In July 2022, Twitter, now X, witnessed a Data breach of about 5.4 million Twitter accounts by a hacker who went by the alias “devil”[1]. Twitter is not the only online platform that has become a victim of the cybercrime of data stealing. The AI firm Deep Trace found 15,000 deepfake videos online in September 2019, a near doubling over nine months. A staggering 96% were pornographic, and 99% of those mapped faces from female celebrities onto porn stars according to the stats, the data stolen included email addresses and phone numbers of various celebrities, companies etc.[2] The Deepfake technology has the power to create convincing but entirely fictional photos and audio of people.
As the arena of the internet keeps growing in scope, opportunities and accessibility, it is also increasing one’s chance of being a target and victim of cybercrime. This article primarily deals with the role of the corporate sector in dealing with and preventing the crime of the hour in their arena.
What Is Cybercrime?
According to Britannica, cybercrime is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.[3] The biggest threat of cybercrime is the security of the nation, such as information relating to military deployments, internal government communications, etc.
India’s Stance On Cybercrime
India, being home to the second largest population, has seen poverty at its foundation. The poor people, since they are illiterate, become a soft target for cybercrime. In fact, not just the poor but also the rich have been a target of cybercrime.
In 2000, for the first time in Indian legal history, the need for an act relating to the protection of the victims of cybercrime was felt. Information Technology Act (IT Act) 2000 covers various types of cybercrimes in India, such as identity theft, cyber terrorism, hacking, defamation, etc.
While this act is a great imitative in curbing cybercrime, it is not restrictive enough to actually stop or at least decrease the cybercrimes in the country. Amendments in the legislation have not been enough since there is a lack of execution of laws and rules in our country.
What Is Corporate Governance?
Corporate Governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The responsibilities of the board include setting up the company’s goals and aspirations for the financial year, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders.[4]
It is significant for every corporate house to have a proper and well-established corporate governance for creating rules that majorly align with the interests of shareholders, directors, management, and employees. It also encourages more investors to invest in their companies directly, helping in long-term financial opportunities.
There are four foundational pillars of corporate governance- accountability, transparency, fairness and responsibility or risk management. It is through these pillar concepts that corporate governance decreases the potential cybercrimes that might take place in their companies.
Role Of Corporate Houses In Ensuring Prevention Of Cybercrimes
The National Cyber Security Policy, 2013
The National Cyber Security Policy 2013 came into force on July 2, 2013, which aims to protect the information in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and strengthen national security in the digital domain.[5] It aimed at building a secure and resilient cyberspace for the corporate sector, citizens of the country and the government. Under this policy, a 24X7 centre was created, “National Critical Information Infrastructure Protection Center”, which aimed at responding to the issues related to the cybersecurity threats.
Compliance And Legal Oversight
Governance corporations ensure the organisations complies with the cybersecurity regulations that are laid by the corporates themselves. This may involve conducting regular audits to assess compliance. The business also drafts an incidental response plan, which is used in case there is an instance of a breach of data in their company.
Increase In Technological Investment Decisions
The governance houses draft and approve budget allocations for cybersecurity tools and technologies. This includes investing in the latest security solutions to stay ahead of evolving threats. Most of the big-shot companies oversee their cybersecurity practices to a third-party vendor that specifically works in cyberspace protection.
Appointment Of Leadership
Almost all corporate houses ensure the appointment of a Chief Information Security Officer or an equivalent person for the development and implementation of pro-cybersecurity strategies and practices. At the same time, boards and executive leaders also work towards a cybercrime-free approach by holding departments accountable for cybersecurity measures.
Continuous Improvement
Businesses are continuously working towards the effectiveness of their cybersecurity measures through regular assessments, auditors and improving their technological approach with respect to their cyber security.
Conclusion
With an increase in the cyber-attacks in our country, whose estimated cost amounts to $575 billion per year[6], there is a strong urge for strong cyber security policies and legislations. While the corporate sector is working seriously towards its policies related to data breaches and cyber security, cybercrimes are also increasing in terms of technological advancement. While the business sector takes one step, the cyber fraudster is already a step ahead. The major reason lies in the procrastination of the companies, who wait for at least a data breach to take place before they take action. Hence, not just the corporate houses but also the government have to take proper and robust steps to curb the cybercrime rates.
[1] Watters, A. (2023) Top 50 cybersecurity statistics, figures and facts, Default. Available at: https://connect.comptia.org/blog/cyber-security-stats-facts (Accessed: 24 December 2024).
[2] What are deepfakes – and how can you spot them? (2020) The Guardian. Available at: https://www.theguardian.com/technology/2020/jan/13/what-are-deepfakes-and-how-can-you-spot-them (Accessed: 25 December 2024).
[3] Cybercrime (2023) Encyclopedia Britannica. Available at: https://www.britannica.com/topic/cybercrime (Accessed: 24 December 2024).
[4] What is corporate governance? ICAEW. Available at: https://www.icaew.com/technical/corporate-governance/principles/principles-articles/does-corporate-governance-matter#:~:text=of%20the%20company.-,Corporate%20governance%20is%20the%20system%20by%20which%20companies%20are%20directed,governance%20structure%20is%20in%20place. (Accessed: 25 December 2024).
[5] George, A.A. (2023) National Cyber Security Policy 2013 – in a Nutshell, ClearIAS. Available at: https://www.clearias.com/national-cyber-security-policy-2013/ (Accessed: 24 December 2024).
[6] India must have a cyber security framework: Deloitte (2017) Governance Now. Available at: http://www.governancenow.com/news/regular-story/india-must-have-a-cyber-security-framework-deloitte (Accessed: 24 December 2024).
Author: Manshaa Dhar, pursuing BA LLB from Army Institute of Law, Mohali.
