Decoding the Latest Government Cybersecurity Policies 

 Technology has become an integral part of our lives and the importance of cybersecurity in today's day and age cannot be overemphasized. In 2021, India faced approximately 11.5 million cyberattack incidents, encouraging enhancement in governmental policies and infrastructure. This highlights the importance of  robust government cybersecurity policies.  

In this blog you’ll read about :  

1. Why cybersecurity policies matter in today’s digital age 

2. Key government regulations and strategies (Both India as well as abroad) 

3. Objectives of Recent Government Cybersecurity Policies 

Importance of cybersecurity  

We live in an era where digital modification is at its peak. Cybersecurity policies and measures play an important role in protecting individuals, businesses and governments from malicious cyber attacks or threats. And it is important to discuss why exactly they matter.  

• Cyberattacks like malware, ransomware, phishing attacks, and data breaches are rising and it is very important to note that these are not the only form of cyber attacks. With technology advancement, cyberattacks are getting advanced as well. There are many variations of cyberattacks and it is very important to create awareness about each one of them. These threats can lead to financial losses, data theft or system damage/disruption.  

• Cybercrime is estimated to cost the world $10.5 trillion annually by 2025 and the costs required to recover from the loss including investigation, repairing the damaged systems etc. can be very significant.  

• Cyberattacks can also be aimed at power grids, healthcare systems, and financial institutions causing major national crises.  

• Privacy in this digital era is at risk due to a big amount of data being shared online. It is important to safeguard personal privacy by protecting the personal data provided by the individuals from any kind of unauthorized access.  

•   Many big firms can also be a victim of cyberattacks resulting in major financial loss, disruption in the services and can also harm one’s reputation. 

Therefore, by implementing effective cybersecurity measures, many businesses, individuals and the government itself can be protected from cyberattacks and prevent any kind of issues that are listed above.  

Cybersecurity Laws & Strategies: India and Beyond 

With the fast growth of cyber threats, India continues to develop its cybersecurity laws to protect individuals, businesses, and national security. Some of these laws are listed below :  

1. Information Technology (IT) Act, 2000 (Amended in 2008) : It is  India's primary law governing cybercrime, e-commerce, and digital transactions. It is an Act to provide legal recognition for the transactions carried out by means of electronic data interchange and other means of electronic communication. Some key features of this act are :  

2. Granting statutory recognition and protection to electronic transactions and communications; 

3. Aiming to safeguard electronic data, information and records; Aiming to prevent unauthorised or unlawful use of computer systems; and 

4. Identifying activities such as hacking, denial-of-service attacks, phishing, malware attacks, identity fraud and electronic theft as punishable offences. 

The amendment in 2008 was introduced to strengthen cybersecurity. Major changes included :  

• Section 66A: Punishment for sending offensive messages online (later struck down by the Supreme Court in 2015). 

• Section 66B: Punishment for receiving stolen computer resources. 

• Section 66C & 66D: Identity theft and online impersonation penalties. 

• Section 66F: Defines cyber terrorism as an offense punishable with life imprisonment. 

• Section 43A: Companies must protect sensitive user data and compensate for data breaches. 

• Section 72A: Punishment for disclosure of personal information without consent. 

• Section 69: Allows the government to intercept, monitor, and decrypt information in case of national security concerns. 

• Section 69A: Empowers authorities to block websites in the interest of sovereignty and security ( banning apps like TikTok and PUBG). 

2. Indian Penal Code (IPC) – Cybercrime Provisions, 1860 : Apart from the IT act, there are certain crimes that are attracted by the Indian Penal Code (IPC) provisions as well.. Certain cyber crimes are punishable under the IPC, such as hacking (Section 66) and identity theft (Section 66C). Amended many time since, it covers almost all substantive aspects of criminal law and is supplemented by other criminal provisions 

3. The National Cyber Security Policy, 2013:  This policy aims at protecting  information infrastructure in India and strengthening cyber security measures. It was India's first comprehensive framework aimed at securing cyberspace, protecting critical infrastructure, and promoting cybersecurity awareness.  

The revised National Cybersecurity Strategy (NCS), 2024 will introduce: 

•  Stronger Protection for Critical Infrastructure 

•  Zero Trust Security Model  

•  AI and Blockchain Integration – New technologies to enhance cybersecurity. 

•  Better Data Protection & Privacy Measures – Strengthening compliance with the Data Protection Act. 

• Stricter Cybercrime Laws – Improving legal provisions under the IT Act & IPC. 

•  Cybersecurity Education & Training  

4.  CERT-In (Indian Computer Emergency Response Team) Guidelines, 2022 : The Indian Computer Emergency Response Team (CERT-In) is a national agency responsible for handling cybersecurity threats and attacks in our country.  In April, 2022 new cybersecurity guidelines were issued to strengthen incident reporting and response mechanisms for businesses and organizations. Key highlights include :  Mandatory Reporting of Cyber Incidents, Data Retention & Logging Requirements, Strict VPN & Cloud Provider Regulations, Synchronization with NTP Servers and Strengthened Cybersecurity Cooperation.  

5.  Other Important Regulations include :  

6. Reserve Bank of India (RBI) Cybersecurity Guidelines: Provides data leak prevention strategy for banks that should include data in motion and data at rest, as well as data processed in endpoint devices, in order to help safeguard sensitive business and customer information. 

7. Data Protection Rules under the Telecom Regulatory Authority of India (TRAI):  This aims at protecting telecom user data. 

•  Digital Personal Data Protection (DPDP) Act, 2023 : India’s new law which aims to protect people’s personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes i.e allowing businesses to use data responsibly. Some of the key features of this act are :    

• Violation Penalties : In Case of serious data breaches, one is fined with Up to ₹250 crore and ₹200 crore for failing to prevent data breaches. 

• Applicability : This act applies based on where the data is being collected, who is processing the data and the actual purpose of processing that data. It is applied to personal data collected online or digitized offline data within India. This also comes with some exemptions. It doesn't cover personal data processed for personal or domestic purposes.  

• Rights of Individuals (Data Principals)  

> Right to Access Information – Individuals can have an idea on how their data is being used and processed.  

> Right to Correction & Erasure – Individuals can request for correction and erasure/deletion of their data.  

> Right to Grievance Redressal – Individuals can file a complaint if any of their data rights are violated.  

> Right to Nominate – can appoint someone to exercise rights in case of incapacity/death.   

Major Cybersecurity Policies Around the World :  

Now that we have read about the major cybersecurity regulations of India, it is also crucial to know how the rest of the world is working on these issues as well.  

1. General Data Protection Regulation (GDPR) – European Union (2018) : Came into effect on May 25, 2018, it establishes strict rules on how personal data is collected, processed, stored, and shared, giving individuals greater control over their information.  

2.  Executive Order 14028 – United States (2021) : Titled "Improving the Nation’s Cybersecurity," this order was issued by President Joe Biden on May 12, 2021. It mainly aims to strengthen the cybersecurity framework of the United States federal government and protect critical infrastructure from cyber threats and incidents.  

3. China’s Cybersecurity Law (2017) : This was China’s first comprehensive regulation on data security, network governance, and personal information protection. Its key aspects include Critical Information Infrastructure (CII) Protection, Personal Data Protection, Cybersecurity Incident Reporting, Government Surveillance & Law Enforcement.  

Goals of Recent Cybersecurity Policies 

• Strengthening National Security : Government data is very sensitive and needs proper protection. Protecting this data and and the critical infrastructure from cyber threats and foreign attacks is very important.  

• Implementing Zero Trust : Following the principle : "Never Trust, Always Verify" which ensures strict access controls and continuous monitoring.  

• Combating Cybercrime : Introducing strict laws against cyberattacks  

• Cyber Incident Reporting: Making rapid cyber incident reporting compulsory (e.g., US CIRCIA, EU NIS2).  

• Improving International Collaboration :  Promoting cross-border cooperation to tackle global cyber threats. 

Conclusion :  

The increasing rate of cybercrime calls for an urgent need of strict government laws and policies, adoption of Zero Trust models, and AI-driven security measures. Governments worldwide are continuing to implement such cyber laws to safeguard personal data and prevent financial losses. It is also very important to create awareness so that individuals and businesses can also align with these regulations and ensure a safer digital future.  

-Bhavgun Kaur