A Parliamentary standing committee uncovered this fund underutilization in government and related agencies’ cybersecurity efforts during regular audits

According to government data from India, the total number of cybersecurity incidents tracked by the Indian Computer Emergency Response Team (CERT-In) was 3,94,499. The number spiked to 11,58,208 in the year 2020 and further increased to 14,02,809 in 2021.

In H1 2022, 6,74,021 cybersecurity incidents had already been reported. Some recent key attacks include one which took out the servers of India’s top medical institution, All India Institute of Medical Sciences (AIIMS) on 23 November.

On December 1, attackers briefly hacked the water resources Ministry’s Twitter handle, the second major cyberattack on a government site. Multiple agencies have been looking into the cyberattack at the crucial installation of the country. Also, at AIIMs, a CIO is being appointed on an adhoc basis to restart the eHospital services and prevent such incidents in the future.

Underutilization of cybersecurity funding
India has been one of the most vulnerable countries to cyberattacks since the pandemic, with 68% percent of organizations in the country having experienced some form of attack on their data.

The number of cyberattacks in the country has witnessed a three-fold increase over as many years, but one new discovery for the landscape is that the funds meant for starting and boosting cybersecurity measures have been underutilized: out of the total of Rs213 crore sanctioned in the Budget Estimate (BE) for such grants, only Rs98.31 crore have been made use of. 

According to a report by a Parliamentary standing committee on cybersecurity matters in the country: the Rs216 BE during the 2021–22 period was reduced to Rs213 crore at the RE (Revised Estimate) stage and actual utilization up to January, 2022 had been only 98.31 crore.

In response, the country’s government has issued guidelines for CISOs regarding their key roles and responsibilities for securing applications and infrastructure, and compliance responsibilities. Moreover, 97 security auditing organizations have been installed to support and audit implementation of Information Security Best Practices. Such audits of all government websites and applications prior to hosting are conducted on a regular basis after hosting as well.

Increasing cyber funding to encourage utilization
The report also cited lower fund utilization with respect to CERT-In, the National Cyber Coordination Centre (NCCC) and data governance processes. It noted: “Cybersecurity has to remain at the forefront of agenda/priority items for the Ministry, and no fund crunch should come in the way of ensuring a safe ecosystem as far as the cyber world is concerned. In fact the Committee feels that the Ministry must dovetail its efforts to achieve a more secure cyber world especially in the wake of renewed challenges in this space. The Committee therefore recommend that funds for cybersecurity may be increased to forestall any failures in this domain for sheer lack of funds.”