always on building the product and the parallelised focus that needs to be there on cybersecurity is missing, said Desai.
“Unfortunately, even from the structured the ecosystem of investors, bankers and others who get involved with startup conversation, this is not a conversation that finds any traction. What ends up happening is that more often it ends up becoming an afterthought,” he added.
Trend 2: Fintech Startups Adopt Cybersecurity Measures
Talking sector-wise, things start changing for fintech companies, the moment they become a part of larger organisations (banks or insurance companies) value chain, Desai said. About 60% of Sequretek clients are said to be from the financial sector. While the rest come from retail, services and manufacturing.
“Fintech is kind of getting its act together but rest anybody is I guess left to the mercy of fate, in terms of how they look at cybersecurity or don’t look at it,” he said.
Trend 3: Private Cos Depend On Govt To Fight Cybersecurity Risks
Talking to Inc42, an independent security researcher Rajshekhar Rajaharia also said that private companies do not allocate separate funds to fight their cybersecurity risks. Instead, they depend on government systems such as cybersecurity cells to solve these cases. Legally, such cases do not even come under the purview of government mechanisms, he added.
“Similar trends were also observed among European companies who were not investing in cybersecurity. In response to which, GDPR has now levied a fine (5% of company’s revenue) on private companies which undergo a data breach.” said Rajaharia.
Trend 4: Cybersecurity Concerns Among Government Bodies
Such reports are not just limited to private companies, various government entities have frequently been found at risk of data leaks. The most recurring of these has been the Aadhaar related data leaks.
Aadhaar number is a 12-digit random number issued by the government to the residents of India. This number is connected to citizen’s biometric thumb impression and eye scan, along with their name, permanent address, and mobile number.
The most recent leak happened when the Andhra Pradesh government’s agricultural ministry website made the Aadhaar data of thousands of its farmers public on its platform. Prior to this, Aadhaar database of government workers in Jharkhand was left exposed without a password on the state government’s website. In 2018, The Tribune has also reported that some unidentified groups were found selling the Aadhaar data of over one billion people at just $7.88 (INR 500).
Trend 5: Indian Govt To Bring In Cybersecurity Policy
ITU’s Global Security Index 2018 has counted India among the countries with a high commitment to cybersecurity. India was ranked 47 with a commitment score of 0.719, while United Kingdom, America and France topped the list with a score of 0.9.
The Indian government has now announced plans to launch a cybersecurity policy in January 2020. Ajeet Bajpai, director-general of the National Critical Information Infrastructure Protection Centre said, “considering the size and scale of our nation, we need approximately INR 25K crore budget for the same. The biggest question is where this money will come from? Also, there is a need to emphasise on the need to make cybersecurity mandatory as a subject at the university level for high-decibel awareness.”
“The budgetary requirements and necessities of this operation are high, and even a small country like Israel has allocated an annual budget of $20 Mn for cybersecurity,” he added.