The cyber security infrastructure in India is struggling hard to catch up the malware ridden Internet and growing cyber attacks against India. The negligent attitude of governmental, private and public sector institutions has further complicated the situation. As there is no requirement to inform about a cyber security breach and cyber security incidence, no private company or institution in India is reporting such crucial cyber security incidences.
Although we have no exclusive law that mandates disclosure of cyber security attacks and breaches to government or its agencies, concepts like cyber due diligence in India, cyber due diligence for companies in India, compulsory appointment of CIOs for banks in India, etc are well established. Still the respective stakeholders have failed to comply with these mandates. This has necessitated enactment of a dedicated law in this regard.
The Indian government is planning to bring a legislation that would ensure strict cyber security disclosure norms. If a company faced cyber attack or cracking incidence, the company would be required to disclose to its clients the impact of such an incident on the safety of their data and information. The company may also be required to inform government or its agency about such incidence.
This is nothing new in foreign jurisdictions like United States where companies are mandatorily required to disclose the nature and impact of any cracking incident. Such companies are also required under the laws of the land to inform the government along with their customers and clients.
Recently cyber security awareness brochures were made mandatory for hardware sale in India. However, the cyber security awareness in India is still not upto the mark. Social media regulation in India is another area of concern for Indian government.
At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we welcome and strongly recommend that Indian government must formulate a legislation that mandates compulsory disclosure on the part of Indian companies. The sooner it is done the better it would be for the cyber security of India.