India’s cybersecurity crisis: Expensive breaches keep rising

India’s cybersecurity crisis: Expensive breaches keep rising

I recently reconnected with a childhood friend of mine after a couple of decades. Amidst nostalgic recollections of technology-fuelled shenanigans during our turn of the millennium years, which involved a lot of dial-up internet surfing and console-gaming, the topic of cybersecurity came up uninvited (as is its wont). We both noted how advanced cyber threats have become circa 2023, compared to what we had to deal with back in the day. He also went on to narrate how one of his relatives fell prey to a debit card cloning attack which wiped out a substantial portion of their savings in just a few hours.

hacker in cyber space

As much as this is a cautionary tale, it isn’t unfortunately an isolated one. Sadly, such scams and attacks are only becoming too common. In fact, phishing, data leaks and scams are the three most common threat types affecting victims of cyber crimes not just in India but all over the world, according to cyber security firm Kaspersky. Not just older demographics who remain digitally disadvantaged, but even younger tech-savvy folk aren’t too careful when it comes to securing and fortifying their digital presence. But there’s also another factor that’s increasing quite dramatically over the years – data breaches suffered by companies storing people’s sensitive data, compromising regular folk in ways they have no control over whatsoever. 

Needless to say, the nature of cybercrime itself and ways in which it can directly or indirectly impact us is becoming increasingly more complicated. I’m reminded of something that Vishal Salvi, CEO of Quick Heal and SEQRITE (a Pune-based cyber security company) told me in an interview earlier this year, “Cybersecurity is only visible when it’s not working, and it’s invisible when it’s working. Not getting hacked doesn’t mean you may not be vulnerable to that possibility, so it’s very important that every stakeholder understands responsible cyber security practices, especially given the fact that there’s so much digital adoption in the country.” And he’s absolutely right, of course.

As India becomes more digital in the future, the importance of cybersecurity has never been more pronounced. A recent study by the Data Security Council of India (DSCI) titled “Bridging the Gap: Identifying Challenges in Cybersecurity Skilling and Bridging the Divide” sheds light on the current state of cybersecurity in India. The report’s findings are both enlightening and alarming.

An important revelation of the DSCI report is that 88% of global organisations now have their boards asking cybersecurity-specific questions. This shift to board-level priority underscores the gravity of cyber threats and the rising costs associated with data breaches. This trend is corroborated by IBM Security’s 2023 report on the cost of data breaches on an impacted company’s revenue, which was pegged at ₹17.9 crore on an average in 2023 – an all-time high for the report and almost a 28% increase since 2020. What’s adding insult to injury is the fact that over 50% of the companies in IBM’s report indicated they’ll be passing down the cost of these data breaches to their customers – which is bad news for all of us who’re only going to spend more money online.

Another significant insight from the DSCI report is that 70% of cybersecurity professionals think cyber security events are only going to increase in the future. Cyber professionals anticipate a surge in phishing, smishing, and vishing attacks. Ransomware attacks and zero-day exploits also loom large, as hackers employ advanced technologies like AI and IoT to wreak havoc, and the need for robust security measures becomes paramount. Before the countermeasures get deployed, before we infuse AI into cyber security practices more tightly, first we’ll need enough skilled cyber security personnels to design and deploy security measures proactively, tackle whatever crisis situations may arise in a manner that doesn’t overwhelm.

However, the world currently faces a huge shortage of 3.4 million cybersecurity professionals – and India, with its rapid digitisation, isn’t immune to this shortage. While companies recognise the importance of cybersecurity professionals, current numbers remain low. As much as 47% companies aim to increase their cybersecurity workforce by over 30% in the next five years, with roles like DevSecOps Engineer and IoT Engineer are set to surge. Probably the most concerning statistic of the DSCI report is that 75% of students from cybersecurity programs have not pursued any eligible cybersecurity certification, indicating a potential skills gap in the making. This is quite alarming!

Of course, we all need to do better in terms of cybersecurity awareness and safeguards. And I fear that because it’s still such an intangible concept – securing ourselves online versus when we’re travelling in a car, for example – as my friend remarked, people and humans will continue to remain vulnerable as the weakest link in the cybersecurity chain, no matter how advanced digital technology becomes in the future. But attitudes won’t change until you start to realise that even the most impenetrable piece of tech can be compromised, anything connected to the internet can be hacked. It shouldn’t make you paranoid, but more conscious of your actions from a cybersecurity perspective. That’s the only food for thought I’ll leave you to contemplate on the occasion of October Cybersecurity Awareness Month.

This column was originally published in the October 2023 issue of Digit magazine. Subscribe now.

Jayesh Shinde

Jayesh Shinde

Executive Editor at Digit. Technology journalist since Jan 2008, with stints at Indiatimes.com and PCWorld.in. Enthusiastic dad, reluctant traveler, weekend gamer, LOTR nerd, pseudo bon vivant. View Full Profile

Digit.in
Logo
Digit.in
Logo