But, isn’t the Bring your own device (BYOD) culture settling in rather quickly, for the sheer convenience it provides. Will that make security difficult? Bolshakov explains, “If the company allows you to use virtual desktop, you can bring your own device. It is a virtual client that will run a corporate image, for example. So, if a company allows mobile devices and installs good containers, in terms of security it will have more controls. It is easier from forensic point of view too.”
The increasing number of data security incidents has also put cyber insurance in a prominent position within a company. For instance, in the most recent, Sony Pictures had to cough up $8 billion to settle a hack lawsuit with employees. For bigger companies, a cyber insurance seems like an important investment, especially if they are dealing with a lot of data. But, what about the others? In India, most tech startups are data driven, and investing in cyber insurance has to be a feasible option. Tan explains, “Startups are constraint by resources and with people investing in the company, they want to ensure the business is viable. However, cyber attacks can wipe off a company. It is important to invest in IT security and have a look at cyber insurance. The breach will have impact on revenue. So, it becomes worthwhile to think about cyber insurance with an affordable premium.”
Pavan Duggal, Advocate, Supreme Court of India and who specialises in cyber laws believes that cyber insurance is not just the future but the need of the hour. “Sony Pictures hacking case has demonstrated, that how a legal entity’s entire intellectual property rights can get prejudicially impacted by cyber security breaches. Hence, cyber insurance becomes a good option for corporates,” he said.
“Currently, this is not very prominently used by Indian entrepreneurs. This is so because Indian entrepreneurs believed in ‘chalta hai’ approach. Lot of people believed in Indian Jugaad School of Management. They think that they can do jugaad in cyberspace. However, the fact remains that the said jugaad do not work in the context of cyber security breaches; therefore cyber insurance needs to gain far more prominence and acceptability amongst the Indian entrepreneurs. It has to be the defacto way forward for all corporates in India,” Duggal further added.
In India, we don’t have a dedicated cyber security legislation. But, there are laws in place that will let the affected person get some compensation.
“The Indian Information Technology Act, 2000 is India’s mother legislation to deal with all aspects pertaining to activities in the digital and mobile world. Data breach takes place by unauthorized extracting, downloading or copying of the data. The said data breach is often done by the person without the permission of the owner or person in charge of the relevant computer system or computer network. Hence, any affected person can seek damages under Section 43A of the Information Technology Act, 2000 up to 5 crore Rupees. These damages can be granted by the special authority created under the Information Technology Act, 2000 known as the Adjudicating Officer. In addition, affected person can also seek damages beyond Rs 5 crores under the Information Technology Act, 2000 before the normal Courts of law,” Duggal explains.
He further said that the law presumes you must seek for compensation at the earliest opportunity. The earlier opportunity can either be from the time the data breach has taken place or from the time when the person gets actual knowledge of the exact data breach. “This portion of Indian Cyberlaw is relatively weak inasmuch more work needs to be done to provide expeditious grant of damages to affected parties under the law,” Duggal further added.