Strengthening cybersecurity in the Indian digital economy

Startups and small-sized businesses are more prone to cyber threats due to their laxity in adopting robust security governance policies.

Digital transactions, cloud-based modus operandi, and a whole gamut of digital databases expose 76% of companies to unauthorized cyber invasions.

India has emerged as the fastest-growing major economy in the world, with a real gross domestic product growth rate of 6.84% in 2022. It currently resides at the forefront of leading the global business landscape with data, technology, and inclusion. Of late, the Government is trying to leverage the power of digitization to accelerate India’s economic development. The country has an internet user base of 75 crore people and recorded over 5,500 crore digital transactions worth USD 300 billion in 2021. Physical distancing and lockdowns during the pandemic gave a thrust to the nation’s digital economy, spurring transformation across corporate models, networks, and touchpoints. As a result, more than 95% of Indian companies will likely increase their digital spending in 2023 to invest $85 billion by 2026.

India’s technology-led initiatives and flagship programs like Startup India, Digital India, etc., foster a favorable digital business environment for future global unicorns. ICT and Digital Economy contribute over 13% to India’s GDP and aim to cross the $1 trillion mark by 2025, higher than the cumulative GDP of 170 countries. Such rapid digital transition en masse gives birth to 2.5 quintillion bytes of daily data, vulnerable to cyber-attacks and illegitimate handling.

More than 11 lakh cybercrime incidents were reported to Indian Computer Emergency Response Team (CERT-In) in 2021 alone. Almost 3,700 cyber-attacks hit the country’s digital infrastructure per day, costing a business ₹17.6 crores on average in 2022. The finance, healthcare, IT, and education sectors suffer from massive data breaches that leak sensitive company data, Protected Health Information (PHI), and Personal Identifiable Information (PII). Malware, phishing, spoofing, and ransomware attacks lead to financial losses, operational breakdowns, and corporate defamation. Startups and small-sized businesses are more prone to cyber threats due to their laxity in adopting robust security governance policies. Thus, the time is ripe to enforce cybersecurity measures and shield the organizational infrastructure against evolving criminals.

Securing India’s digital economy against cyberterrorism

Digital transactions, cloud-based modus operandi, and a whole gamut of digital databases expose 76% of companies to unauthorized cyber invasions. The Government is actively making policies and working to strengthen cybersecurity standards to combat such scenarios. However, private and public organizations share responsibility for building deterrence in cyberspace.

Government initiatives against cybercrime

India’s national cybersecurity strategy aims at developing a cyber-secure nation for businesses and individuals through awareness and compliance programs. The National Agency for cybersecurity, CERT-In, educates government officials and industry experts about the latest cyber vulnerabilities and countermeasures to protect data sovereignty and confidentiality. MeitY encourages building a robust cybersecurity ecosystem in the country through its “Cyber Surakshit Bharat” initiative. The National Critical Information Infrastructure Protection Center under the Information Technology (IT) Act, 2000, safeguards critical information regarding national security, public health, and economic development from sectors such as Energy, Finance, Telecommunication, Transportation, Public and Strategic Enterprises, and more.

Central institutions and administrative organizations roll out cutting-edge technologies from time to time to ensure a safe digital economy. For example, the Reserve Bank of India introduced Card-on-File Tokenisation to create a robust digital payment infrastructure, boosting cashless transactions and increasing consumer and business confidence. CERT-In set a time limit of 6 hours for all service providers, data centers, and business entities to report 20 categories of cybersecurity breaches. Moreover, the Government reserved the right to receive and access logs of all ICT systems and requested their maintenance for 180 days under the Indian jurisdiction. These regulations will likely catalyze cyber competency and nurture a culture of cyber awareness in the country’s digital framework.

Public-private partnerships to combat cyber threats

Phishing or ransomware attacks cripple businesses at individual levels. Companies must deploy a sturdy risk management strategy that complies with data security standards of SOC2, ISO 27001, PCI-DSS, and other major regulatory bodies and establish a security culture from the top down. Besides identifying infrastructure orifice before the criminals, prescriptive security measures help businesses protect intellectual properties, improve data management capabilities, enhance productivity, and garner consumer confidence and loyalty.

Network encryption, multi-factor authentication, updated antivirus software, and firewall protection are all industry best practices that secure business ecosystems to some extent. However, end-to-end safety programs leverage the expertise of cybersecurity professionals and the efficiency of innovative technologies to mitigate vulnerabilities and enhance vigilance.

Leading cybersecurity tools and SaaS platforms may help organizations achieve their compliance goals. These one-stop security solutions constantly monitor the company networks and help prevent unauthorized access, malware attacks, and data breaches while maintaining confidentiality and integrity in the industry landscape. Unified interfaces that automatically collect thousands of data points of processes, policies, people, assets, and vendors provide complete authority over the company’s security program and increased visibility to compliance status.

Final say

Despite intimidating ramifications, 40% of companies still need a comprehensive security strategy to fight cyberterrorism. They need competent teams, systematic risk governance approaches, and state-of-the-art infrastructure that prevents data exfiltration. Regardless of government endeavors to promote the digital economy, India needs active involvement at the grassroots level to combat cybercrime. This ‘Techade’ of growth demands robust policy, innovative infrastructure, and widespread awareness in the country to develop formidable solutions against malicious attacks and build a resilient digital ecosystem.


  - The article is authored by Manoj Shastrula, CEO and Founder of, a B2B startup which is helping other tech startups remain data compliant. 

Add new comment