PremiumNEW DELHI : Indian companies are seeing a wave of cyberattacks as hacker groups and criminals attempt to take advantage of employees working from their homes on vulnerable networks, security experts said.
In addition to the losses that they may incur due to business disruption caused by cyberattacks, firms are having to significantly boost spending to secure their networks, pushing up costs even as revenues dry up.
Such attacks have doubled between 17 and 20 March in India, according to an April PwC report. Software services provider Cognizant reported last week that a ransomware attack on the company is expected to have a revenue impact of as much as $70 million in the second quarter. The US-based has most of its staff in India.
“We...anticipate the revenue and corresponding margin impact to be in the range of $50 -70 million for the quarter," Karen McLoughlin, chief financial officer of Cognizant, said in a conference call with investors.
McLoughlin expects cyberattacks will lead to additional expenditure over investigation, restoration and remediation of the breach and legal fees.
The ransomware attack on Cognizant isn’t an isolated incident. World Health Organization (WHO) has also seen a fivefold increase in cyberattacks. As employees work remotely during the coronavirus lockdown, cybercriminals are using the opportunity to prey on those working outside secure office networks to steal confidential data.
In addition to damaging a company’s reputation, cyberattacks can also result in lawsuits or heavy penalties against loss of data. For instance, India’s draft data protection bill stipulates a maximum penalty of ₹15 crore, or 4% of annual global revenue of a company for infringements.
“A successful cyberattack can shut down systems—not just for a few hours, but potentially for days or weeks. The collateral damage, such as information leaks and reputational damage, can continue for considerably longer," said D.D. Mishra, senior research director at Gartner.
“If the attack vector is denial of service, it can lead to loss of productivity. Ransomware attacks can have clear financial impact. In case of information loss, it can lead to compliance related lawsuits in many countries," said Sajan Paul, country manager, India and Saarc, Juniper Networks.
A 2019 study on cost of cybercrime by Accenture, states that a malware attack leading to information loss, among other risks, can cost on an average $2.6 million annually for companies. Ransomware attacks can cost on an average $700,000.
“The impact of this is even higher now as businesses grapple with covid-19. Businesses are starting to realize that security can be a competitive advantage, and many are spending proactively in quantifying their risk posture to be able to measure and mitigate cyber risks in real-time," said Saket Modi, co-founder and chief executive, Lucideus, a cybersecurity firm.
