Image source -

This article is written by Saumya Krishnani, pursuing a Diploma in Business Laws for In House Counsels from


According to a new Data Security Council of India (DSCI) survey, India was the second most affected country by cyber attacks between 2016 and 2018. In addition, since 2017, the average cost of a data breach in India has risen 7.9 percent, with the average cost per record breach rising to Rs. 4,552.

More likely, smaller firms are the victims of attacks that can sometimes be disguised as normal business emails. Since they are generally less well secured and easier to hack, finding ways into their networks and also using them as a conduit to larger enterprises and organizations is easier for cybercriminals. Along with evolving technology, the nature of threats is changing. According to the updated eBook report start-ups and small and medium-sized enterprises (SMEs) are the vulnerable part in India when talking about cyber attacks. 

Download Now

How are small businesses vulnerable to cyber attacks?

According to the study, negligence by employees and employee mobility are the most common types of cyber security challenges faced by startups. Accidental loss of devices containing sensitive data, leaving the workstation vulnerable or unattended, exchanging confidential information such as passwords via paper notes and remote working using an unsecured or public network link are the most common types of employee negligence that lead to cyber attacks, including data breaches.

In addition, the study noted that most employees of start-ups and SMEs prefer to use unsecured personal computers to do work because they find it easy to use and for the sake of not wasting much time to find the secured connection that results in data breaches. On the one hand, Vineet Kumar Cyber Peace Foundations founder and presidents said that ‘India is the world’s third largest start-up country while on the other hand most Indian start-ups and SMEs routinely ignore cyber security’.

For small businesses that may forego hardware protection through firewalls and unified threat management devices, small budgets definitely have a role to play and it will certainly be difficult to recruit IT workers with the capacity and expertise to enforce security measures. Some are tempted to use cracked or pirated apps to cut back on spending and because of that they do not get security updates, the use of pirated or obsolete operating systems often adds to the risk of cyber-attacks.

Small and medium-sized enterprises (SMBs) in the banking, financial services and insurance sectors are more vulnerable as they allow cyber criminals to make monetary gains and simultaneously steal sensitive data. Startups are also high on the list of possible cyber-criminal targets, close to SMBs. There have been numerous cyber attacks on start-ups, despite start-up founders having a stronger understanding of modern day cyber security threats, and a greater likelihood of taking action to protect their properties. Among Indian startups, in 2017, Zomato suffered a security violation.

The increasing cyber attacks have led to more and more businesses opting for cyber insurance plans to mitigate the risk of cyber-infringement. Approximately 350 cyber insurance policies were sold in India until 2018, a 40 percent rise from 2017.

Effect of cyber attack rises due to Pandemic 

The COVID-19 pandemic epidemic has affected the world’s economy and corporations. Small companies and start-ups are among the worst affected in these tough days, as they look at the great crunch of financial capital. For small businesses and entrepreneurs, it’s a double whammy, with the growing danger of cyber fraud and data breaches. As their tactics are developing at a rapid pace, cybercriminals are increasingly becoming effective, and this makes companies constantly at risk of a cyber attack.

  • Remote working 

When the environment is developing different lockdown escape situations, before things get routine, there is a high probability of working remotely to stay for some time. It is therefore important that small businesses and start-ups adopt this new norm and improve their strategies against cyber fraud and data violations.

  • Prevent Phishing and Supply-Chain Attacks

Since small businesses / enterprises operate remotely, maximum data is likely to be shared over the internet and emails via virtual conferences. Cybercriminals / hackers who are aware of such activities can try to take advantage of the situation.

Measures to control cyber attack 

Cyber attacking is increasing rapidly in every country. People are likely to avoid the major factors which are the root cause of the cyber attack in start-ups and SMEs. There are various measures which can be taken by the owner of the start-up and SMEs to control effect of cyber attacking i.e. 

  1. Two factor authentication 

Two-Factor authentication is essential for start-ups to significantly minimize the risk of threats or unintended misuse. To allow an additional layer of protection while providing access to sensitive information, start-ups should implement two-factor authentication. 

Start-ups always believe that two-factor authentication is just financial services, but you can remember how Ola was compromised during its early years if you have a long memory. Start-ups can also safeguard access to information on multi-factor authentication networks.

  1. Employees role

Hackers attempt to emotionally exploit staff to get hold of sensitive information. Usually, such social engineering attacks are conducted via email or other contact. In order to ensure that sensitive data is airtight on both ends, raising visibility is important for start-ups. 

Hackers are believed to often try these tricks with non-technical workers who fail to identify the threat. Any small opening will adversely affect companies and reduce their brand value. 

  1. Switch to cloud

By switching to the cloud, one of the most stable bets they will make is. This will allow them to concentrate on their core business as the cloud providers will do all the heavy lifting of cyber security. It is almost difficult to find professional cyber security in the current industry as there is a shortage of experts in the landscape. As per Cyber security Projects, 3.5 million unfilled cyber security jobs are expected to exist by 2021. Therefore, it is not a brainer for startups to try to recruit cyber security specialists in the countryside.

  1. One- Source tools

Start-ups also stop investing in cyber security software due to the financial crunch. However, to secure their companies, they should exploit open-source instruments. In addition, the value of open-source projects is that the implementation can be tailored based on their needs. The adoption of these open-source tools, along with shifting to the cloud, would significantly improve security.

  1. Step against Ransomware

Ransomware has been the deadliest for companies over the years, as it needs a large amount of money. For hospitals, public schools, and more, such attacks were prevalent earlier. It has now, however, entered personal computers and start-ups. And large corporations, let alone start-ups, find it hard to survive such storms. Although viruses or exploiting vulnerabilities may cause these attacks, one successful way to decrease the probability of the attack is to uninstall the untrue programme.
Situation in European countries 

The hazard is more widespread than could be expected. Four out of five organizations have encountered at least one cyber security incident over the past year, according to the Global State of Information Security Report. The industries most commonly targeted by cyber criminals continue to be banking, healthcare, retail, business services and information technology. The extent of their vulnerability to cyber threats is not recognized by nearly 70% of European companies. 

The study also highlights the complexities of the General Data Protection Regulation (GDPR) implementation. Companies were not properly aware of and prepared for the entry into force of the GDPR, and lacked the know-how and systems needed to meet its requirements. Companies are also worried that non-compliance and potential fines introduced into the GDPR may have a negative effect on companies.

Neither Member States nor private companies seem to have sufficient resources to back up their cyber security. In terms of information, understanding and capacity to deal with cyber security, there is a visible difference between EU countries. Estonia, France and the UK are leading by example In addition; a growing lack of ITC specialists makes it much harder to increase the level of cyber security. According to the report, ITC experts will have over 750,000 vacancies by 2020.

Situation in Japan 

The study reveals that it is the fifth most cyber-secure nation, specific to Japan’s cyber security readiness. However, since the previous year’s report, its ranking for this parameter has slipped four points. As the most cyber-secure country, Denmark tops the list.

Owing to the rise in smartphone ransomware (from 1.34 percent to 1.97 percent), an increase in device ransomware (from 8.3 percent to 9.17 percent), and telnet attacks from the country, the study attributes a lower score for Japan (while these decreased from 1.23 percent to 1.06 percent, this was still a higher figure than quite a few other countries). Japan’s ranking for cyber attack planning and crypto miner attacks has, however, increased. Japan has 0.17 percent of users with the lowest percentage of attacks by crypto miners. It is the fourth country with the lowest computer malware infection rates, 22.24%, on the list.

Case laws 

  1. Zomato got hacked in the year 2017 

With more than 17 million customer records stolen from the food technology firm’s servers, Zomato has suffered a security breach. The compromised information contains customers’ email addresses and hashed passwords.

Zomato is visited every month by over 120 million users. The ability to enjoy the best a city has to offer, in terms of food, is what connects all of these diverse citizens. When users of Zomato trust us with their personal information, they naturally expect to safeguard the information. And this is something that we are faithfully doing, without fail. We take cyber security very seriously-you would agree if you were a regular at Zomato for years, Commented by Zomato.

  1. Cosmos Bank

A recent cyber assault on Cosmos Bank in Pune was deployed in India in 2018. When hackers siphoned off Rs. 94.42 crores from Cosmos Cooperative Bank Ltd. in Pune, this daring assault shook India’s entire banking sector. Hackers hacked into the ATM server of the bank and took information about several visas and rupee debit cardholders. Money was wiped away while the sum was immediately withdrawn by hacker gangs from around 28 countries as soon as they were told.

Laws in India 

Information technology, 2000

The ITA, passed by the Parliament of India, highlights the severe penalties and restrictions that safeguard the sectors of e-governance, e-banking, and e-commerce. Now, to cover all the new communication devices, the reach of ITA has been expanded.

Section 43- Applicable to persons, without the owner’s permission, harm computer systems. In such situations, the owner can completely demand liability for the total damage.

Section 66-Applicable in the event that a person is found to have committed any act referred to in section 43 in a deceptive or fraudulent manner. The period of incarceration can be up to three years or a fine of up to Rs. 5 Lakh in such situations.

SECTION 66B-Provides fines for fraudulent receipt of stolen communication equipment or devices, confirming a possible imprisonment of three years. Depending on the gravity, this word can also be topped by Rs. 1 Lakh fine.

Section 66C-This section discusses identity thefts linked to digital imposter signatures, hacking passwords, or other characteristics of distinctive recognition. Three years imprisonment may also be accompanied by Rs.1 Lakh fine if found guilty.


In order to stop them before they arrive, lawmakers have to go the extra mile to keep ahead of the impostors. It is possible to monitor cybercrimes, but it takes joint efforts by politicians, internet or network providers, intercessors such as banks and shopping sites, and consumers, most importantly.

Only these stakeholders’ prudent measures to ensure that they are contained in cyber law will bring about online protection and resilience.



Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here