Data breaches surge across globe & more so in India amidst pandemic

As transnational companies witness data breaches in 2020-21, it makes citizens wonder whether their data really is “safe”.   A report published by IBM titled “Cost of a Data Breach Report 2021” reveals that the average cost of a breach increased by 10% from 2020 to 2021, the largest single-year cost increase in the last seven years.

To add to it, the report highlights that there was a $1.07M cost difference where remote working and digital transformation were in place due to the COVID-19 pandemic, increasing the average total cost of a data breach.

This holds true especially in the case of India where the average total cost of a breach amounted to a whopping Rs.165 million, an increase of 17.85% as compared to the previous year as data breaches were reported at Mobikwik, BigBasket, Air India and Dominoes. The leak of sensitive information of millions of users points out the deleterious effects on the privacy of those affected.

A writ petition has been moved before the Delhi High Court under Section 70B of the recently enacted Information Technology Act, 2000 on August 13, 2021, seeking issuance of directions to CERT-IN on data breaches and asking them to conduct thorough investigations on the same.

As India witnesses such massive data breaches and cyber-attacks, it makes users think about its causes. After all, no one wants their personal, sensitive information to be “sold” on the dark web. As per the report by IBM, the most frequent initial attack vectors were compromised credentials causing 20% of the breaches, phishing, triggering 17% of the attacks and cloud misconfiguration resulting in 15% of the breaches. There has been an increase in vulnerabilities over the past year, in terms of the escalating dependence on technology by firms, adoption of new policies and “less-controlled” work environments.

Rajeev Chandrasekhar, the Minister of State for Skill Development and Entrepreneurship and Electronics and Information Technology, in a written reply to a question in the Lok Sabha, reported that the Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in the country and that a total of 6,07,220 cyber security incidents were observed during 2021 up to June.

Besides, data provided by the National Crime Records Bureau in its report “Crime in India-2020” also records a significant increase in the frequency of cybercrimes, especially in rural areas which may be attributed to the fact that due to the lockdown, most of the people in rural areas used digital services for the very first time in their lives, making them easy targets for attackers.

Although COVID-19 has made us more susceptible to data breaches and cyber-crimes, they can be prevented by small, but vital steps such as downloading files only from trusted sources, being cautious about giving out personal information, making sure that you have enabled your privacy settings first et cetera. Also, it is to be noted that if one somehow falls for these schemes, one can always report it on the cybercrime portal or give a call on helpline No. 155260.

Meanwhile, the Ministry of Home Affairs has already operationalized the National Cyber Crime Reporting  Portal to provide a centralized mechanism to the citizens for online reporting of all types of cybercrime incidents, with a special focus on cyber crimes against women and children. Incidents reported on this portal, their conversion into FIRs and subsequent action thereon are handled by the States and UTs’ law enforcement agencies concerned as per the provisions of the law. As per the data maintained, since its inception 317439 cybercrime incidents and 5771 FIRs have been registered up to the financial year ending 2021.