Protecting privacy as a fundamental right without the necessary infrastructure, data protection laws, or regulations is undoubtedly a significant challenge in India. India is undertaking several key strategies and actions to make substantial progress in this area. Digital Personal Data Protection (DPDP) Act, 2023, which will come into force in 2024, is a significant step towards personal data protection and privacy enforcement in India. Data privacy framework is a loosely coupled and ungoverned activity in many organizations in India today.
DPDP Act will streamline the “privacy protection framework” across the country and will give organizations an opportunity and the mandate to build the necessary infrastructure to protect personal data privacy. It will be a long journey looking at the sheer volume of personal data processing that takes place in a country like India. But it’s doable by structurally enforcing the DPDP Act and if the authorities also focus on awareness and education, public-private partnerships, encouraging and implementing accountability, and leveraging next-gen technologies. Safeguarding personal data and upholding privacy rights are crucial for maintaining the trust of individuals and fostering innovation, investments, and growth.
Can the DPDP Act fill the legislation gap?
DPDP, once fully enforced, will address significant gaps in personal data processing across business sectors in India and the nation’s legislative landscape. It provides a comprehensive framework to protect individual rights. It also aligns with global standards to facilitate international data transfers and collaborations. In addition, it addresses the gaps in the legislation with clear definitions of individual data rights, obligations to be fulfilled by organizations while processing personal data within/outside the country, and penalty clauses for non-compliance. For the enforcement to succeed, authorities should evaluate the difficulties other countries faced in interpreting, applying, and enforcing their privacy laws. They must implement mitigation strategies such as creating more public awareness, infrastructure, and capacity to resolve filings/complaints of non-compliance within defined timelines.
What type of surge can be observed in the realm of cybersecurity in India?
Gen AI-powered cybersecurity programs, data privacy framework designs, and cyber resiliency will see a surge in investments and skills in India in the coming years. Soft skills are becoming increasingly essential for cybersecurity professionals, too, in India. Organizations will increasingly try to leverage privacy as a competitive advantage, with DPDP coming into force. Skill gaps to look out for and bridge, in demand vs. supply of cybersecurity skills, will be in cloud security, ethical hacking, DevSecOps, IOT, Incident Analysis, and resolution areas.
What does the cybersecurity landscape hold for India in 2024?
The cybersecurity outlook for India in 2024 will be heavily influenced by technological advancements, regulatory developments, and geopolitical dynamics. The cyber threat landscape is ever evolving for a country like India, with its sizeable digital footprint of 1.4 billion population. Data breaches, ransomware and phishing attacks will continue to be top cybersecurity challenges for India in 2024. Additionally, AI-based cyber-attacks and threats are already on the rise and will continue to pose significant challenges. It will be dominated by the implementation of technologies that reduce cyber-attack surfaces for organizations in the areas of cloud security, OT security, anti-phishing, data protection, and awareness, all powered by advanced AI techniques.
The Indian cybersecurity market reached $6 billion in 2023, growing at a compound annual growth rate (CAGR) of over 30 percent during 2019-23 and is expected to account for 5 percent of the global market by 2028, according to the report by the Data Security Council of India (DSCI). With factors such as the availability of a large skill pool and the Government’s commitment to digitization, backed by evolving regulations and policies, India will emerge as a significant cybersecurity hub in 2024 and the coming years.
Do the Cybersecurity regulations in India possess the strength to withstand the growing challenges posed by cyber threats?
The goal of all cybersecurity laws and regulations is to force organizations to safeguard personal and organizational data privacy and protect their information and systems from cyberattacks. However, the robustness of the legal framework behind the cybersecurity policies in force in India is debatable. They do not clearly address and generate awareness around all aspects of cybercrime and fraud, especially concerning the internet user base, which is the fastest growing in India. Penalties for cybercrime are not severe enough. Cyberbullying, cyberstalking, harassment, sextortion, and personal data misuse are now significantly growing global problems. These pose the need for stricter cyber laws to be implemented, backed by comprehensive legal frameworks, cybercrime teams, and sophisticated technologies.
What measures do we anticipate from the central government to foster a more secure online environment, particularly considering the growing threats posed by AI and Deepfakes?
A mature cybersecurity posture is crucial to safeguard our citizens, businesses, and critical infrastructure from cyber threats. DPDP Act is a significant step forward by the center towards creating a more secure online environment for citizens. We would like to see more focus by the center on the continuous strengthening of cybersecurity regulations, promotion of awareness among citizens, businesses, and government employees about good cybersecurity practices, and more investments in cybersecurity education, training, and skill development to address the shortage of cybersecurity professionals, and specifically, promoting diversity in cybersecurity workforce.
is the Senior Vice President & CTO, IMSS, at Happiest Minds Technologies. With over 20 years of experience in the IT Security domain, Priya’s expertise spreads across Cyber Risk, Cloud Security, Data Privacy and Protection, Access Governance, Risk, and Compliance. She has carved her way up to become one of the women leaders representing the management council of the organization. Priya was also recognized as the “Visionary Women Leaders 2019” by the Business APAC magazine and received the “Women in Tech” award at the 19th Edition of the Asia Pacific HRM Congress for 2021.
Priya’s current work involves planning and developing Next-Gen Managed Security Platforms offering Proactive Threat Detection, Security Automation, Data-Centric Security, and Governance for the new age of digital customers. Her sensibility and compassionate nature have made her one of the organization’s most respected and followed leaders.
