Is India prepared to protect itself from cyber-attacks?
According to business and consumer data company Statista, in the financial year 2021, over 3.8 thousand government services in India were provided over the internet. A CLSA report indicates the value of digital payments in India will grow three-fold – close to 1 trillion dollars in FY26 from 300 billion dollars in FY21.
A Deloitte study has said India will have 1 billion smartphone users by 2026. The country was home to 1.2 billion mobile subscribers in 2021, of which about 750 million were smartphone users. As on January 2021, India had 448 million social media users. In 2021, the DBS Digital Readiness survey revealed almost 62 per cent of large and middle-market companies are still in the formative stages of digitalisation in India.
These are big numbers, and point to the vastness of the cyberspace that India needs to secure. The country is also a witness to numerous cyber attacks in the past, including many soft ones. The government’s ongoing Digital India push and the Reserve Bank’s planned Central Bank Digital Currency may only add to the list of vulnerabilities.
In December 2021, Business Standard reported that India was expected to be among the largest victims of cyber attacks in two years. Cyber attacks were projected to increase by 200 per cent year-on-year.
According to the Computer Emergency Response Team data, India witnessed a three-fold increase in cybersecurity-related incidents in 2020 compared to 2019, recording 1.16 million breaches. The number of breaches is expected to increase in 2021 and 2022. According to government sources, there has been 6,07,220 recorded cybersecurity breaches till June 2021.
So, is the Indian government seized of the situation at hand? Data on government cybersecurity spending paints a mixed picture. According to a Business Standard report, in 2021-22, the government outspend its budgeted estimates on cyber security for the first time in past eight years. In its recent Budget, the government said it would spend 515 crore rupees on cyber security in 2022-23.
That’s a 10 times increase, compared to 2014-15.
However, it also represents a reduction from the 552.3 crore rupees spent on cybersecurity, as per the revised estimates of 2021-22. The government had budgeted 416 crore rupees for cybersecurity for that period.
Actual government spending on cybersecurity has always remained below budgeted estimates. For example, the government had spent 88.2 per cent of its budgeted amount on cybersecurity in 2016-17. In 2020-21, it was only able to spend 53 per cent of the budgeted amount.
Presently, the nature of the war in Ukraine indicates that India needs to review its cyber-defense policies. The country also needs to give equal attention to building a deterrent cyber-offensive capability. The government is taking far too long in finalizing a National Cyber Security Strategy.
In a recent editorial, Business Standard pointed out two limitations in India’s present approach. At present, the country’s policy is defensive and has a narrow-focus. It aims to harden vulnerabilities only in civil government and military assets.
However, a substantial amount of critical infrastructure in India is built and managed by the private sector. Private corporations also hold troves of sensitive personal data. Therefore, any new strategy must ensure the private sector has necessary cyber-security cover. The new strategy must also acknowledge that the capacity to counter-attack is often the best defence in a cyber-war.