Crime in India’s cyberspace is a growing monster

Overall, 52,974 cases of cybercrime were reported in 2021, shows the latest available data from the National Crime Records Bureau (NCRB). Around 38% were “computer-related offences” including ransomware, identity thefts, and tampering of documents, 26% involved banking-related or other frauds, and 12% involved sexual transgressions. The number is rising: it’s up 6% over 2020, and nearly 5.5 times that in 2014.

Chart 1a:

Telangana, Uttar Pradesh and Karnataka alone made up half of all cases, and among cities, Bengaluru and Hyderabad led the way. But the NCRB only counts FIRs, which may not reflect the full reality. Since 2020, a government portal for citizens to report cybercrime has recorded over 1.6 million incidents, but only around 32,000 FIRs—a conversion rate of one in 50, suggests data shared by the home ministry in Parliament.

Chart 1b:

The increased reporting shows rising awareness and willingness among people to seek redressal. But the infrastructure is yet to catch up. India had just 202 cybercrime-dedicated police stations at the end of 2020. Outdated frameworks, lack of technical know-how and limited facilities to deal with cybercrime have translated into low convictions even as cyberattacks get increasingly sophisticated.

Myriad hurdles

Fighting cybercrime is riddled with diverse and often contradictory challenges. The systems at AIIMS had reportedly not been upgraded in years but even sophisticated, modern systems sometimes fail to stop such attacks, as was the case with a 2016 data breach of Indian banks caused by a malware in the payment system of Japanese tech firm Hitachi.

The borderless nature of cybercrimes also sabotages cybersecurity efforts. The 2017 WannaCry ransomware attack affected 150 countries, but a similar attack now would be even more severe and could cause a disastrous blow to critical infrastructure, a World Economic Forum report said. Cyber criminals also benefit from the anonymous nature of the dark web and cryptocurrencies.

Police stations tasked specially with cybercrimes could be a useful first point of contact for common citizens. But in most states, the concept is still nascent, and such police stations are too few for the growing problem. Uttar Pradesh, which reported 8,829 cybercrime cases in 2021, has only two special police stations—the worst skew.

No wonder, the investigation and prosecution gets daunting, since the judiciary, too, doesn’t always have the technical know-how to deal with the nuances. A chargesheet was filed by police in only one-third of the cybercrime cases filed in 2021, the NCRB data showed. For crimes in general, the rate was 72%. Convictions are also lower than normal for cybercrime cases. In some states, the conviction rate has dropped with a rise in cases. In Assam for instance, cybercrime cases more than doubled in the last three years, but the conviction rate dropped to 2.2% from a high of 15% in 2019. Odisha has seen a 37% rise in cases, but has seen no conviction since 2019.

Costly affair

As the AIIMS incident shows, government entities as well as private companies are experiencing rising incidence of cyberattacks. In 2022, the number of cyberattacks targeting the government sector globally nearly doubled, and India accounted for the highest share (13.7%) in the world, said a report released last week by CloudSEK, a cyber threat prediction company. Government agencies in India have become “popular targets” of extensive phishing campaigns, the report said. Meanwhile, around 45% of Indian companies surveyed by PwC last year claimed to have experienced cybercrime in the preceding two years.

Also, data breaches are costly for institutions and individuals. Globally, the average cost of a data breach was $4.35 million in 2022, a jump of 12.7% from 2020, according to an IBM report. The healthcare industry has been the biggest victim of data breaches for 12 straight years, losing $10.1 million per instance in 2021, followed by the financial sector.

In India, the government undertakes public awareness campaigns, capacity building of law enforcement officials and works on improving cyber forensic facilities, the home ministry told the Lok Sabha in its reply to a question. The Centre’s spending on cybersecurity-related programmes and the Indian Computer Emergency Response Team (CERT-In) rose close to nine-fold since 2014-15 to ₹552 crore in 2021-22, overshooting the budget estimate by 33%. This shows the rising threat, and the strengthening action. In the 2022-23 Union Budget, ₹515 crore has been allocated towards cybersecurity.

With new developments in technology every day, it is a challenge for cybersecurity experts to keep pace with cybercriminals. The battle is only going to get intense.