Collaboration among industry stakeholders required to make India safer

Bharat Panchal, Chief Industry Relations & Regulatory Officer - India, Discovery Global Network

The whole objective today about the emerging technology is how we can manage this. But along with this there are a lot of newer challenges, especially the digital world, which includes cyber threat. We have seen a radical transformation in recent years triggered by the pandemic, the like-minded people at policy making process and demonetization helped us to move on to digital. The revolution has considerably changed the way we have seen the financial services delivered in the country and also other activities like supply chain. But at the same time we faced several cyber security challenges.

The inherent IT risk comes with a lot of dependence on multiple foreign companies or foreign technology. We need to think about how we can eliminate the dependency. This has widened the attack surface for cyber criminals. So, we need to address this by developing or deploying home-grown solutions which are tailored to unique requirements and to build such solution a collaborative effort between the government, the industry stakeholders, the academia, and the policy makers is needed. If we are growing at leaps and bounds today on complete reliance on digital and if the foundation of the entire digital journey is not in control, there could be a big risk going forward.

Next is the mindset of our people or society. We always tend to the western world where great innovations happen but at the same time when it comes to problems, we always try to compare our issues with them. While we know the problem, we do not find a solution because we always look to the east or west for finding the solution. So, when it comes to cyber security issues, it is important to recognize that India’s situation is distinct from many other countries around the world as we have a unique socio economic landscape, technology infrastructure, government policy. While the global trend and best practices can offer valuable insights on how to address cyber security concerns, it is very important to remember that solutioning that work may not be as effective or practical in India. This is because our cyber security challenges often require context specific solutions like what is happening in Jamtara or the kind of social engineering problem here in India may not be the case in the rest of the world.

Also, many people in India may not have the same level of digital literacy. India also has its own regulatory framework and policy around cyber-security that can impact how organizations and individuals approach security. The regulators – RBI, SEBI, TRAI etc. are coming up with a very convergent cyber security regulation across the board. It is crucial to develop context specific solution that can effectively address India's cyber security and IT challenges and this may involve working with the local stakeholders, leveraging the growing tech industry, the Startup India or Make in India and other initiatives that the government has started.

Third is the outsourcing risk. Unfortunately, there is a mindset built across people that once we have outsourced to an MSP or technology service provider, we are immune. That is a wrong concept built over a period of time. We generally outsource various IT functions that can help to reduce cost and improve operational efficiency, but it also exposes them to additional risk due to difference in security position. To mitigate the outsourcing risk effectively, it is essential to ensure a convergent security approach where all stakeholders adhere to standardize cyber security protocol. This approach will help in establishing such a framework which would ensure that the service provider uses similar tools and technology to secure their IT system and data for reducing the risk of security breaches.

Fourth is the kind of quality of compliance, and that is where a lot of debate may happen in the coming future. If you have observed in the last couple of years regulators have become tough. So, how to manage the quality of compliance? The problem is the banking sector is the primary target for any cyber attack, where 70% of attacks happen worldwide. How to ensure compliance with cyber security standards and regulation has become paramount for the board, the regulator, the management and the entire organization. So, this requires a multifaceted approach that includes an effective overset mechanism. But while regulatory bodies play a crucial role in setting the guideline and monitoring of the compliance, it is important to have a collaborative approach which involves industry association, independent auditor and cyber security expert.

To conclude, Cyber Risk insurance is considered as an expense so far and we need to change the mindset. We need to think about one particular fact that if we are not prepped then we are going to be breached. Now the data privacy law is in effect and we have to adhere to the law and for that prevention is better than cure. We need to think about putting Cyber Risk insurance in place.