Cyber Security – An Insurance From Cyberattacks or Crimes

Cyber Security – An Insurance From Cyberattacks or Crimes

Introduction of Cyber Security

On the internet, data or information is widely spread and with each year, technology is becoming more comprehensive and complicated, and so do cyberattacks. Digital crime is also enhancing with great intensity and certainly, it is not restricted to any specific Internet-accessible platforms. Different devices such as desktops, smartphones, and tablets each might carry a particular level of digital defense, yet each device contains certain vulnerabilities which provide a pathway for hackers to attune to the devices.

On the positive side, particular digital security tools and services operate parallel to these negative tech counterparts.

In this section, we will emphasize on the introduction of cyber security and other associated concepts of the same. Cyber security refers to the set of techniques that are used to conserve the integrity of networks, programs, and data from attack, damage, or unauthorized access. Information technology includes a broader category that preserves all information assets, be it in hard copy or digital form. The term cyber security is not restricted to computers, but it is also implemented to the varied inter-connected systems such as computers, servers, mobile devices, electronic systems, networks, or data.

Cyber crime

The digital safety tool is tremendously flexible and possessed by distinct industries and of various designs or types. Various devices such as navigation apps, game apps, and social apps always have access to the internet, like our desktops, mobile phones, tablets, laptops, and others. Similar to that, even if you are pursuing a store or listening to music, there is a probability that you are engaging in the environment utilizing the necessities of cybersecurity’s modern definitions. 

Contemporary, cyber security jobs contain the digital defense of information or data. Typically, it includes information storage protection, identification of intrusion, and response to cyber-attacks that seek to steal personal information. The scope of cyber security is huge and the niche of cyber security to digitally instantly raises concern. In India, cyber crimes are covered by the Information Technology Act, 2000, and Indian Penal Code, 1860 to prevent cyber crimes. The primary one takes care of issues associated with cyber crimes and electronic commerce, while the latter one, provides an outline and definition, including punishments, which we will discuss later in the blog.

Cybercrime

It is to be noted that, cybersecurity encompasses –

1. Network Security

Primarily, cyber security emphasizes on data storage and transfer, while the network is much broader. As its name defines it, in general, network security includes the defense, maintenance, and recovery of networks. It contains cyber security as a defensive way to protect all network users from digital threats, even if a provided cyber attacker pertains more purposes than mere conservation of data exploitation.

With the objective to conserve the integrity, safety, and sustainability of network users, the professionals operating the same must emphasize on securing connection privacy to prevent cyber security.

The network security services also include anti-virus software, malware detection tools, firewall upgrades, virtual private networks (VPNs), and other security programs. As mentioned, the terms cyber security and network security are often used interchangeably, which often cover similar bases and deviate at intersections where data storage and data tracking need to overlap.

2. Information Security

Several commercial workplaces use synchronized facets of day-by-day operations. It handles user login, schedule management tools, project software, and telecommunication, among others.

It conserves sensitive information from unpermitted activities containing inspection, modification, recording, and other disruption or destruction. The objective of information technology is to ensure the safety and privacy of significant data such as details of a customer account, financial data, or intellectual property.

3. Operational Security

Operational security is also known as procedural security, which is referred to as a risk of managing processes to view the activity from the perspective of an adversary with the objective to conserve sensitive information from attackers. It includes the below-mentioned steps, as follows –

  1. Identification of sensitive data: Identify the sensitive data containing product research, intellectual property, financial statements, customer information, and employee information; this will be the data one will require to protect resources.
  2. Identification of potential threats: For every category of sensitive information, one must identify the potential threats. It is to be noted that, while you look for potential third-party risks, also watch out for internal threats.
  3. Analyzation of security holes and other vulnerabilities: One must access their information and means of safeguarding and determine the loopholes or other weaknesses associated with security.
  4. Enhance the level of security with respect to each vulnerability: Rank the distinct vulnerabilities based on the likelihood of attacks, the extent of damage, and the duration of recovery from the same.
Short case study - Cyber crime
Short case study - Cyber crime

What Are the Different Types of Cybersecurity?

In this section, we will highlight the different types of cyber security. Cyber security pertains to a wide field possessing distinct disciplines, which mainly can be characterized as follows –

Cybersecurity

a.    Network Security

Major cyberattacks take place over a network and in order to ensure network security, network security solutions need to be utilized which are designed primarily to identify and block such attacks. Moreover, these solutions include data and access controls like Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application controls with the motto to enforce safe web use policies.

Besides this, in order to ensure multi-layered network protection, advanced technologies such as IPS (Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and Reconstruction) are utilized. However, this won’t be enough to prevent such attacks, therefore, network analytics, threat hunting, and automated Security Orchestration and Response (SOAR) must be used.

b.    Cloud Security

Multi-National Companies (MNCs), large organizations, firms, and even startups are constantly adopting cloud computing, which makes cloud security a major priority considering that it engages in data storage, software information, networking, analytics, and intelligence over the internet with the sole objective to provide instant innovation, flexible resources and economies of scale.

Considering the threat to cloud security could result in a breach of security, therefore, it is significant to obtain a cloud security strategy containing cyber security solutions, controls, policies, and services that allow you to protect the entire cloud deployment against such attacks.

c.    IoT Security

The full form of IoT is, the “Internet of Things”, which offers several productivity benefits to an organization, however, the same device tends to introduce the same organization to potential cyber security threats which result in breaches of vulnerable devices inadvertently connected to the internet. IoT security preserves devices from discovering and classification of connected devices, including automatic segmentation to administer network activities and utilizing IPS as a patch (virtual) in order to restrict the exploitation of vulnerable IoT devices.

Cybercrime

a.    Application Security

Like any other activities mentioned here, web applications are also connected to the internet which again impose threat due to flaws in application such as injection, broken authentication, misconfiguration, and cross-site scripting.

Application security is an appropriate way to prevent bot attacks and malicious interactions with APIs and web applications.

b.    Mobile Security

Mobile security is often overlooked which allows access to corporate data, including exposing businesses to threats through malicious applications (apps), phishing, instant messaging attacks, and phone mirroring to name a few. Mobile security preserves such attacks and prevents operating systems and devices from such attacks.

c.    Zero Trust

This traditional security model is a perimeter-emphasized model, which builds walls around the valuable assets of the organization. On the contrary, this imposes distinct issues like imposing possible inside threats and instant dissolution of the perimeter of the network. This security focuses on a granular approach in order to ensure security, including protecting individual resources by a combination of micro-segmentation, observing and enforcement of role-based access controls.

d.    Endpoint Security

As mentioned earlier, the zero trust security model stipulates the creation of micro-segments around data segments wherever they might be. A way to prevent this is by using endpoint security. Endpoint security allows firms, organizations, and companies to preserve end users using devices like laptops, mobile phones, tablets, smartwatches, and desktops with data and network security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and technologies.

In this section, we have understood the types of cyber security; now let’s move to the importance of cyber security to establish a better understanding of preventing cyberattacks since with the introduction of technologies, our vulnerability towards cyberattacks is constantly increasing.

The importance of cyber security differs based on the users or who is utilizing the technologies, it could be a student, business or organization, or banking sector, among others.

What Are the Distinct Importance of Cyber Security?

Importance of Cybercrime

1.      Importance For Digital World

Cybersecurity imposes significant threats to the digital world, especially, when the world is connected with each other digitally. For instance, in 2017 breach of Equifax exposed the data of over 145 million users, while in 2018 the breach of Marriot exposed the data (personal information) of 800 million individuals.

Such breaches of personal data or information had significantly affected the companies financially, most significantly resulting in losing customers. Hereto, cyber security is important to preserve businesses and persons from probable threatening consequences of data or security breaches.

2.      Importance For Banking Sector

The banking sector is the backbone of any sector since a breach of the banking sector of an economy would result in a breach of names, emails, addresses, phone numbers, and other personal information, which further allows access to account information, containing account numbers and balances of customers.

Therefore, such breaches permit the hacker to access an abundance of sensitive data breaches, which could be the reason for fraud and malicious purposes.

3.      Importance For Business or Organizations

The importance of cyber security for businesses or organizations allows hackers to access the data or personal information of customers or clients, which could also include information or details of credit or debit cards. This also results in businesses or organizations paying millions or billions to hackers.

4.    Importance For Students

Cybersecurity is significant for students as well, which allows hackers to access their bank details and credit or debit card information, including access to their Social Security numbers.

With an understanding of the importance of cyber security, let head on to the features of cyber security in the next section.

What Are the Features of Cyber Security, One Should Know?

The entire world is interconnected with the internet, which has significantly enhanced during the pandemic through the usage of web applications or other websites. Despite bringing the entire world close, this has also presented an opportunity for cybercriminals to breach into our systems or mobiles. Considering the level of harm it can cause for an individual or organization or firm, everyone must immediately attain more knowledge with respect to the understanding of features of cyber security. An adequate understanding of the features of cyber security could be the primary step toward establishing a defense against such breaches and attacks.

Features of Cybercrime

1.    Prevention from external threats

External sources are causes for cyberattacks or breaches through phishing, denial of services, endangered web applications, and hostile email attachments, among others. Hereto, such security applications attached to respective systems constantly monitor or prevent these external threats.

2.    Regulatory compliance for security

Information security is significant for any organization or firm, be it the healthcare sector or banking sector, or finance sector. Considering that, all the organizations or firms pertain to an eccentric set of standards, practices, regulations, and compliance with respect to data or information collected by them.

Regulatory compliance is basically ensuring conformance with compliance requirements to laws, specifications, and guidelines processes associated with the business.

3.    Fortification from internal threats

Prevention from internal threats is as much as essential as ensuring preservation from external threats since both inflict threats on the organization or firm. The primary reason for triggering internal threats is misconfiguration, employee mistakes, faulty choices of employees, or bad actors.

Although, a definitive security system and a cybersecurity team attenuate these threats or attacks from organizations or firms.

4. Cloud-based security services

The cloud-based security services refer to the backend brain security systems which utilize a wide range of tools with the objective to ensure proper analytics and intelligence threat. Such services pertain a monitoring security endpoints and pervade machine learning models with the objective to ameliorate the scanning for all-inclusive objectives.

5.    Consolidated solutions

Cybersecurity solutions should provide an absolute panacea to preserve the system of organizations or firms from the wide range of threats. In order to do so, the concerned security experts must know when and how to ensure complete utilization of anti-spam, anti-virus, anti-malware, content filters, and wireless security, among others.

This comprehensive protection or solution tends to preserve the system from such threats or attacks without compromising the confidentiality and security of data and enterprises.

6.    All-inclusive security system: detection, prevention, & response

A wide range of security threats or cyber-attacks can be prevented or blocked by ensuring timely detection or tracking of the same. In order to do so, appropriate platforms are used that tracks such attacks and spontaneously send alert and response to them. The tools such as hardware and software firewalls, network analyzers, SSL or TLS proxy servers, and other web applications or apps or platforms are used.

Cybersecurity Security Awareness & Indian Economy

The Internet had brought a wave of transformation in everyone’s life by altering the way of communicating, sharing updates, playing games, shopping, and even making friends. The internet is affecting every part of our daily life.

Considering its effect on our daily lives and every sector of the economy, it is significant to attain the proper education regarding the proclamation of information with the objective to prevent cyberattacks or crimes, including reenacting that students play a crucial role in creating an ecosystem of cyber security with the motto to restrict cyber-attacks or crimes.

Cyberspace interconnects us globally and keeping in the view that its usage is constantly expanding, the rate of cybercrimes, especially against children and women are rising such as cyberstalking, cyberbullying, cyber harassment, child pornography, and rape content, among others. With the objective to create a safe and sound cyber ecosystem, it is essential to follow cyber-safe practices.

With that, let’s move on to cyber crimes laws in India –

a.    Information Technology Act, 2000 (IT Act)

The IT Act enacts cyber laws in order to regulate electronic means of communication, and trade, including commerce to prevent computer crimes. The overview of the act is defined as –

An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

Penalty & Compensation

  1. Section 43 of the IT Act

The provisions under section 43 of the Information Technology Act, 2000 defines as –

If any person without the permission of the owner or any other person who is in charge of a computer, computer system, or computer network-

“(i) accesses such computer, computer system or computer network or computer resource; (ii) downloads, copies or computer system or computer network or computer resource; (ii) downloads, copies or extracts any data, computer data-base or information; (iii) introduces or causes to be introduced any computer contaminant or computer virus; (iv) damages or causes to be damaged any computer, computer system or computer network data, computer database or any other programmes; (v) disrupts or causes disruption; (vi) denies or causes the denial of access to any person authorised to access; (vii) provides any assistance to any person to facilitate access in contravention of the provisions of this Act; (viii) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network; destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means; (x) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code with intention to cause damage; he shall be liable to pay damages by way of compensation to the person so affected.

It simply signifies that if an individual commits cybercrimes like computer damage to a victim without the consent of the same. Then the owner of the computer is entitled to a refund of the entire damage. While section 66 is applicable to any conduct provided in Section 43 which is considered to be dishonest and fraudulent the cyber criminal is punishable with imprisonment of up to 3 years or with a fine which might extend up to rupees five lahks, or both.

While section 66 is applicable to any conduct provided in Section 43 which is considered to be dishonest and fraudulent the cyber criminal is punishable with imprisonment of up to 3 years or with a fine which might extend up to rupees five lahks, or both.

2. Further Extension of Section 66

Section 66B is defined punishment for deceitful stealing of computer resources or communication devices, it is defined as –

Whoever dishonestly receive or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.

Section 66C, includes information associated with punishment related to identity theft such as using an electronic signature, password, or any other unique identification feature fraudulently or dishonestly, which describes punishment as –

Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.

Section 66D, this section involves information associated with punishment for cheating by personation by using computer resources, which is defined as –

Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.”

Section 66E, this section of the information technology act includes information related to punishment associated with privacy violations such as taking pictures of private areas, and publishing/ transmitting these images without the consent of the concerned individual. If found guilty, the criminal would be punished with imprisonment of up to 3 years or a fine, which can extend up to rupees two lakh or both. Section 66F, the section 66F of the Information Technology Act defines punishment associated with cyber terrorism, be it to threaten the unity, integrity, security, or sovereignty of India or to strike terror in the people. In such cases, the cybercriminal would be punished with imprisonment, which could extend to life imprisonment

3.    Section 67

Section 67 includes punishment associated with publishing or transmitting obscene material in electronic form, as –

Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.”

b.  Information Technology Rules (IT Rules)

The different aspects of data collection, transmission, and processing are covered under this rule as –

It includes details related to sensitive information personal details withheld by entities such as –

  • Password;
  • Financial information such as Bank account or credit card or debit card or other payment instrument details ;
  • Physical, physiological, and mental health conditions;
  • Sexual orientation;
  • Medical records and history;
  • Biometric information;
  • Any detail relating to the above clauses as provided to the body corporate for providing service;
  • Any of the information received under the above clauses by the body corporate for processing, stored, or processed under lawful contract or otherwise

This section defines a set of rules, procedures, practices, and sensitive personal data or information which needs to be complied with. Moreover, an audit will be duly conducted once a year or as required.

The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 help in maintaining the safety related to the online safety of data of users, which administer the role of intermediaries or social media intermediaries with the objective to restrict the data transmission on the internet.

It includes guidelines for the cyber cafes to be complied with, and it includes registration of cyber café to generate unique identification numbers, identification of users, and management of physical layout and computer resources, among others.

This Act includes information related to the electronic service delivery of certain services like applications, certificates, and licenses, by electronic means. It specifically emphasizes on the services provided by the government signifying compliance requirements related to the Creation of a repository of electronically signed electronic records by Government Authorities, Procedures for making changes in a repository of electronically signed electronic records, among others.

This Act includes rules related to distinct CERT-In Rules as per Rule 12 of the CERT-In Rules, providing a 24-hour response help desk. This help desk is operational 24 hours to report the cyber security incidents of persons, organizations, and companies, in case they experience cyber attacks.

c.    Indian Penal Code, 1860 (IPC)

The Indian Penal Code, 1860 includes mentioned sections to prevent cyber crimes –

1. Section 292

This section excises control over punishment related to the publishing or transmission of obscene material or sexually explicit material digitally or electronically. In such case, a fine of 2000 or imprisonment of up to 2 years would be imposed.

2. Section 354C

It defines punishment related to taking or publishing images of the private parts of a woman, including actions. The section 354C is defined as –

Any man who watches, or captures the image of a woman engaging in a private act in circumstances where she would usually have the expectation of not being observed either by the perpetrator or by any other person at the behest of the perpetrator or disseminates such image shall be punished on first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine, and be punished on a second or subsequent conviction, with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine.

3. Section 354D

It includes provisions associated with cyber stalking are included in this section, including tracking, emailing, including attempts to contact her through digital means or electronically. It is defined as –

Whoever commits the offence of stalking shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and shall also be liable to fine; and be punished on a second or subsequent conviction with imprisonment or either description for a term which shall not be less than three years but which may extend to seven years and with fine which shall not be less than one lakh rupees:

Provided that the count may, for adequate and special reasons to be mentioned in the judgement, impose a sentence of lesser period of imprisonment than specified minimum imprisonment.

4.    Section 420

This section includes punishments related to cheating and dishonesty associated with property delivery, which imposes imprisonment of up to 7 years along with fine for crimes such as fake websites or online or cyber frauds.

5.    Section 463

Section 463 involves a punishment of 7 years or a fine, or both for the creation of false documents or false electronic records or part of a document or electronic record.

6.    Section 465

This section is defined as –

Whoever commits forgery shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both.”

d.      Companies Act, 2013

The Companies Act 2013 includes the daily obligations to be complied with by the corporate stakeholders. Each provision associated with the Information Technology Act, 2000 related to electronic records involving the manner and format of electronic recording, as far as it is in variance with the concerned Act would be applicable to records of the electronic form provided under Section 39

Considering that, the Indian government has taken certain initiatives to prevent cyber-attacks or crimes as follows –

Cyber Crime Awareness Booklet on Cyber Security Awareness

Under Cyber Security Awareness, the tips for preventing cybercrime are –

  • To keep your devices or mobile phones updated with advanced or updated safety patches.
  • Use the appropriate security software (latest version) to preserve your system or devices.
  • Always use or download the software or applications from trusted or known sources, and restrict from using pirated software on your system or devices.
  • Protect your devices or mobile phones with strong PIN codes or passwords and do not share the same with anyone.
  • Restrict sharing your net banking password, One Time Password (OTP), ATM/ mobile banking PIN, or CVV, among others with anyone, even if someone claims to be an employee of the bank.
  • Ensure to change the default admin password of the wifi router to a strong one and keep your wireless network encrypted.
  • Be cautious when using public wifi, including avoiding entering your personal and professional information or details while using these networks.
  • Use the virtual keyword to access net banking services on public computers and be sure to log out from the same after completion of the online transaction. Moreover, ensure to delete the browser history.
  • Be certain to scan all the email attachments from viruses prior to opening the emails, including ignoring downloading from untrusted emails.
  • Be cautious while sharing your identity proof, especially the one which identifies your personal or company identity.
  • Keep the IMEI code of your mobile in a safe place that can be the only access to you, an operator could blacklist or block or phone using your IMEI code, if your mobile phone is stolen.
  • Prior to entering your ATM PIN, observe your surrounding and the people around you.
  • Engaged in a detailed discussion of safe internet practices with your family and friends, including motivating them to follow the same in order to prevent cybercrimes or attacks.
  • Avoid sharing bank details or card details on e-wallets it enhances the possibility of theft or fraud due to a breach of security.
  • Contact the concerned authorities instantly if you think your safety is compromised.

Cyber Hygiene for cyberspace

Under the cyber hygiene initiative of the government, the Indian government has introduced some dos and don’ts to be followed in cyberspace emphasizing on different platforms.

Cyberspace is a complex and dynamic environment of interactions among people, software, and services supported by the worldwide distribution of Information and Communications Technology (ICT) devices and networks. The exponential increase in the number of internet users in India clubbed with rapidly evolving technologies has brought in its own unique challenges. Indian Cyber Crime Coordination Centre (I4C) under the Cyber & Information Security (CIS) Division of the Ministry of Home Affairs has prepared this manual to disseminate Cyber Hygiene Best Practices for the benefit of Industrial Bodies/General Public/Government Officials. This should not be considered an exhaustive list of precautions for Cyber Hygiene but baseline precautions that are to be taken.

  • Computer safety tips
Computer safety tips
  • USB device security
USB device security
  • Password security management
Password security management
  • General Internet Safety Precautions
General Internet safety Precautions
General Internet safety Precautions
  • Financial Transactions – Safe Practices
Financial Transactions - Safe Practices
  • Social Media Platforms – Safety Tips
Social Media Platforms - safety tips
  • Mobile Phone Safety
mobile phone safety
  • Malware and E-mail Security Practices
Malware and E-mail Security Practices

Above mentioned is how the Indian government is promoting cyber security, emphasizing email security practices in social media. However, in the next section, we will describe various steps taken by the government to promote cyber security, especially for students.

Describe Various Steps Taken by the Government to Promote Cyber Security For Students

The cyber-attacks are becoming highly challenging as well as sophisticated nowadays, especially through the usage of social media platforms, emails, chatrooms, and websites, among others.

Email spoofing (a technique used in spam and phishing attacks to trick users into thinking a message came from a trusted person or entity), cyberbullying (using an electronic means of communication to bully an individual), job frauds, banking frauds, identity theft, among others have increased with the time, especially after covid, as it has given a kick start to a new era of digitalization. Though, covid-19 has pushed distinct sectors of the economy to work digitally, which certainly contributes to the growth of the economy, while on the other hand, the same can be seen as a significant cause of the increase in cybercrimes.

Let’s commence with how the Indian government is taking initiatives to prevent cyberbullying is often referred to as cyber harassment under which electronic means are used to bully or harass an individual  –

How to stop cyber-bullying?

With the understanding of it, let’s move on to how the Indian government is helping in the prevention of cyber-grooming, which is referred to a situation in which an individual, often an adult befriends a child online and builds an emotional connection with the intention of sexual abuse, sexual exploitation or trafficking –

How to Prevent  cyber-Grooming

Besides social media, the Indian government, like any other economy is taking appropriate initiatives to prevent cybercrime. Recently, the Central government introduced and launched “Cyberdost” (February 2019) – a Twitter handle that is responsible for creating awareness regarding cybersecurity in order to create awareness regarding the same, @cyberdost has tweeted 1066+ tweets containing videos, images, and creatives providing general safety tips to prevent cybercrimes or attacks.

Besides this, we have to dive a little deep into how the Indian government is promoting cyber security, then we would like to highlight that the Indian government has actively engaged in –

  • Radio campaigns
  • SMS sharing with respect to creating awareness against cybercrimes
  • Publicly publishing videos, images, and creatives providing general safety tips to prevent cybercrimes or attacks
  • Publication of Handbook emphasizing “cyber safety of adolescents or children”
  • Publication of Best security practices to reduce or prevent cybercrimes against government bodies
  • Cyber safety and security awareness are being organized through C-DAC along with Police Department of various states

All such measures have been taken keeping the mission of preventing cybercrime.

Conclusion

Just like the entire world, the Indian economy is also considerate regarding the problems introduced by cyber security. This blog highlighted how the Indian government is promoting cyber security, we would like to emphasize that, be it issuing measures, tips, and practices to be followed to prevent cybercrimes with respective departments or ministries, the Indian government has formed the relevant policies and measures to prevent such hideous actions, which does not only cause loss of money but affects the life of a person.

Besides this, the Indian government has successfully introduced and implemented Acts and schemes to prevent cyber security attacks or crimes, such as Information Technology Act, 2000 (IT Act), Indian Penal Code, 1860, and Information Technology Rules (IT Rules), among others. Also, considering the risk imposed by cyber crimes, the Indian government has appropriately included daily obligations to be complied with by the corporate stakeholders to restrict the same issue. The Indian government has dedicated most of its resources not only to making India a developed country, however, also to preventing the breach of information through incorporating legal and technological advances without compromising digitalization.


Written & Compiled by CA Sunil Kumar Gupta

Founder Chairman, SARC Associates

sunilkumargupta.com

Contribution of Artificial Intelligence in Financial Services To Boost Economy of New India

Contribution of Artificial Intelligence in Financial Services To Boost Economy of New India

Has a chatbox ever asked you to open a savings account? Does ever a computerized assistant resolve your queries in minutes?

In this blog, we will understand how Artificial Intelligence drives Indian economy.

The world of AI is tremendously booming and it can be seamlessly seen that no industry or sector has remained untouched by its prevalence. And the world of finance and banking is also among those worlds which are also anchoring the power of kick-fast change in AI.

AI is intelligence demonstrated through machines, as opposed to natural intelligence present in humans and animals. It contains streamlined programs and procedures, including its ability to perform automated routine tasks, improve customer service, and assist businesses in achieving success, not only in the financial sector, but also in other sectors such as telecommunications, manufacturing, and more. 

Therefore, taking the economy on the path of automation. 

Undoubtedly, Artificial Intelligence has been evolving in India since 1950s, from the neonatal stage, when the idea of AI culture had coined to a complete boom state, where AI was intensively being used to store large data, VRs, ARs, and IoTsIndia is taking every possible initiative to embed AI in every nook and corner of society

India’s National Strategy for AI has been prepared by NITI Ayog (a premier policy think tank of the Indian Government through providing directional and policy inputs) to harness the power of AI in distinct fields. AI’s practical and effort approach can adequately address societal needs in distinct aspects of healthcare, agriculture, education, smart cities, infrastructure, smart mobility and transportation.

With the advent of the 21st century, due to its incredible advances in data processing, collection, and computation power, electronics has become ubiquitous in almost every sector, be it the manufacturing or the service sector. Further, AI is now deployed in distinct tasks and decision-making to allow better connectivity and productivity. 

Basic Pillars Which Contribute To The Development of AI

Basic Pillars Which Contribute To The Development of Artificial Intelligence
  1. Talent

Talent is the strongest pipeline for India to be successful and no doubt, India does have the resources for the same. Since India has the largest youth population in the world (around 66% of the population), and with the Indian government’s emphasis on continual training of a high-skilled workforce, India can soon become an AI hub. 

Moreover, India produces twice as many master-level engineering graduates as the United States, which provides it a competitive edge over other countries. And India is moving in the right direction through the introduction of initiatives like AI for Youth (commenced in 2020) to make the youth ready for future AI developments. 

Taking this initiative forward, “Responsible AI For Youth 2022”  was created by the National E-governance Division, Ministry of Electronics and Information Technology, Government of India in collaboration with Intel. It is launched by the Ministry of Electronics and IT. 

  1. Research 

India has the largest AI research community in the world and since 2010, it stands 4th in the largest producer of AI-relevant scholarly papers. It provides an edge to India’s youth population to increase their outreach, especially with their counterparts in the United States.

A two-tier integrated approach is introduced to magnify the core and applied research in AI –

  • Centers of Research Excellence in Artificial Intelligence (CORES), it will emphasize on the core research of AI.
  • International Center for Transformational Artificial Intelligence (ICTAI), this tier will help in establishing an ecosystem for the application based technological development and deployment.
  1. Patents

Since 2012, India ranks in the 10th position in the top 10 AI patent-producing countries, due to the immense increase in AI-driven inventions. Moreover, personal devices and computing, business, telecommunications, including life science are the four largest categories for AI patents in India. 

Collectively, these are associated with over 70% of India’s AI patents and reflect that Indian innovators have emphasized on applying AI to traditional strengths. In the past two decades, India has come a long way in AI patenting, since, the benefit of using patents to protect their devices is reflected. 

  1. AI Companies and Investments

More than 50% of Indian companies applying AI to their products are active in business analytics, medicine, finance, sales, retail, and customer relations.

NASSCOM has predicted that by FY 2026, industrial and automotive, healthcare, retail and CPG and BFSI will contribute 60% of possible AI-driven value to India. Moreover, AI companies and investments are continually bouncing back, considering that private companies’ investment in India has witnessed steady growth from 2015 to 2019. 

  1. Cloud Computing

India is using market cloud computing as a proxy for AI chips to support its AI computing needs since it does not have the domestic manufacturing capacity to manufacture AI chips. Also, India is lagging behind in cloud computing, yet contemporary, cloud bared markets are growing because of the rising demand for computing power. 

Be it talent, research, patents, investment in AI, or cloud computing – India has been moving in the right direction utilizing its population strength by introducing varied initiatives to promote AI in distinct fields.

In addition to that, the government has introduced “AIRAWAT”  (AI Research, Analytics, And Knowledge Assimilation Platform) which is a cloud platform for big data analytics and assimilation, with the power-optimized AI computing infrastructure using advanced AI processing. 

Apart from that, the Indian government has been investing in other schemes such as Digital India with the purpose to boost AI, IoT, big data, and robotics, including providing subsidies to startups under “Start-up India.”

From the given information, we can easily understand that the Indian government has been working on all aspects to make AI a reality in India, from establishing institutes to providing cloud support and AI research. This in return, is contributing to business growth through financial inclusions since, due to the development of AI in the financial services and sector, students can easily access the loan facility for education, training, or even to establish their business. 

How AI is Helping The Financial Services | Contribution of AI in Financial Services To Boost Indian Economy | AI in Financial Services

The field of Artificial Intelligence has enormously evolved since the introduction of revolutionary techniques and algorithms using automated tools. This revolutionized growth of AI in financial services and sectors has significantly been an impetus for the Indian economy.

The majority of banks and financial institutions use and recognize the true benefits of Artificial Intelligence. They are using it to respond to their customers at a faster pace around the clock. Not only does AI help provide a better customer experience, but it also frees up the personnel, improves the security measures of the institutions, and ensures that they are moving in the right direction when it comes to technology. 

Here are some of the ways Artificial Intelligence is helping in the financial services and sectors:

Contribution of Artificial Intelligence in Financial Services To Boost Indian Economy

1. Risk Assessment and Management

Till now, fintech, banks, and other financial institutions were using human resources to assess and manage their risks. Whether it was loan eligibility checking, trading, or banking, human resources were the way to go. 

But with the implementation of AI, these tasks have now become much easier to perform. With the advancement of data sciences and machine learning algorithms, Artificial Intelligence is becoming even smarter in risk assessment and management for financial institutions. 

2. Process Automation

One of the best things about an AI is that it can do the same thing again and again without getting tired, in other words – automation. With the help of AI, financial institutions can automate repetitive and mundane tasks with ease and efficiency. This allows valuable human resources to focus on the other important tasks and projects.

3. Reducing Human Error

Humans tend to make mistakes regardless of how experienced or gifted they are. According to recent studies, more than 90% of cloud breaches and financial frauds are caused by human errors. There have been several cases where the loss of valuable data, capital, and resources has been caused by minor human errors. 

With the implementation of artificial intelligence, these errors have dropped drastically. In other words, AI reduces human errors and saves valuable data and resources while preventing cyberattacks and frauds.

4. Better Customer Interaction

Virtual assistants (VAs) and chatbots can do what regular human resources can not, they can be available for customers 24/7 and offer relevant solutions. Thanks to the implementation of Artificial Intelligence, chatbots and VAs have become even smarter in their workings. 

Of course, the customers of any financial institution still need human interaction to solve difficult problems. Still, thanks to the help of AI, virtual assistants can respond to customer’s needs with minimal effort. 

5. Cyberattack and Fraud Detection and Prevention

Any financial institution, whether it is banks, insurance companies, or brokerage firms, they are always in danger of fraud and cyberattack. And it’s not just the business houses themselves, it’s also their customers who are prone to cyber crimes. 

However, thanks to the implementation of AI, fraud, and cyberattacks are detected and prevented regularly keeping both the financial institution and its customer safe. 

6. Compliance

AI can successfully streamline compliance alert systems to near-perfection, considering that it is built to learn from compliance officers’ data, especially in today’s data-driven compliance environment, AI technology is tremendously improving the efficiency of compliance operations by lowering expenses. 

One of the best examples of “how AI helps in ensuring compliance” could be its usage in IT solutions to address the problem of wasting time and money every day. 

Apart from that, Artificial Intelligence successfully automates the workflow, therefore, minimum time and human resources are necessary to support compliance operations. In addition to that, AI minimizes the possibility of human error which could occur due to the availability of a sheer volume of data.

7. Financial Inclusion

With AI and data analytics, financial products are seamlessly available to a large part of the population, even those with no formal bank account, payslip, or digital financial track record. 

The access to small financial loans have now become feasible, since the entire process is automated and scalable. In addition to that, fintech companies have found a pathway to monetize the regulatory stumbling blocks which have kept traditional banks from lending money to the poor. With the introduction of AI, the idea of money lending has taken a new shape that’s “data available on customer’s mobile.” Therefore, creating a mobile digital credit score, a reality, which was once a dream. 

Financial inclusion has established a new pathway, where a needy person can easily obtain a loan from the banks and financial institutions, thus pushing Indian youth on the path of “entrepreneurship” rather than seeking jobs. Therefore, fulfilling one more agenda of the Indian government that’s “employment generation.”

Such development has marked the emergence of new business models, with traditional banks parenting with fintech to provide digital credit score services, including the emergence of non-bank fintech in a digital lending space.

Apart from that, the use of AI is tremendously increasing to screen loans and select financial product sale recommendations. This is done based on historical data, therefore, eliminating the possibility of prejudice

Benefiting youth with easy access to loans, AI has become a tool for maximizing the access of financial services to farmers using data and machine learning (major components of AI) algorithms to eliminate the possibility of fraud and allow seamless access of funds to credit-worthy farmers

That can allow the government to limit farmers’ suicide in India, since easy access to loans and credit facilities will resolve farmers’ problems by ensuring direct access to equipment for irrigation, fertilizers, etc. Therefore, it will result in better cultivation and profit. 

AI not only resolves credit and funds-associated issues for farmers, youth, or entrepreneurs, but it also provides financial services/ assistance to startups, MSMEs, and emerging tech companies.

With the introduction of AI, financial inclusion has become a reality, where everyone has access to financial services since it facilitates branchless banking that not only minimizes the cost of banking but also makes financial services accessible. 

From AI-based chatbots resolving your query 24*7 to communicate through messaging apps, including educating customers about their financial health, AI has taken over the world.

India is the fastest growing economy with a significant contribution to the development of AI, considering that India has the finest AI research concentrated institutes such as IITs, IIITs, and IISc. 

And let’s not forget, that India is home to a highly skilled workforce, which matches the distinct technological market and a large start-up ecosystem that adds to over 77,000 DPIIT-recognized startups accessing 655 districts of the country as of August 2022. 

Realizing the potential, the Indian government is also taking the necessary initiatives to steer the country and position it among the top leaders in AI. 

Moreover, as per a recent study, AI is estimated to boost India’s annual growth rate by 1.3% by 2035 and has the potential to add 1 trillion to the Indian economy in 2035. 

From this data, we can conclude that AI plays an important role in the development of the Indian economy as a whole.  

However, with tremendous growth, AI also brings “privacy and data protection issues” which are far from only one. Concerns range from threats to privacy to threats to human dignity and safety.

Artificial Intelligence – Issues

Artificial Intelligence is developing at a fast pace and it seems like it could grow so immensely that it would be challenging for humans to control it. Moreover, AI systems developed by humans are working in every possible intelligence they could, now humans are themselves threatened by its development. 

  1. Threat to Privacy

An AI program recognizes speech, understands natural language, and is capable of understanding every conversation via emails and telephone calls. Therefore, the amount of data stored in AI models could impose the risk of data security and privacy violations. 

Proposed Solution –

  • The usage of “state of art encrypted methods” can be used to ensure data security and privacy violations.
  • The use of “low encrypted cloud software” must be avoided.
  1. Threat to Human Dignity

AI has replaced humans in many industries, however, there is no doubt that in the near future, it will replace humans working in dignified positions such as nurses, surgeons, etc. Therefore, the functions performed by AI systems are a substitute for us (humans) that devalues and deteriorates human flourishing.

Proposed Solution –

  • Despite massive improvements in AI technology, any minor fault can impose major risk, especially in the case of the use of AI in hospitals. Therefore, the presence of a doctor is essential to avoid such situations.
  • Software engineers or developers should come up with a hybrid model, where AI technology could assist doctors/ surgeons/ or other practitioners, rather than completely taking over the work. This will prevent the devaluation of human flourishing.
  1. Threat to Safety

AI systems are self-improving and advanced, which can become so mighty in comparison to humans that it could be challenging to prevent them from achieving their goals, which can result in unintentional consequences. 

Therefore, AI applications, which are in direct contact with humans or are integrated into the human body, impose safety risks, since they can be misused and hacked. 

Artificial intelligence is certainly a blessing, only if used for the right purpose and to minimize interference in human lives.

Proposed Solution –

  • Strong and unique passwords and two-factor authentication must be used to prevent hacking.
  • Search engines must be blocked from tracking.
  • Evict the unused applications and extensions.
  • Online browsing must be done through a secure VPN.

Conclusion

“India is all set to be an AI hub, with the right acquisition of talent (youth), research, patents, AI companies, investment, and cloud computing.”

From the introduction of metaverse to bitcoins/ cryptocurrency, indeed the world is on a rollercoaster ride of growth and development.

AI can change the financial services and sector completely, by allowing intelligent automation, labor and capital augmentation, and innovation diffusion which will help in ensuring technical feasibility, availability of structured data, regulatory barriers, and other benefits. Maybe someday, AI would be advanced enough to improve human relationships and resolve ethical issues.

India has emerged as the 3rd largest startup ecosystem globally, containing over 77,000 DPIIT-recognized startups across 656 districts of India as of 29th August 2022. As of September 2022, India had a total of 107 unicorns accounting for a valuation of $340.79 billion. The Indian unicorns (a term used to describe a privately owned startup company with a valuation of over $1 billion) are flourishing in a fast manner since these startups are not only developing or proposing innovative solutions and advanced technologies but are also contributing to the employment generation at a large scale.

Moreover, researchers have seen that AI has the potential to add 1 trillion dollars to the Indian economy in 2035. However, this is not the only factor responsible for economic growth. To know more on what are the factors that will lead to a $30 trillion economy, read it on our upcoming blog.

Something to think about!

Written & Compiled by CA Sunil Kumar Gupta

Founder Chairman, SARC Associates

sunilkumargupta.com

Master Circular On Bank Finance To Non-Banking Financial Companies (NBFCs)

Master Circular On Bank Finance To Non-Banking Financial Companies (NBFCs)

Financial activities of the Non-Banking Financial Companies (NBFCs) are regulated by Reserve Bank of India under the provisions of Chapter III B of the Reserve Bank of India Act, 1934. With the amendment of Section 45 IA of the Reserve Bank of India Act, 1934 in January 1997 and amendment of the National Housing Bank Act, 1987 in August 2019, in terms of Section 29 A of the National Housing Bank Act, 1987, all Non-Banking Financial Companies including Housing Finance Companies (HFCs) have to be mandatorily registered with the Reserve Bank of India.

Background

Consistent with the policy of giving greater operational freedom to banks in the matter of credit disbursement and in the context of mandatory registration of NBFCs with the Reserve Bank of India (RBI), most of the aspects relating to financing of NBFCs by banks have also been progressively deregulated. However, in view of the sensitivities attached to financing of certain types of activities undertaken by NBFCs, restrictions on financing of such activities continue to be in force.

Gist of the Master Circular

This Master Circular consolidates instructions on the above matter issued up to January 04, 2022 by which more autonomy have been given to NBFCs registered with RBI and is summarized hereunder:

(a.) The ceiling on bank credit linked to Net Owned Fund (NOF) of NBFCs has been withdrawn where NBFCs are engaged in principal business of asset financing, loan, factoring and investment activities. Accordingly, banks may extend need based working capital facilities and term loans to all NBFCs and engaged in infrastructure financing, equipment leasing, hire-purchase, loan, factoring and investment activities subject to provisions of para 8 of these guidelines.

(b.) Now, banks may also extend finance to NBFCs against second hand assets financed by them.

(c.) Banks may formulate suitable loan policy with the approval of their Boards of Directors within the existing/prudential guidelines and exposure norms prescribed by the Reserve Bank of India to extend various kinds of credit facilities to NBFCs.

Bank Finance to NBFCs not requiring registration

In terms of “Master Direction – Exemptions from the provisions of RBI Act, 1934” dated August 25, 2016, few categories of NBFCs are exempted from certain provisions of the RBI Act, 1934 including the need for registration with the RBI. Such NBFCs need not to register with the RBI and the banks may take their credit decisions on the basis of purpose of credit, nature, quality of underlying assets, repayment capacity of borrowers and risk perception, etc.

Activities not eligible for Bank Credit

(a.) The following activities undertaken by NBFCs are not eligible for bank credit:

(i) Bills discounted/rediscounted by NBFCs, except for rediscounting of bills discounted by NBFCs arising from sale of commercial vehicles and 2-wheeler and 3-wheeler vehicles subject to the following conditions:

  • the bills should have been drawn by the manufacturer on dealers only,
  • the bills should represent genuine sale transactions as may be ascertained from the chassis/engine number and
  • before rediscounting the bills, banks should satisfy themselves about the bonafides and track record of NBFCs which have discounted the bills.

(ii) Investments of NBFCs in any company/entity by way of shares, debentures, etc. However, need-based credit may be provided to Stock Broking Companies against shares and debentures held by them as stock-in-trade.

(iii) Unsecured loans/inter-corporate deposits by NBFCs to/in any company.

(iv) All types of loans and advances by NBFCs to their subsidiaries, group companies/entities.

(v) Finance to NBFCs for further lending to individuals for subscribing to Initial Public Offerings (IPOs) and for purchase of shares from secondary market.

(b.) Leased and Sub-Leased Assets

Banks can extend financial assistance to equipment leasing companies but they should not enter into lease agreements departmentally with such companies as well as other NBFCs engaged in equipment leasing.

Bank Finance to Factoring Companies

Banks can extend financial assistance to the Factoring Companies which comply with the following criteria with the restrictions mentioned at Paragraph 4.1 (i) and 4.1 (iv) above if:

(a) The companies qualify as Factoring Companies and carry out their business under the provisions of the Factoring Regulation Act, 2011 with notifications issued by RBI from time to time.

(b) They derive at least 50% of their income from factoring activity,

(c) The receivables purchased/financed, irrespective of whether on ‘with recourse’ or ‘without recourse’ basis, form at least 50% of the assets of the Factoring Company ;

(d) The assets/income referred to above would not include the assets/income relating to any bill discounting facility extended by the Factoring Company,

(e) Credit limits extended by the Factoring Companies is secured by hypothecation or assignment of receivables in their favour.

Bank Finance to NBFCs not permitted for:

  •  Bridge loans/interim finance

Banks should not grant bridge loans of any nature or interim finance against capital/debenture issues and/or in the form of loans of a bridging nature pending raising of long-term funds from the market by way of capital, deposits, etc. to all categories of NBFCs.

  •  Advances against collateral security of shares to NBFCs

Shares and debentures cannot be accepted as collateral securities for secured loans granted to NBFC borrowers for any purpose.

  •  Restriction on guarantees for placement of funds with NBFCs

Banks not to execute guarantees covering inter-company deposits/loans thereby guaranteeing refund of all type of deposits/loans accepted by NBFCs/firms from other NBFCs/firms. However, banks are permitted to provide Partial Credit Enhancement (PCE) to bonds issued by NBFC-ND-SIs and Housing Finance Companies (HFCs) as per guidelines contained at para 2.4 of the Master Circular on Guarantees and co-acceptances dated November 09, 2021 as updated from time to time.

Prudential ceilings for exposure of banks to NBFCs

(a.) The definition and method of computation of exposure would be as prescribed in the circular on Large Exposures Framework dated June 03, 2019 and amendments made from time to time.

(b.) Banks’ exposures to a single NBFC (excluding gold loan companies) will be restricted to 20 percent of their eligible capital base (Tier-I capital). However, based on the risk perception, more stringent exposure limits in respect of certain categories of NBFCs may be considered by banks. Banks’ exposures to a group of connected NBFCs or group of connected counterparties having NBFCs in the group will be restricted to 25% of their Tier-I Capital.

(c.) The exposure of a bank to a single NBFC which is predominantly engaged in lending against collateral of gold jewellery (i.e., such loans comprising 50% or more of their financial assets), shall not exceed 7.5% of the bank’s capital funds (Tier-I plus Tier-II Capital). However, this exposure ceiling may go up to 12.5% of banks’ Capital Funds if the additional exposure is on account of funds already lent by such NBFCs to the infrastructure.

(d.) Banks may also consider fixing internal limits for their aggregate exposure to all NBFCs put together.

(e.) Banks should have an internal sub-limit on their aggregate exposures to all NBFCs, having gold loans to the extent of 50% or more of their total financial assets, taken together. This sub-limit should be within the internal limit fixed by the banks for their aggregate exposure to all NBFCs put together as prescribed in paragraph 7.4 above.

(f.) Infusion of eligible Capital Funds, after the published balance sheet date, may also be taken into account for computing exposure ceiling subject to obtaining an external auditor’s certificate on completion of the augmentation of capital and its onward submission to RBI (Department of Supervision) before reckoning the additions to Capital Funds.

(g.) Banks shall adhere to the intra-group limits in accordance with Guidelines on Management of Intra-Group Transactions and Exposures dated February 11, 2014.

Restrictions regarding investments made by banks in securities/instruments issued by NBFCs:

(a.) Banks not to invest in Zero Coupon Bonds (ZCBs) issued by NBFCs unless the issuer NBFC builds up sinking fund for all accrued interest and keeps it invested in Government bonds.

(b.) Banks are permitted to also invest in Non-Convertible Debentures (NCDs) with original or initial maturity up to 1-year issued by NBFCs. However, while investing in such instruments, banks should be guided by the extant prudential guidelines in force, ensuring the disclosure of the purpose for which the NCDs are being issued in the disclosure document and such purposes are eligible for bank finance.

Conclusion:

In view of policy measures to build scale and enhance NBFC’s contribution in 

Global Trade significantly, RBI has brought the master circular, efforts have been made to ease financing to needy borrowers through NBFCs while sensitivities attached to financing have simultaneously been taken care of. We hope this masterstroke would definitely accelerate the trade and economic activity as is expected by Government of India.

Please also refer to previous Master Circular DBR.BP.BC.No.5/21.04.172/2015-16 dated July 1, 2015 on the captioned subject.

For more details on the topic, you may refer to Master Circular no RBI/2021-22/149/ DOR.CRE.REC. No.77/21.04.172/2021-22 dated January 05, 2022 of RBI or access the author at https://www.sunilkumargupta.com/ to explore more on other related topics.