Bridging Digital Disparities, Through Investments: A Cyber Security Perspective
Organizations, particularly private sector enterprises, tend to underinvest in cybersecurity
India has entered a new era of digitization due to the COVID-19 pandemic. The increased adoption of IT solutions, cloud platforms, digital payments and e-commerce has resulted in an increase in cyber threats. Recent data breaches at Mobikwik, Bizongo, JustDial, Unacademy, JusPay, Dr Reddy's, Lupin, Big Basket, and BuyUCoin, among others, have cast doubt on India's data security, prompting calls for the implementation of tough cybersecurity regulations. Indian startups face a significant risk of data breaches as a result of gaps in technology infrastructure and growing cyber legal practices. This has created an entirely new and untapped opportunity for Indian cybersecurity businesses. A nation's national and economic security depends on cybersecurity investments. The epidemic wasn't the only unanticipated setback for cybersecurity. Investing in 2021 set new records, but so did attacks. We will never fully secure the Internet if we continue to utilize it the way we are now. The banking, financial services and insurance (BFSI) sector has aggressively altered itself and exploited technology to fulfil changing client requirements. While the digital transformation has improved the consumer experience and the bottom line, it has also exacerbated security risks.
Organizations, particularly private sector enterprises, tend to underinvest in cybersecurity. Four major causes are as follows: First, most Indian enterprises treat cybersecurity efforts as cost-saving (or cost-avoidance) investments. Second, the cost savings gained by cybersecurity investments are not evident. Because the value of cybersecurity investments is uncertain, firms tend to ‘wait and see’ on a large portion of potential cybersecurity investments; lack of right metrics to quantify its benefits and business outcomes are causing companies to delay critical digital initiatives; compliance with government regulations. The MSME enterprises want the certificate and the stamp. Often, by the time permissions are granted, the certification is outdated and unreliable. Furthermore, some outdated methods promote security personnel acquiring just qualification above skill and lack defensive skills.
High startup funding has crowded and complicated the cybersecurity business. India's private equity and venture capital investments in cybersecurity startups fell last year for the first time in six years. Unlike in India, the global cybersecurity business attracted investors last year. We believe that compared to the US/West, India's cybersecurity maturity is still catching up. Many Indian companies still favor products that have been validated in mature markets while procuring. As a result, prospects for Indian goods vendors are restricted, and while this has improved in recent years, there is still a long way to go. These countries also foster cybersecurity innovation and facilitate conducive ecosystem for business. This has driven several Indian-origin startups to relocate to Western countries to access larger markets.
Data protection and cybersecurity are critical to preventing data breaches. Globally, new laws are being implemented to regulate personal information collection, retention, use, disclosure and disposal. The Indian Personal Data Protection Act, 2020 (PDPA) is planned to bring structure to the data security ecosystem in the country and totally revolutionize how corporations manage personal data of Indian citizens. With such a legislation, corporations may no longer take consumers' personal data for granted, and a robust compliance culture is anticipated. The new PDP Act demands privacy and security “by default”. This means that enterprises must now follow industry best practices and consumer-centric processes and demonstrate them to data protection authorities (DPAs) upon request.
When it comes to huge organizations or the government, responsibly disclosing cybersecurity issues is nearly difficult. The argument in India over data protection law includes whether researchers who raise legitimate concerns about cybersecurity should be protected. To effectively combat cybercrime, players within a certain industry or set of companies must share cyber intelligence. With the reporting of data breaches is made mandatory and a shared repository, firms can better defend against known threats, malware and attack vectors.
The interconnectedness of cybersecurity, digitization and innovation is increasingly seen as a commercial value generator. Cybersecurity excellence also allows businesses to differentiate their brands by enhancing client trust. Most firms consider cybersecurity a tech issue rather than a risk to their business value. It will be a useful research endeavor to explore and model the correlation of cyber risk with data from past events and the interaction with financial markets. The focus has switched from prevention to remediation, control and recovery as we understand that no matter what we do, we will get attacked. So, part of the cyber risk plan is determining what we need to deploy if we are breached.
New regulations will undoubtedly increase the cost, but also the ways corporations can be attacked. The justification for the cybercrime insurance is established based on the inability of security systems preventing all probable cybercrimes. The practice of cyber risk and crime insurance have matured in the US, the UK and European markets with developed legal wording, succinct terms of coverage, more mature data sets and a larger pool of insurers. Against this backdrop, the Indian cyber insurance sector is still in its infancy. Managing cyber risk for a company is similar to managing property and casualty risk: we want to avoid a breach but being prepared benefits your company. In an era of constant disruption and continual innovation in digital productions and services, the ability to use cybersecurity as a means to improve strategic agility and operational excellence will serve as a key differentiator for companies hoping to accelerate their growth.