With President Draupadi Murmu's assent of the Digital Personal Data Protection Bill in August this year, the gravity of matters concerning data protection and privacy in India has gained more clarity, particularly from a business, legal, and policy standpoint. Both enterprises and government organisations are now intensifying their focus on privacy and data protection as a vital element of their business continuity strategies following the enactment of the DPDP Act 2023.
The urgency of enhancing cybersecurity measures is further emphasised by the 37% surge in cyberattacks experienced by India in 2021, reflecting a broader global trend of escalating cyber threats. On a global scale, the financial impact of cybercrime is projected to reach an astounding $8 trillion in 2023, underlining the pressing need to safeguard digital assets through robust cybersecurity frameworks.
Prioritising Privacy Preservation
“In this age of connectivity, where the internet has become an integral part of our daily lives, safeguarding our online privacy is paramount,” said Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies India. Bajwa stressed that as India progresses rapidly towards a digital future, “we need to respect and understand the significance of preserving the privacy and security of our personal data.”
Joy Sekhri, Vice President of Cyber & Intelligence Solutions for South Asia at Mastercard, concurred with Bajwa, asserting that cybersecurity and data privacy are of paramount importance for every organisation in today's digital landscape.
“Protecting sensitive information, both customer and internal, is not just a legal requirement but also a fundamental trust-building measure. Data breaches and cyberattacks can result in severe financial losses, damage to reputation, and legal consequences,” Sekhri asserted.
Proactive Measures in Cybersecurity
Echoing these concerns, Sandeep Bhambure, Managing Director and Vice President for India & SAARC, Veeam Software, said that with digital transformation becoming a key differentiator and no silver bullet readily available, IT leaders need to prepare their businesses for any potential attack. “Shifting from a reactive to a proactive approach in cybersecurity is pivotal in the current digital landscape.”
“The conversation is shifting from how a hack occurred to how organisations are protecting data,” said Bhambure, adding that this proactive approach is validated by the increase in cybersecurity investments across the Asia Pacific. According to Veeam's 2023 Ransomware Trends Report, there was a 5.4% increase in cyber prevention and a 5.6% rise in backup budgets across the region.
Alarming Rise in Global Cybercrime Costs
Emphasising the financial implication of cyber fraud, Sekhri said, in FY23, the total amount of fraud in the digital payment category was Rs 276 crore in India. The alarming rise in global cybercrime costs, with projections indicating an increase to $10.5 trillion annually by 2025, accentuates the critical nature of a multi-pronged approach to strengthening cybersecurity measures.
Planning for Cyber Resilience and Recovery
Bhambure stressed that in the face of inevitable cyber threats, having a robust recovery plan is quintessential. “Businesses should no longer think ‘if we get hacked' but rather, ‘when we get hacked, what is our recovery plan?'.”
This perspective is reinforced by the global trend towards enhancing cyber resilience. For instance, the Cyber Resilience Budget, which encompasses cybersecurity, data privacy, and business continuity, is expected to reach $21 billion globally by 2023.
Invest in Employee Training and Cybersecurity Infra
Educating and training employees on cybersecurity best practices are fundamental building blocks of a strong digital defence. Sekhri of Mastercard advocates for “comprehensive employee training programs to heighten cybersecurity awareness.”
This aligns with the global emphasis on cybersecurity education, substantiated by a report from Cybersecurity Ventures predicting that global spending on cybersecurity training for employees will exceed $10 billion by 2027.
Investing in robust cybersecurity infrastructure is a practical approach to thwarting cyber threats. Sekhri underscores this approach, emphasising the importance of “encryption, multi-factor authentication, and regular security audits.”
Sekhri said that investing now can save millions. “Encryption, multi-factor authentication, frequent security audits, and extensive employee training programs to raise cybersecurity awareness are essential for preventing data breaches. Collaborating with cybersecurity specialists, staying up to date on new threats, and adhering to industry best practices are also vital,” Sekhri said.
The positive aspect is that 51% of organisations are planning to increase security investments in response to a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools, according to a recent IBM study.