Cybersecurity Laws in India- Secure your Brand’s Online Presence

Submitted by asandil on 6/4/2020


Phishing, identity theft, and other forms of cyber fraud have all substantially increased in recent years. Just in the previous year, India had a nationwide 16% increase in cyber-attacks. It seems likely that cybercrime will continue to spread. This emphasizes the significance of creating stronger legal frameworks that deter crime as well as strict cybercrime legislation in India.

Studying the current cybercrime laws in India and assessing whether they adequately protect against these crimes becomes interesting and even important in the given context. Now let’s examine the Indian cyber legislation as it stands and what changes and advancements we may anticipate.


What is cybercrime

Cybercrime can be defined as any criminal conduct involving a computer, networked device, or any other linked equipment. While some cybercrimes are committed with the aim of making money for the perpetrators, other cybercrimes are committed specifically to harm or disable computers or other equipment. It’s also feasible for other parties to disseminate viruses, unlawful information, photos, or any other type of content through computers or networks.

Cybercrime opens the door to a wide range of illegal actions that are done for financial gain, including ransomware attacks, email and internet fraud, identity theft, and fraud involving financial accounts, credit cards, or any other sort of payment card. The main purpose of cyber criminals is to steal and sell business and personal data.

The Information Technology Act of 2000 and the Indian Criminal Code of 160 both apply to cybercrimes in India. It is the Information Technology Act of 2000 that addresses matters pertaining to online crime and electronic trade. The Act was modified in 2008, outlining the definition and penalties for cybercrime. Moreover, changes were made to the Reserve Bank of India Act and the Indian Criminal Code of 1860.

Increase in Cyber Attacks on Systems

Globally, cybercrimes are currently dominating the top newspaper headlines and causing unexpected harm to both persons and industries. Data breaches, identity theft, money theft, and internet time theft are some of the most common types of cybercrime.

Even while cybersecurity and cyber regulations are always improving their skills and coming up with new ways to access new systems. This is the reason; one needs both stronger cybersecurity systems and cyber regulations in India as well as in other nations.

Also, cybercrime lawmakers must keep up with possible security gaps and remedy them immediately if they are to reduce cybercrimes and stop fraudsters in their tracks. Controlling the rising hazards across the country requires steadfast work and persistent vigilance.

Prevention of cyber crimes.

You must evaluate the threat and give it the attention it deserves in order to appropriately prepare for a cyber-attack. Businesses ought to think about the following:

  • They should take into account all potential targets for cyberattacks and any ensuing operational weaknesses.
  • To identify the systems that are most important to the operation, comprehend the vulnerabilities that each system may have, and gauge the effect of a cyberattack on business continuity, it is necessary to conduct a vulnerability assessment of all systems.
  • Companies/organizations should audit their information and operational technology systems.

Preventive measures:

Using national or international technical standards that offer a high level of security is advised for enterprises. Companies without the appropriate technical or financial resources are advised to take these general preventative steps. The following is a list of preventive measures that one must follow;

  • Implementing several levels of protection, starting with physical security, moving on through management rules and procedures, firewalls and network design, computer policies, account management security upgrades, and lastly antivirus software.
  • Putting into practice the idea of least privilege, which limits access and information to only those groups of people who truly require it.
  • Putting in place network-hardening mechanisms, and making sure patch management is adequate and regularly assessed.
  • Protecting crucial systems with the help of technology like protocol-aware filtering and segregation.
  • Ensuring USBs used with any other device are virus-checked and that detachable devices are secured.
  • Additionally, it’s crucial to create business continuity strategies, identify key individuals, and put processes in place in order to stop the negative effects of cyberattacks from worsening and restore corporate operations.
  • Also planning regular training and awareness events for all staff members can be beneficial.
  • Third-party service providers’ compliance audits will also be useful.

Cybercrime laws in India

Information Technology Act, 2000

Indian cyber law is governed by the Information Technology Act, which was written in 2000. This Act’s primary motivation is to give eCommerce reliable legal validity, making it simpler to register real-time time records with the government.

However, a number of adjustments were made when people started abusing technology and cyber attackers became more creative.

The ITA passed by the Indian Parliament, emphasizes the severe fines and punishments protecting the e-government, e-banking, and e-commerce industries. There is a wide range scope of ITA, which has now been expanded to include all contemporary communication technologies.

The key piece of Indian law that directs strict regulation of cybercrimes is the IT Act:

Section 43-Applicable to those who harm computers without the owner’s consent. In such circumstances, the owner is entitled to full reimbursement for the total harm.

Section 66 – it will be applicable if it is shown that a person committed any of the acts listed in Section 43 dishonestly or fraudulently. In such cases, the maximum possible sentence for incarceration is three years or a fine of up to five lakh rupees.

Section 66B – receiving stolen computers or communication equipment fraudulently carries a sentence of at least three years in jail. Depending on the severity, a fine of 1 lakh may be added to this sentence.

Section 66C - this part examines identity frauds including fake digital signatures, compromised passwords, or other distinguishing characteristics. If guilty, a three-year sentence might potentially be accompanied by an Rs. 1lakh fine.

Section 66 D – This section was added on demand. It mostly focuses on punishing cheaters who use computer resources to impersonate others.

Indian Penal Code (IPC) 1980

The Indian criminal code (IPC), 1860, which is invoked in conjunction with the Information Technology Act of 2000, includes provisions for identity theft and related cyber offenses.

The IPC’s most pertinent section addresses cyber frauds:

  • Forgery (Section 464)
  • Forgery pre-planned for cheating (Section 468)
  • False documentation (Section 465)
  • Presenting a forged document as genuine (Section 471)
  • Reputation damage (Section 469)

Companies Act of 2013

The corporate stakeholders cited the Companies Act of 2013 as the legal need required for streamlining daily operations. The directions of the Act’s requirements solidify the essential techno-legal compliances, forcing businesses that don’t comply with them into difficult legal situations.

The SFIO (Serious Frauds Investigation Office) was given authority by the Companies Act of 2013 to bring their directors. Additionally, after the 2014 Businesses Inspection, Investments, and Inquiry Rules were announced, SFIOs have increased their proactiveness and sternness in the area.

The lawmakers made sure that all regulatory compliances, such as e-discovery, cybersecurity diligence, and cyber forensics, are thoroughly covered. The Businesses (Management and Administration) Rules, 2014, set up strong principles reiterating the duties and responsibilities of company directors and executives with regard to cybersecurity.

Need for Cybercrime Laws

Cybersecurity is a concern for every government in the globe, including that of our own nation. It is crucial that India accepts responsibility for the growing number of cybersecurity concerns it is particularly confronting. An investigation of worldwide cybercrime by the Economic Times found that cyberattacks cost the government roughly Rs.1.25 lakh crore annually.

Another study shows that during the first quarter of 2020, there were 3.3 million cyberattacks in India, an increase from 1.3 million, in July 2020, India reported having experienced 4.5 million attacks. The Reserve Bank of India (RBI) recently forbade MasterCard from disobeying the order to store payment system data.

The only way to combat the virtually infinite risks offered by the internet is to put in place a cyber security policy. Protecting important data assets requires a considerable investment of resources from the government.

The nation’s cyber security legislation must be updated to incorporate legal requirements and handle the problems brought on by swiftly evolving technologies.


In order to keep up with the increasing reliance on technology by individuals, in India and around the world, cyber laws must be regularly updated and strengthened. The epidemic has also led to a significant increase in the number of remote workers, which has increased the need for application security. Extra precautions must be taken by the Legislators to stay one step ahead of the imposters so that they can take action against them as soon as they appear. This can be stopped if lawmakers, internet service providers, banks, online retailers, and other intermediaries cooperate well. However, users can ultimately decide whether to take part in the battle against cybercrime. The development of online safety and resilience can only be possible by considering these stakeholders’ behaviors and ensuring they follow the laws of cyberspace.