Express Computer

Home  »  Guest Blogs  »  Why Cybersecurity is a National Economic Issue, Not Just a Corporate IT Problem

Why Cybersecurity is a National Economic Issue, Not Just a Corporate IT Problem

Guest BlogsArtificial Intelligence AINews
By Express Computer
0 100

By Govind Rammurthy, CEO & Managing Director, eScan

When the UK’s Cyber Monitoring Centre reported the Jaguar Land Rover (JLR) ransomware attack in October 2025, the numbers were staggering: £1.9 billion ($2.55 billion / Rs. 22,000 crores) in total economic damage, 5,000 organizations affected, and a six-week production shutdown. The government had to offer a £1.5 billion loan guarantee to prevent supplier bankruptcies. It was declared the most economically devastating cyber event in UK history.

For India, this should be more than just a headline—it’s a wake-up call. As our economy becomes increasingly digital, the cost of a cyber incident could cascade across industries, citizens, and government systems.

India’s Cyber Crisis in Numbers
In the first half of 2024 alone, India saw 593 reported cyberattacks, costing over Rs. 11,000 crores. The average cost of a data breach hit Rs. 19.5 crore. WazirX lost $230 million in a single breach, Angel One exposed 7.9 million customers, and government portals leaked 2.5 million Aadhaar and bank records—undermining public trust in digital governance.

Why Enterprise Security Investments Aren’t Enough
JLR had invested £800 million in cybersecurity, yet the attack succeeded. The message is clear: cybersecurity is no longer an IT issue—it’s an economic one.

India’s cybersecurity market, worth Rs. 140 billion in 2024, is expected to double by 2026. Yet attacks persist because our systems are deeply interconnected. A hit on UPI, for example, could disrupt the entire economy, halting payments, logistics, and services nationwide.

The Supply Chain Multiplier Effect
JLR’s breach affected 200,000 jobs. Similarly, India’s manufacturing, IT, and financial sectors are built on real-time, digital supply chains. One weak link can trigger systemic failure. When digital welfare or identity systems are breached, the damage extends beyond data—it erodes trust in the nation’s digital foundation.

The Human Cost
Each data breach affects real people. In 2024, digital arrest scams stole Rs. 2,000 crores from 90,000 victims. For small and medium enterprises (SMEs), cyber attacks can mean closure. Large firms can recover; SMEs often cannot. Yet participation in digital ecosystems is now unavoidable, leaving them exposed without adequate resources or awareness.

Critical Sectors Under Threat
India’s BFSI sector, our most digitized, saw cyber attacks more than double in 2024. The WazirX breach showed how even advanced security setups can be exploited. Following the Pahalgam terror strike, over 1.5 million cyberattacks targeted Indian government sites. The SPARSH portal breach, exposing pensioner bank details, reflected dangerous gaps in basic safeguards.

Healthcare too remains highly vulnerable. AIIMS Delhi endured repeated attacks—proof that sectors where human access cannot be restricted are prime targets.

How Attackers Operate
Modern attackers are patient. They infiltrate systems quietly, conduct reconnaissance, exfiltrate data, and strike only when ready. Once they have your network map, they can return any time. Traditional security—focused on point-in-time defense—cannot keep pace with such sophistication.

What India Must Do Differently

1. Recognize Cyber Resilience as Economic Infrastructure
We treat highways as public infrastructure enabling economic activity, not something individual vehicle owners secure. Digital infrastructure deserves the same treatment. When critical sectors digitize, their cybersecurity becomes essential infrastructure requiring coordinated national attention.

2. Address Supply Chain Security Systematically
The JLR incident proved you can’t secure organizations in isolation. India needs frameworks for:
Cybersecurity standards for critical supply chain participation

Threat intelligence sharing across partners
Rapid response coordinating multiple affected organizations
Understanding that supporting suppliers’ security is enlightened self-interest

3. Design for Human Imperfection
Most breaches involve human error – but this represents security design failure, not human failure. We build systems assuming perfectly trained users. Real humans don’t work that way.

Risk can be significantly decreased by taking small steps that take human fallibility into account. To prevent accidental data leaks, for example, brief delays before outgoing emails are sent enable users to recall messages or correct incorrect recipients. Similarly, implementing multi-factor authentication, verifying transactions via secondary channels, and delaying sensitive operations are not flashy but very successful strategies. These procedures accept that errors are unavoidable and construct safeguards against that fact.

4. Build Long-Term Behavioral Detection
Traditional security focuses on point-in-time detection. But sophisticated attacks unfold over extended periods – insiders slowly exfiltrating data, attackers gradually escalating privileges, small transfers at odd hours.

Each individual event looks normal. The pattern over time reveals compromise. India needs security maintaining long-term behavioral context. This is where AI adds genuine value – identifying patterns humans couldn’t spot in massive datasets over extended timeframes.

5. Prioritize Rapid Detection and Containment
Perfect prevention isn’t achievable. What matters is detection speed and containment effectiveness.
JLR shut down all production globally because they couldn’t determine which systems were compromised. Better network segmentation might have enabled targeted containment. Production could have continued in unaffected facilities while isolating compromised systems.

Enterprises need resilience-focused security. Assume breach. Design for rapid detection. Build surgical containment capabilities. Create systems functioning in degraded but safe modes rather than failing completely.

6. Create Economic Incentives
Current incentives are misaligned. Heavy security investment appears as pure cost with no revenue benefit. Under-investment faces uncertain future costs. Breached organizations often face minimal consequences beyond immediate costs.

We need:
Insurance premiums rewarding demonstrated security capabilities
Procurement preferences for vendors meeting standards
Liability frameworks for inadequate customer data security
Tax incentives for security investments, especially SMEs
Recognition programs creating competitive advantage for strong security

The Path Forward
Cybersecurity is now a pillar of national economic stability. As India digitizes at unprecedented speed, the risk multiplies. The question isn’t whether to slow digitization, but whether we’ll treat cybersecurity as core economic infrastructure before a crisis forces us to.

The technology exists. The expertise exists. What’s needed is unified recognition—across government, business, and citizens—that cybersecurity isn’t a cost, but an investment in safeguarding India’s digital future and the prosperity of over a billion connected lives.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.