Worldwide information security (a subset of the broader cybersecurity market) spending will grow 7 percent to reach $86.4 billion (USD) in 2017 and will climb to $93 billion in 2018. That forecast doesn’t cover various cybersecurity categories including IoT (Internet of Things), ICS (Industrial Control Systems) and IIoT (Industrial Internet of Things) security, automotive cybersecurity, and others as per Gartner. Digital India drive has further pushed the demand for cybersecurity talents and the leaders are reporting directly to their company boards.
The exponential rise in sophisticated cyber-attacks has driven the demand for cyber security solutions in every enterprise. Security is a complex issue, and it demands a strong understanding of the ever-changing threat landscape. Implementing properly deployed security tools necessitates well-developed security policies and properly deployed tools. Data is the new oil and with so much data being generated every second, hackers are constantly devising ways to acquire it. This evolution of cyber threats calls for evolution in cybersecurity.
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. cybersecurity market is much bigger than just the anti-virus and malware defense apps that are purchased or come pre-installed. Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021. Cybercrime is creating unprecedented damage to both private and public enterprises, and driving up IT security spending.
In India, adoption of advanced business digital technologies can lead to increase in revenues by up to 27%, increase in employment by up to 84% and enhance access to international markets by up to 65% for small and medium business (SMBs). The fact of life is people doing online transactions must be aware of the risks. There are issues like who is the regulator of digital marketplace and the challenge is on how do we handle the consumer grievances?
Hacking and cyberattacks are compelling firms to hire talent at a premium India Inc. facing a scarcity of cybersecurity professionals, especially at the leadership level, with the compensation packages for top roles at upwards of Rs 2 crore, and in some instances, close to Rs 4 crore, inclusive of variables.
Sixteen percent of government CIOs said they plan to increase spending on business intelligence (BI) and analytics (16 percent) and data management (six percent) in 2018. Demand for cybersecurity professionals is driven mostly by consulting firms, banks, government, retail, BFSI companies and IT companies. To ensure a supply pool of cybersecurity specialists.
It has increased salaries offered for such roles by 25-35% over the past year.
Cybersecurity spending is driven by cybercrime. The unprecedented cybercriminal activity we are witnessing is generating so much cyber spending, it’s become nearly impossible for analysts to accurately track. The global cyber security market is expected to reach approximately 190 billion USD by 2015 from 85 billion USD and will be driven primarily by increasing digitisation wave and smartphone penetration. A survey says that, enterprise and the government constitute a major share of the market.
The Global supply of security products can be broadly categorized into six key segments-identity and access management(IDAM),endpoint security, web security, messaging security, security and vulnerability management(SVM) and network security. Type of security vulnerabilities differ by the layer in the Open Systems Interconnection model and hence requires appropriate control measures that form the besis of different Cyber security products.
There are some corporations who have come forward with increased cybersecurity budgets. J.P. Morgan Chase & Co. doubled its annual cybersecurity budget from $250 million to $500 million. Bank of America has gone on the record stating it has an unlimited budget when it comes to combating cybercrime. Whereas, Microsoft Corp. will continue to invest over $1 billion annually on cybersecurity research and development in the coming years, according to a senior executive at the tech giant.
End-to-end encryption and balanced security
Keeping data secure while in transit, as well as when stored is crucial as part of a holistic security strategy. Securing the links between interconnected data centers is an important part of a comprehensive approach to data sovereignty. A newer approach is to deploy encryption at the optical infrastructure layer, which will encrypt traffic without adding complex routing or security protocols. As more customers move into the cloud, encrypting data in-flight at the optical layer is becoming a popular solution for interconnecting networks.
Globalization of the internet and the ability to move data across borders is also transforming the nature of international trade means Businesses can use the internet (particularly digital platforms) to export. There is a need for enforcing the data Sovereignty laws, since many country has come-up with their own cybersecurity laws for protecting their country and boundary by introducing on how the data protection measures, and sensitive data — for instance, information on Chinese citizens or relating to national security — must be stored on domestic servers on data localization and data transfer regulations “unnecessarily onerous,” with a potential impact on cross-border trade worth billions of dollars.
Take the case of e-commerce interaction involves the purchase, payment and possible delivery online requires data such as the name, address and financial details of the customer. The fact is Data flows enable the delivery of digital services. Such digital services can improve the efficiency and competitiveness of businesses and their capacity to compete in domestic and international markets, they claims but the fact is unknown and many countries are worried on why our countries data to to another country?
The general lack of cybersecurity safeguards in fintech companies has raised serious concerns around data protection and compliance, especially with the implementation of EU’s GDPR in May 2018. In European union (EU), the law applies to any company that deals with private data on EU citizens, even if that company is located outside of the EU and the law comes with some stiff penalties for those who fail to comply. It carries fines of up to €20 million or 4% of annual revenue for the most egregious offenses, whichever is larger. With this we can expect a great hopes that GDPR will serve as a model for ensuring that citizens have dignity and autonomy in the digital economy. I wish we had the forethought to stand up for the citizen’s rights in 1998 (the start of Google), but I’ll settle for 2018.
To remain competitive in the new digital era, banks and fintech companies to find a way forward that allows for technical innovation and performance without compromising security by focusing on the following key security areas. Since, the Fintech industry in Asia Pacific is expected to reach US$72 billion by 2020, at a compounded annual growth rate (CAGR) of 72.5 percent.
The year 2018 India too is in the process of coming up with strong data protection law. Now, the most prominent provisions are contained in the Information Technology
Act 2000, as amended by the Information Technology Amendment Act 2008. In particular, Section 43A addresses “reasonable security practices and procedures” and is complemented by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011.
How the cross-border data transfer requirements in place?
Some limited rules are in place for the transfer of sensitive data offshore. Transfer to another country can only occur where it is clear that sensitive data will be adequately protected (Information Technology [Reasonable Security Practices and Procedures and Sensitive Personal Data or Information] Rules 2011).
The Ministry of Electronics and Information Technology (MeitY) issued the Guidelines for Government Departments on Contractual Terms Related to Cloud Services in March 2017, to provide strategic direction for adoption of cloud services by the government. These guidelines state that all services including data will be guaranteed to reside in India.
Under Section 43-A of the Information Technology Act, 2000, a body corporate is required to pay damages by way of compensation to the affected person if it is negligent in handling sensitive data and causes any wrongful loss to that person as a result of such failure or negligence.
Section 72-A of the IT Act mandates punishment for disclosure of “personal information” in breach of lawful contract or without the information provider’s consent.
The Information Technology Amendment Act 2008 includes Section 43A on “Compensation for failure to protect data,” which states:
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in
mplementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.
Furthermore, the Government of India has established the MeghRaj Policy to direct the procurement of cloud services from private service providers for establishing a “GI Cloud” for Government departments. As per mandatory guidelines under the Policy, service providers must meet specified security requirements relating to the hardware, networks, and software supporting the infrastructure and present Virtual Machines to a Government department. They also must comply with any requirements specified by the CERT- IN. In October 2016, 12 cloud service providers were provisionally empanelled for two years.
Under the threat of high-profile cyber-attacks and data breaches, executives and corporate Boards are starting to ask more informed questions about their organizations’ risk exposure. It is the high time for considering for the cybersecurity insurance and the time may come where the use of smart machines and robotics in the enterprise has given rise to a new role in the C-suite in recent times – Chief Robotics Officer.
Cyber security domain, spanning products and services is a nascent Industry in India and with it’s current global footprint, can emerge as a key growth opportunity in the decade ahead.
Automated Threat Intelligence An integrated defense needs to be enabled with automated threat intelligence to become a holistic system. As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a timely manner. Machine learning will be integral to this process. Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organization to keep pace with cybercriminals.
Cyber risk is a serious business issue that requires a solution that addresses both the technical and business challenges. This is why insurance and technology leaders are joining together to guide organizations in becoming more secure
The increasing frequency of cyberattacks in recent times call for a quicker response time to detect, manage and tackle them. In data protection there has to be a balance between the rights of an individual to self-determination but at the same time we have to foster the innovation ecosystem; there has to be a process that incentivizes positively. We need positive incentives for the data controllers and processors to comply with that and then there has to be a remedial process in terms of grievance addressable etc. if there is any breach. So that’s the broad framework on which it has to be made.
Privacy is a need by an individual. While signing up for a free account or Android we go through the terms and conditions and we press accept button. It’s a legal document. The document also says that the company owns all your data. We ourselves because of less knowledge or to get something for free or some other reason end up sharing our information. So just because they are asking to use your data and you cannot say no and have to press yes, you are being held hostage.
The data should be in India and it should be governed under the Indian Government Policies and then only the quick response can happen. If we are going to follow some international norms then it will never have that efficiency in the system and the fact is that almost all the websites are 90% hackable and none of them are 100% secured. Even iCloud that claims to be a fully secured website has been hacked. So having a secured website is a myth.
The increased interconnected world is characterised by the proliferation of digital identies, and the adoption of digital technologies and process. The technology changed everyone’s life and revolutioned the way business and governments run their adoptions and continuous evolution have brought a multitude of vulnerabilities to the fore and increased the potential impact of a cyber-attack exponentially.
Lastly, the internet continues larger social opportunities with widely interconnect, at the same time creates new business even at smaller level. Greater connectivity provides more potential attack vectors. Neither the government nor the private sector can deal with the scope and scale of cyber threats alone. It is possible with the help of collaboration. Some government actions might prove to be positive. Data sovereignty presents technical as well as the legal challenges when moving on-premises systems and information stores to the cloud. A million dollar question comes, where your data will reside, what’s in the fine print, and whether your cloud services providers are transparent.
As the attackers vary in target, motive, levels of organization, and technical capabilities, requiring public and private organizations to adopt ever-increasing measures to prevent cyberattacks. People become victims of cybercrimes and scams because of less awareness about the cyber security impacting in their day-to-day lives. Most people are grossly negligent and they end up losing money on the internet because they end up sharing details like passwords and pin codes with people they should not be sharing with. Said cyber expert, Pavan Duggal, an advocate in the Supreme Court.
World becomes increasingly digital, insurers have an opportunity to address the real risks that cyber poses. Secondly, as cyber risks grow, insurance firms tap business opportunity. undergoing several waves of development to expand from digital assets to encompass physical assets, as well as other asset classes such as reputation, intellectual property and business interruption. Insurance companies are offering policies to cover risks such as identity theft and cyber-stalking.
The global cyber insurance market is expanding quickly, with annual growth of around 20-25 percent. It is predicted to rise from US$2.5 billion in 2015 to US$7.5 billion by 2020, reaching US$20 billion in premiums by 2025. This growth is driven by both regulatory changes (especially in Europe, where new EU rules are expected to follow the US example of imposing heavy fines on companies that suffer data breaches. Hopefully, GDPR that want to make sure organizations effectively tackle them.
According to KPMG International’s estimates, the cyber insurance market is expected to grow to $7.5 billion, from $2.5 billion in 2015.
Various insurance companies and Banks have come out with cyber Insurance policies and Fraud budget. HDFC Ergo General Insurance Co. Ltd, for example, has a policy for cyber security of commercial entities. Recently, Bajaj Allianz General Insurance came out with a policy for individuals.
First to get into digital, then maintain the technology infrastructure and secure those digital infrastructure and to make them resilience getting insured.The cybercrime policy covers risks related to identity theft, social media, cyber stalking, information technology (IT) theft loss, malware, phishing, email spoofing, media liability, cyber extortion, and privacy and data breach by a third party. The sum assured ranges usually between Rs1 lakh and Rs1 crore and this costs between Rs600 and Rs9,000 in premium. Apart from financial losses arising out of data theft, such policies also cover costs incurred in payments to consultants for investigating the extent of loss, court expenses and legal fees.
Lastly, with the proliferation and vast expansion of Information Technology and related services, there is a rise in instances of cybercrimes including financial frauds, using bank cards and e-wallets in the country like elsewhere in the world and increasingly large number of Indians are falling victim to such frauds and ransomware is becoming today’s most prominent malware threat. Worldwide losses from cyberattacks will hit $2.1 trillion in coming years. Insurers are sensing an opportunity.