Recent alleged cyberattacks on the Delhi Police website ahead of the G20 summit are yet another reminder of the growing and ever-present threat to digital security. In fact, several hackers are likely to have attacked India’s digital infrastructure during the summit, claims CloudSEK, a cyber-security company.
Between 2020 and 2022, India averaged 1.3 million cybersecurity incidents a year, according to data presented in Parliament based on incidents reported to or tracked by the Indian Computer Emergency Response Team (CERT-In), a government nodal agency. The actual number could be higher. Additionally, almost 67% of Indian government and essential service entities reported a 50% increase in disruptive cyberattacks in 2022-23, says a new report by Palo Alto Networks, a US-based cybersecurity company.
Cyberattacks entail a financial cost. Last year, the Official Cybercrime Report by Cybersecurity Ventures projected this cost globally at $8 trillion for 2023 and $10.5 trillion by 2025. The average cost of a data breach in India this year has been $2.18 million, according to IBM’s annual Cost of a Data Breach Report. According to the report, 28% of these data breaches led to the loss of data spanning multiple types of environments, such as public cloud, private cloud, or on-premises, indicating that attackers were able to compromise multiple environments while avoiding detection.
In 2020, India took an average 230 days to identify a breach, and another 83 days to contain it, compared to 186 and 51 days in the US, and 128 and 32 days in Germany.
Critical costs
For India, the cost of cyberattacks is critical, given its digital ambitions. The number of internet users is expected to grow from 692 million in 2022 to 900 million by 2025, according to the Internet and Mobile Association of India. Digitization is increasing. For example, earlier this month, the Union Cabinet cleared ₹7,210 crore for the third phase of the eCourts project, which digitizes court records and shifts more court processes online. The extent of digitization is already visible in payments. The number of transactions over UPI (unified payments interface) crossed 10 billion in August as users sent about ₹15 trillion over the network.
Cyberattacks can undermine trust in the system, and make the transition harder. For example, users who lose even a small amount of money to cybercrime might be driven to withdraw from digital transactions, even dissuade others. Cyberattacks on the All India Institute of Medical Sciences, New Delhi, in the past year raised concerns about medical records. According to the IBM report, the cost of a data breach in healthcare is the highest—almost double that of the financial sector. “Over the past three years, the average cost of a data breach in healthcare has grown 53.3%, increasing more than $3 million compared to the average cost of $7.13 million in 2020,” it said.
Skills gap
While cybersecurity will remain a cat-and-mouse game, with hackers and security professionals trying to catch up with each other, investments in technology can help identify and contain breaches faster. It also entails the availability of cybersecurity skills. India faces the second-highest shortage in its cybersecurity workforce, with a seven-fold increase in the past year, according to a “Cybersecurity Workforce Study” by ISC2, an association of professionals in the field.
Human resource services company Teamlease estimates a 30% shortage of cybersecurity skills in India in 2023. Demand for specific skills within cybersecurity is also expected to change. According to a survey by the Data Security Council of India, application security, cloud security and data forensics were the current top three areas where there was a gap. In five years, cybersecurity professionals surveyed believed artificial intelligence would top the list. The cyberthreat is not going anywhere.
www.howindialives.com is a database and search engine for public data