India to get National Cybersecurity Policy soon: Here’s what industry leaders have to say about it

The ongoing COVID-19 pandemic has made the world realize the importance of cybersecurity while a majority of the workforce works from home. Cybersecurity was probably the domain that was given prime importance with regards to keeping client data and other crucial information safe with the remote workforce. The Indian prime minister, Narendra Modi, in his recent Independence Day speech announced that India will soon get a new, 'robust' National Cybersecurity Policy.

The Internet Crime Report for 2019, released by the USA's Internet Crime Complaint Centre of the Federal Bureau of Investigation, has revealed that India stands third in the world among top 20 countries that are victims of internet crimes. Given this status and the PM's announcement, it is vital to understand the outlook of the industry leaders on what kind of cybersecurity policy the industry is looking forward to in the country.

Nikhil Korgaonkar, regional director, India and SAARC, Arcserve

Adaptation of digitisation is taking place at a faster pace, be it in businesses or in other walks of life. It is expected that we will be soon transiting wholly to newer technologies like cloud computing, Artificial Intelligence, Internet of Things, and 5G spectrum, which will naturally expand our dependency on digitisation multifold. However, in the absence of stringent cybersecurity infrastructure, cyber threats can be disastrous for our entire social fabric. There has been a recent surge in cyberattacks on Indian digitalscape that are only increasing in scope and sophistication, targeting sensitive personal and business data and critical information infrastructure, with an impact on national economy and security. Cyberwarfare is relentless in trying to erode the security fortification of several sectors in the country. This is certainly a wakeup call for India to have stronger policies in place.

India being the country with proven digital capabilities hub of the world contributing around 75 percent of global digital talent, it is pivotal for India that we come up with sturdy policies. The Prime Minister's assurance on bringing in a National Cybersecurity Strategy is very much welcomed. This move will emphasize the adoption of data protection measures and stronger policies that shall protect the privacy and interests of customers, businesses and the general public of the country. Formulation and adoption of policies might still take time, but this is a clarion call to the Indian internet users to pay attention to the threats, on creating robust 'firewalls', and conducting regular cybersecurity and data protection audits.

Sumed Marwaha, regional services vice president and managing director, Unisys India

There could not have been a more opportune time for our government to reiterate the need for a stronger cybersecurity framework via the new National Cybersecurity Policy 2020 slated to be rolled out soon. Our nation has picked up pace on its digital journey across sectors and cyberattacks are increasingly becoming sophisticated. Cybersecurity and digitization cannot and should not exist in silos. What we need now is a robust cybersecurity roadmap that will address the gaps and provide us a strong cyber-armor. Covid-19 situation has only accelerated the pace of digitization, potentially amplifying these security concerns. It is time for businesses to take advantage of approaches like micro-segmentation, encryption and dynamic isolation, enhanced by the power of emerging technologies like AI and ML to up their cybersecurity game.

Gurpreet Singh, managing director at Arrow PC Network Pvt Ltd (Titanium Partner - Dell Technologies)

The world is moving towards a more sophisticated path in terms of digitization and so are the cyber threats. India has a huge part of the tech-savvy population. From social media to online transactions we have our footprints everywhere. In such a scenario, it is imperative to have a strong resilient cyber security policy and we are glad that the government is thinking in these terms. Covid-19 has shown the importance of having a strong cyber security measure, while organizations have done their best in trying to secure their employees, users and vendors from cyber attacks, the government too should safeguard the sensitive data it holds that, if breached, would lead to a colossal damage. Threat actors have time and again targeted government agencies, banks and other organizations for data which is in huge demand in the dark web. To overcome and take control of the situation, a strong policy is of dire need. The government must first regulate the many 'institutions' that teach ethical hacking without taking responsibility for what their trainees intend to do with that knowledge as there is no legal check point.

Satish Kumar V, CEO at EverestIMS Technologies

The PM's announcement has a long term perspective aligned to it. We look forward to a policy that incorporates security as a core and mandatory aspect permeating the various facets of cyber interaction. We envisage a top down flow where actions and interventions have to take place by Governments at a framework and policy level, businesses at a security level and community at a behavioural level. The various crime fighting bureaus and agencies need to be empowered so that they can speed up their response times without red tape miring them down.

With a large percentage of work, interaction and engagement moving online, cyberspace is going to become the next hunting ground for unethical practices and felonies. Most systems have now seen an inundation of usage (from simple broadband to video chat to educational software and a host of others) with no extra security precautions taken. Zoom session hacking was a recent case in point. In fact the outcome of COVID has opened up a huge potential target base for cyber criminals. Companies now need to incorporate and mandate best practices at an enterprise, department and employee level.

An apt policy would take into consideration all touchpoints and introduce transformational interventions across them. Make in India companies need to be actively involved in galvanising the new policies ensuring the implementation is cost-effective, secure and beneficial to the nation at large. We strongly believe that the eminent experts will define the policy that not only covers the current scenario but is also preventive in nature. We look forward to any policy that ensures the safety and security of businesses, users and the public at large.

Prashanth GJ, CEO at TechnoBind

The policy that we are looking forward to should cover the entire spectrum of challenges - be it in terms of Data or in terms of Identity. The new policy that we are looking for should include guidelines and compliances for organisations and government departments so that the citizens of the country can freely participate in this Digitization of the country which is now going to be a way of life going forward.

While compliances and regulations are required, what is more important is a mechanism to effectively make the compliances matter - in that get the implementations of the compliances to happen. India has been notorious about very lax implementation of laws - so amongst everything else I personally will look forward to how this new policy will ensure effective and timely implementation of the regulations in spirit and in law.

Vikas Bhonsle, CEO at Crayon India

It is comforting to know that the Indian government is seriously pursuing a cybersecurity policy that I believe will address the fundamental problems and loopholes in the current digital infrastructure. We are in fact behind most other economies in implementing a cybersecurity policy, so we need to act fast. Digital transformation will not be successful or feasible if we do not have a strong shield of data protection laws and privacy policies. India is an ambitious country when it comes to adopting digitisation. India is transiting fast towards a digital transformation, which was happening earlier at a gradual pace but in the recent months this has been catalysed by the pandemic. With COVID's impact on our lives, we are now welcoming the addition of digitisation with far less scepticism or procrastination. So this spontaneously calls for a much zealous approach to safeguard the cybersecurity interests of the people.

Given the recent cyber assaults attempted on India's digital ecosystem, it is now important to prepare for an India-centric cybersecurity umbrella, that will protect the country's data and cyber infrastructure."

Shibu Paul, Vice President - International Sales at Array Networks

The announcement on drafting a cybersecurity policy by Prime Minister Narendra Modi is exactly what India needs right now. While we have moved towards achieving a big transformation in terms of digital movement, we are still in a nascent state when it comes to cybersecurity. It is high time for threat actors to be held responsible for their acts. It is not just loss of data that is a concern, but what happens when such data is being misused. From phishing attacks under the pretext of Covid-19 information to siphoning off hard earned money from a citizen's account, there is a need of not just holding such threat actors responsible but also to provide justice to those who have suffered. The government should set up a separate agency under the IT wing to deal with cyber crimes and this wing must include its own centre where people can report cyber crimes, investigation can be made and technology can be used to apprehend or even predict before such acts are carried out. Indian IT sector is ready to invest its time and talent to help the government in this effort as this policy is what all of us need.