ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 27th May. Click Here for more information.
News
Ministry of Electronics and Information Technology is likely to come up with new cyber security regulations. These regulations are likely to put the onus organisations to report any cybercrime that may have happened against them, including data leaks.
Such provision is part of the Data Protection Bill 2021 and European Union General Data Protection Regulation (EU GDPR) also.
What are the advantages of Incidence reporting?
If incidences are reported, organisations can be alerted about the associated security vulnerabilities.
Firms not yet affected can also take precautionary measures such as deploying security patches and improving their cyber security infrastructure.
However, it has been seen that firms are reluctant to notify the breach incidents to the regulators.
Why are firms reluctant to report such incidents?
Reputation of firms-This is because any security or privacy breach has a negative impact on the reputation of the associated firms.
Market performance-In the long term, it is seen that breached companies underperformed in the market. After one year, share price of breached firms fell 8.6% on average, resulting in a poor performance in the stock market.
How can the government overcome this issue of non-compliance?
Ensuring the implementation of the regulation– It can be done through periodic cyber security audits which can identify incidents that might not have been reported by the firm.
However, the regulators in most countries including India do not have such capacity to conduct security audits frequently and completely. So, to overcome this issue government can empanel third party cyber security auditors for the conduct of periodical cyber security impact assessments for government departments. Private firms can also be mandated to publish periodic security audit reports.
Government has set up Common Criteria Testing Laboratories and certification bodies to certify IT security products and protection profiles. The same scheme can be extended towards cyber security audits and assessments.
IBM has set up a large cyber security command centre in Bengaluru, other large firms can also be encouraged to set up such centres for protection of their firms’ assets.
What is the cyber security situation world-wide?
Worldwide private firms, government services, especially critical utilities, are prone to cyber-attacks and breach incidents. The ransomware attack against the nationwide gas pipeline in 2021 in the U.S. virtually brought down the transportation of about 45% of all petrol and diesel consumed on the east coast.
Source– This post is based on the article “Reporting Cyberattacks” published in The Hindu on 26th Feb 2022.
