For more than three decades the Internet has been playing a crucial role in the lives of human beings, from global communications to everyday activities of people. Today Internet users around the world are more than 5 billion which is more than 60% of the world’s population. The Internet has been creating a lot of economic activity. Today, most of the trade, commerce, and government activities of all levels are taking place over the Internet. Though the Internet makes lives easy, it comes with a major challenge of Cyber vulnerability leading to cyber attacks. According to the report by Cybersecurity Ventures, the prediction is that $8 trillion will be lost to cyber crimes by the end of 2023, which is almost a third of the USA’s GDP in 2022 and twice as much as India’s projected GDP in March 2023. A study by Astra shows The global loss to cybercrime will grow more than 15% year by year to reach $10.5 trillion by 2025.

Traditionally, security threats have emerged from maritime space, airspace, and land. However, in recent times, there has been a paradigm shift from traditional security threats to the emergence of non-traditional security threats. Cyber attacks have developed as a major non-traditional security concern, posing serious difficulties to the nation’s national security and critical infrastructure. These risks are frequently countered by international cooperation, diplomatic efforts, and information and expertise sharing. Non-traditional security risks have been on the rise since the Cold War’s end in the late 1980s and early 1990s. It is only recently that states have started to take cyber attacks as a serious concern and have devoted considerable focus to countering the threats posed by the cyber domain. Over the last two years, there has been an increase in global cybersecurity attacks, bringing cybersecurity to the forefront of corporate and government agendas.

Cybersecurity is a distinct area that functions at both the global and national levels. In general, it refers to the protection of cyberinfrastructure, physical infrastructure, and data security. It involves the protection of data users and data generators as well. Cybersecurity ensures that only those who are authorized have access to particular information. Cyber security is an important issue for any company, organization, and especially for a country’s government. Any organization that is strong in the arena of cybersecurity can achieve incredible growth in the market as it can protect the data from third parties and competitors.

Just like other major countries such as the USA, UK, Israel, China, and Russia cyber security has become a major security challenge to India as well. Currently, India’s focus is on shifting towards technology-driven administration and governance. This makes the data and critical information vulnerable to cyber attacks. Some of the recent attacks worldwide include the attack on the website of the municipality in France, the Ransomware attack on Texas Police, and the Solar Winds cyber attack of 2020 which involved the insertion of malware in the SolarWinds Orion software. This was suspected to be done by Russian hackers. These attacks highlighted flaws in the country’s cybersecurity infrastructure.

India had also been the biggest victim of various cyber-attacks. According to data provided to and monitored by the Indian Computer Emergency Response Team (CERT-In), since 2020, India is witnessing a spike in cyber attacks. The recent high-profile cyber attack on AIIMS is a clear example of India’s vulnerability towards critical infrastructure. According to a study, nearly 59% of the 829 million cyber-attacks detected and blocked globally by various firms in the fourth quarter of 2022 were directed toward India.

To counter the threat of cyber attacks, the Indian government is taking several steps. In 2013, the Indian government announced the National Cyber Security Policy, to build a resilient cyberspace ecosystem in the country. This policy has various measures like creating a cyber crisis management plan and establishing a National Critical Information Infrastructure Protection Centre (NCIIPC) to protect critical infrastructure. The government had also established various agencies such as Cyber Crime Coordination Centre (CCCC) and the Indian Computer Emergency Response Team (CERT-In). However, it has been more than two years since the Prime Minister of India announced the launch of a cyber security policy that has not been introduced yet. The current National Cyber Security Policy of 2013 is not only outdated but also is not being implemented efficiently. There is an urgent need for technological innovation as the country is experiencing the complexity of cyber attacks.

As the world’s reliance on the Internet grows, cyber security becomes a crucial problem that must be addressed by governments and organizations worldwide. The surge in cyber attacks and projections of massive losses due to cybercrime highlights the importance of ongoing development in cybersecurity policies. India, like many other nations, has recognized the need of prioritizing cyber security and is pursuing a variety of policy measures such as the National Critical Information Infrastructure Protection Centre (NCIIPC), Cyber Crime Coordination Centre (CCCC), Data Protection Laws ( Digital Personal Data Protection Bill 2022) to combat the threat of cyber attacks. However, more has to be done to update and implement regulations that protect key infrastructure, data, and an individual’s privacy.

The question of “interest” should be prioritized in the cyber security ecosystem which is essential and has no clear answer. Individuals may prioritize personal privacy and data protection, whereas international organizations may prioritize business interests and governments may prioritize national security objectives. Cyber security is a difficult space that requires careful thought, and the interests of all parties must be balanced. Cyber security is an expression of national power. It demonstrates that a country’s capacity to control cyberspace and defend its essential and critical infrastructure is inextricably linked to its total strength and influence on the global stage. Thus it demands the participation of all stakeholders to create a secure cyber environment for everyone.

*The Kautilya School of Public Policy (KSPP) takes no institutional positions. The views and opinions expressed in this article are solely those of the author(s) and do not reflect the views or positions of KSPP.