Is India Prepared for Cyberattacks in 2022?

India is a global powerhouse when it comes to IT. With millions of software developers and a significant chunk of the nation’s GDP associated with tech, it’s no surprise that cyber attacks are a common occurrence. 

In 2019, losses to cybercrime in India totalled Rs 1.25 trillion and the rate of cyberattacks has increased in the last two years since the pandemic. Between 2019 and 2020, reports of cybercrime jumped 11.8% according to the National Crime Record Bureau. 

These statistics are by no means specific to India – cybercrime is a truly global issue. Yet, it’s a concern for businesses and citizens alike since online work and digital economic life are so important to the economy. While there are some simple solutions for each of us to be prepared for cyberattacks, like getting Surfshark VPN and regular system updates, there is more to it than that. 

To help you understand the landscape of cyberattacks in India, we’re going to explore:

• The global and local scale of cybercrime.
• What the Indian government is doing to tackle cyberattacks.
• The future of cyberattacks and online security in India.

Cyberattacks: A global issue

The COVID-19 pandemic changed a lot of things; the shift to online life looks to be a permanent one. With more people online comes more chances to attack their activity – by August 2020, eCommerce cybercrime was up 400% on the year before in the USA, for example. 

Cyberattacks that target businesses pose an even greater risk. Ransomware attacks – when a hacker encrypts data and releases it for a fee – increased a staggering 1,885% across 2021. 

It’s not just online data that’s getting attacked, either. In 2021, Colonial Pipeline was hacked, threatening to halt oil moving across the USA, and in the opening weeks of the Russian aggression in Ukraine, the Russian stock exchange was taken down by Ukrainian hackers. 

How cyberattacks affect India

The global trends hit home in India, too. In just the first half of 2021, there were over 600,000 cyberattacks in the country, according to the Computer Emergency Response Team.

The shift to working from home has increased vulnerabilities, with more network entry points and more chances for an attacker to target an unsecured device. Following demonetization in 2016 and the drive towards a cashless economy, more and more people are using smart devices and storing personal data online, too. 

The trend toward corporate ransomware attacks is as evident in India as it is across the globe, including:

• The attack on Oil India Limited in April 2022 that demanded US$7.5 million.
• Nihmans, the mental health institute in Bengaluru, faced a ransomware attack in March 2022, with no losses disclosed.
• A hit against Pimpri-Chinchwad Municipal Corporation Smart City in Pune in 2021 that reported losses of up to Rs5 crore.

What seems to be specific to India in terms of corporate cyberattacks is a focus on healthcare – where there are bundles of personal data stored about people. Over 7 million attempts to hack healthcare providers in India were registered from only October to November 2020.

Tackling cyberattacks in India: The present

As of today, there is one main piece of legislation relating to cybercrime  – the IT Act of 2000 which was updated in 2008. It was introduced to give a framework for legal online transactions and the amendment a few years later established the Indian Computer Emergency Response Team (CERT-In).

Later, the National Cybercrime Policy was launched in 2013. The policy is there to bring together government departments and stakeholders to protect infrastructure, provide national alerts and advice, and increase cybersecurity capacity. 

While you could argue these elements aren’t helping much since cyberattacks are on the rise, we’ve seen already this is a global trend not only affecting India. However, looking at the detection and conviction rates of cybercrime does show cause for concern. 

In Maharashtra, between 2015 and 2020:

• 21,970 cases of cyberattacks were reported.
• 5,513 of those cases were detected.
• 382 of the detected cases have gone to trial.
• 99 trials resulted in convictions.

Of course, this is only a snapshot of one state, yet it’s unlikely to much better elsewhere. An issue with recruiting computer science graduates into the police force is just one of many issues holding back the legal process. 

Tackling cybercrime in India: The future

With no sign of cyberattacks waning any time soon, India – along with the rest of the world – needs to be prepared for what’s next. 

The personal Data Protection Bill has been moving through parliament since 2019. It enshrines key principles of what personal data is, how it can be processed, and where it can be stored. Yet, the bill is possibly being superseded by a Privacy Bill before it’s even implemented, which could take more time still. 

Another issue facing cybercrime and cybersecurity in India is spending. Yes, the cybersecurity industry sees spending of US$8.46 billion, which should see it well-placed in the field. However, 80-85 of that spending is by foreign businesses taking the fruits of the spending overseas. 

On a domestic level, it’s estimated that only 348 million Indians have a VPN installed. This basic security measure can protect against cyberattacks on individuals and businesses. To improve resilience to cyberattacks, more Indians need to download a VPN to keep their data and browsing secure.