Corporate India: $400 Billion security risk
Mahesh PV

In a study across BPOs and IT companies in India by BPONews and Agile Systems Consulting, it was shockingly found that only 391 Companies were ISO 27001 certified. ISO 27001, is a standard applicable to the industry, and considered to be the final certification of Management Systems to a secure Information security framework. One expert says cyber crimes will cost us hundreds of billions.

We spoke to Navin Chopra, who heads Agile Group. In the recent past he has held Director Positions in Consulting Firms like KPMG and Intertek Plc. To his credit, he has more than 500 Training Programs on Management Systems and has delivered in excess of 3000 high-profile assignments of varying magnitude globally. “It is shocking to see that on one hand India is being seen as an IT powerhouse and on the other there are a mere 391 Indian ISO 27001 Certified Companies. When I speak about it to our foreign counterparts they feel that for them to outsource more India will have to establish its eSecurity better”.

On last count, with estimates from various associations, we found out that there are at least 9000 Companies in India who may be in critical needs of this certification. These include IT, BPO, Telecom, Financial Services, Insurance, Healthcare and Infrastructure. With everything going the e-way, the need is even more pronounced.

Let us wave through a few facts based on studies conducted in US, India and Europe. Cyber crime is now officially the biggest Industry in the world, leaving Drug Trafficking behind. It is also the fastest growing crime in the world. If Cyber crime were an industry then its turnover would be around twice as much as the total technology spend of the US, and that in US alone. India thus stares at a frightening future. According to some estimates, Cyber crime amounts to a whopping $1.8 trillion and is climbing at a fast pace. To counter these threats US companies alone are spending in excess of $20 billion each year. The Cyber crime in India is estimated to reach $400 billion by the year 2012. India will need as much as $9 billion to counter this menace, if we do not do something now.

Cyber Law experts such as Pavan Duggal and Karnika Seth (both senior practitioners in Supreme Court of India) have repeatedly expressed frustration at the state of affairs in India. Pavan says “From trying to solve credit card frauds to dealing with emails from terrorists, the Indian Police is inadequately staffed and skilled to act upon such crime and criminals”. Karnika opines “Unless we have a better rate of prosecution no changes in the IT Act will bring about change. The Government has a hard task in educating, training and skilling it’s Police force to the standards where we can pre-empt, fight, investigate and prosecute under the present IT Act and other prevailing laws”.

One of the most sought after cyber forensic experts, Samir Dutt who heads Forenciscguru (a leading cyber forensics firm) says “India is totally under-prepared to fight this threat. On a scale of 1 to 10 the developed world Corporates easily score a 7 but if you compare their Indian counterparts the score is as dismal as 3, or at best 4 in some cases. That gives you the true picture which is rather grim. We need to get into action without any delay or face the consequences”.