Mr. Gaurav Arora – Chief Reinsurance, UW & Claims for Property & Casualty, ICICI Lombard 

Rs 20,000 crore, a staggering figure! According to a CloudSek report, India (check if it is corporate losses or personal or both put together) could face this much of loss current year because of cybercrime. That cybercrime has reached another level as these days cybercriminals have started using sophisticated AI tools, which gives them power to multiply.  India could face a whopping 1 trillion cyberattacks by 2033 unless businesses do more manage risk.

As more enterprises and businesses go digital in India, cyber risk also increases. In the tech-focused new world, traditional measures such as firewalls and antiviruses are no longer sustainable solutions to eliminate attacks and threats. Cyber resilience is a key facet of business growth. Firms must work on a sharp cybersecurity strategy to detect and mitigate threats before they escalate into catastrophic breaches.

Before moving into the solutions, we need to look at the types of cybercrimes that happen and which are the sectors exposed to high risk.

Countering brand impersonation

Trust is the most important factor connecting customers and brands, and a breach could result in terrible consequences. Cybercriminals actively target brand trust, making brand impersonation an increasing threat as they exploit trust to deceive customers, partners, and employees. This could include phishing attacks mimicking corporate emails to fake websites that can steal customer data.

For instance, in 2023, prominent bank customers were the target of an elaborate phishing scam in which fraudulent websites resembling bank portals tricked users into entering account details. There has also been a spike in cases of deepfake fraud, where cybercriminals use AI-generated voices or videos to impersonate executives and conduct fraudulent transactions, as was seen when a finance executive transferred millions of dollars based on a fraudulent video call impersonating their CEO.

The financial hit aside, these incidents can damage a business's reputation and impact customer trust. Companies must take strong corrective measures to monitor such issues and counter this menace.

To combat evolving cyber threats, organizations can leverage AI-driven cybersecurity tools designed for specific risk areas. Solutions like SpyCloud and Recorded Future help detect compromised data on the dark web, KnowBe4 enhances cyber awareness through phishing simulations, SecurityScorecard and BitSight assess third-party risks, while Tenable.io identifies and mitigates security vulnerabilities. The right choice depends on factors like budget, industry requirements, and regulatory compliance.

What sectors are under threat

According to the India Risk Report 2024, cybersecurity is among the top three risks for Indian enterprises, with cyber threats surging 15% year-on-year, making India one of the most frequently targeted nations globally for cyber threats. Despite this, 60% of businesses are still in the initial phases of cybersecurity preparedness, highlighting the urgent need for stronger risk assessments and mitigations.

Multiple reports suggest that some sectors face the brunt of cyber-attacks. The BFSI sector is usually a target of these attacks, with cyber criminals learning about and exploiting key vulnerabilities in banking systems, frequently conducting fraudulent transactions and breaking into databases, resulting in breaches that expose millions of customer records. The Cloudsek report estimates the BFSI sector can face losses of up to Rs 8,200 crore due to cybercrime. Major retail and e-commerce platforms, point-of-sale systems, and online payment gateways are also susceptible to attacks, resulting in the leak of customer details and increasing chances of impersonation and fraud, thus impacting consumer confidence.

Government entities can also face cyber threats from freelancers, hacktivists, and state-backed actors who target critical infrastructure, leak public databases, or disrupt national systems. These attacks can result in major issues and paralyse the state's capacity to perform essential functions. To eliminate risk, companies and government entities should work on implementing zero-trust architectures and introduce real-time threat intelligence and continuous security monitoring to win the battle against bad actors.

What does this mean?

There is no doubt that cyber threats are real and must be combated. Firms should build a structured, proactive approach to cybersecurity rather than work on one that reacts to issues that can crop up. It can start with a broader implementation of AI-driven security tools that can detect anomalies, anticipate potential attacks, and offer proactive solutions. Solid real-time monitoring and threat intelligence that helps detect and contain breaches early must follow this. Regular training modules and phishing simulation exercises for employees will foster a security-first culture across the organization, enhancing overall cybersecurity.

Cyber insurance plans can also help and are emerging as a crucial component of corporate risk management. Like other facets of life, cyber insurance offers a financial safety net, incorporates all the elements mentioned above, and makes sure companies can recover from major cyber security breaches or incidents without facing massive financial liability.

A look at the future

Cyber threats will continue to evolve, challenging even the most advanced security defenses. The way forward is to work on a proactive cybersecurity strategy that combines the best of AI-driven defense mechanisms, real-time monitoring, and solid cyber insurance plans in place. Enterprises must act now to strengthen their cyber resilience. The cost of inaction is high, and those best prepared can emerge successful and thrive.