In the past few years, India has experienced rapid digitalization and increased mobility, resulting in numerous benefits. However, this has also expanded the scope of threats and vulnerabilities.
The increasing number and frequency of recent data breaches have proven that organizations across all sectors are vulnerable to cyberattacks. According to the 2023 Cost of a Data Breach report, the cost of a data breach in India is $2.18 million. After two major attacks in recent years – one against the Kudankulam Nuclear Power Plant, the largest nuclear power plant in the country, and the other against the Indian Space Research Organization (ISRO) – it is clear that India needs to step up its cybersecurity measures.
Rapid digitization and cyberattacks on the rise
Adopting new technologies and pursuing digitization also means cultivating a cybersecurity workforce. India has the second-largest Internet user base, and, due to the constant digital and data growth, it is essential both for enterprises and government authorities to be equipped with the necessary resources to provide efficient cybersecurity and data privacy. Besides the risk of a data breach which causes both financial and reputational loss, growing compliance requirements, as well as the loss of competitive advantage, are essential factors to take into consideration.
The costs of data breaches are increasing on a global level, and, although malicious attacks are the most common and most expensive root cause, organizations should put more emphasis on preventing insider attacks, too. According to The Ponemon Institute’s report, the average cost of an insider threat annually is $16.2 million. In India, banking, financial services, and insurance organizations, as well as the government sector, are among the most vulnerable, followed by healthcare, manufacturing, and energy. Furthermore, the emergence of technologies like the Internet of Things (IoT) in organizations coupled with a growing trend for convergence and multi-system interconnectedness, introduces several threats and requires active security and monitoring.
Currently, the digital economy contributes approximately 11% to India’s GDP, and it is expected to grow to 20% by 2026, which means that the number of digital services, as well as the volume and value of the produced data, will show an increase. Moreover, a rising amount of sensitive data, including credit card numbers and Aadhaar numbers, is being stored online, and, together with the expanding number of connected devices, it creates the need for an enhanced data security strategy that includes a variety of cybersecurity products.
The first step is organizations must address basic cybersecurity risks like weak credentials, as these still are captains of the industry. Larger and more mature organizations have already undergone the initial grind and have incorporated cybersecurity as part of their strategy, but with threats constantly evolving, there is a need for improving it. Depending on the size of the organization and the industry, this strategy should cover data security, endpoint security, network security, identity, and access management, as well as security intelligence detection and response (IDR).
Regulatory focus on cybersecurity
Cyberattacks are growing and becoming more sophisticated, resulting in increased regulatory attention towards cybersecurity as well. Regulators are formulating frameworks and guidelines, but also tightening controls over organizations across different sectors.
Global regulations such as the GDPR, (HIPAA, and HITRUST will continue to have a growing impact on the Indian market due to the exchange of services and data. National regulations such as the Digital Personal Data Protection Act, compliance with the Cyber Security Framework for banks, and the Digital Information Security and Healthcare Act are also being considered as factors driving data security and privacy requirements.
Still, the government needs to invest further to strengthen India’s cybersecurity framework. A thorough risk and gap assessment of the current cyber resilience of the country’s various economic sectors is still necessary, as well as strengthening and reviewing national cybersecurity projects such as the National Cyber Coordination Centre, National Critical Information Infrastructure Protection Centre, and the Computer Emergency Response Team).
In summary
The reported breaches in the recent past are causing concern to both governments and businesses. India needs to strengthen not only the legal framework to handle cybersecurity cases, but it has to improve the protection of critical infrastructure and build offensive capabilities as well as educate citizens about the safe use of digital assets. Prioritizing cybersecurity and the security of its major sectors is crucial for ensuring India’s stature as one of the world’s leading investment hubs. Cybersecurity measures both from the government and organizations are expected to evolve and become more pronounced in the future.
Data Loss Prevention (DLP) solutions can help Indian organizations strengthen their cybersecurity framework. Endpoint Protector by CoSoSys is an industry-leading multi-OS DLP. As an endpoint DLP, Endpoint Protector is able to protect your sensitive data from leaving your control, even when employees and end-users are working offline. Schedule a demo here.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.
