Role of Cyber Law in Cybersecurity in India


Frauds tend to be the most hi-tech in today’s smart era of communication and digital technologies. Technology is progressing, allowing room for participants from many walks of technocrats, some of whom use it efficiently while others may use it unethically. Cyber laws are acts that provide legal recognition for transactions carried out through electronic communications, also known as electronic commerce, and information storage, to facilitate electronic filing of documents with government agencies and to amend the Indian Penal Code, the Indian Evidence Act, 1872, and other relevant laws., For matters relevant to or incidental to the Bankers Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934, and for things relating to or ancillary to them.

According to India’s cyber law, citizens should be able to use their credit cards without the risk of them getting misused over the internet. This article explains the Information Technology Act, 2008 along with the necessity of the Act in India. This article also analyses the rate at which cybercrime has grown.


There is a concern about the risk of data and valuable personal information being stolen or damaged. Cyber-crime cells are employed in various nations to deal with such acts and punish cyber-criminals. It ranges from complete identity theft to partial identity theft, to breach in the country’s internet and network connection due to massive attacks on its networking resources.

Online communication is already a standard in the digital world, and web users and governments are increasingly at risk of becoming the target of cyber-attacks. Anyone can be a victim of a cybercrime. ATM – password hacking groups move money by stealing personal data from victims’ accounts. In addition,  the issue of pornography and morphed photos of innocent individuals have become a menace of today’s time. To combat and respond to these crimes, specific laws and regulations, referred to as cyber law, must be strictly enforced. International cooperation is a must for cyber security. It will guard against illegal access to computer system resources, information, and data.

The hacks category is also removed, along with other forms of attacks.

In section II, cybercrime is categorized into two sorts of offences. The third section briefly summarizes several types of assaults. The hacker group is mentioned in the next section.

The impact of cybercrime is then described in section V. A brief overview of cyber society is provided in the final section. Cyber security refers to safeguarding internet-connected systems, such as hardware, software, and data, against cyber threats.

Need of Cyber Laws

  • Many crimes and troubles occur in today’s world of the internet and expanding electronic means.
  • To decrease or eliminate these, rigorous rules must be enacted to safeguard users’ rights, property rights, copyrights, and data protection, among other things.
  • Each country’s legal system gets shaped by its cultural, political, social, and economic circumstances.
  • As a result of complex legal difficulties, cyber law is required.
  • Various methods of controlling and regulating electronic devices.
  • Duplicating copies and transmitting them anywhere in the world via numerous channels in a matter of minutes is very easy on the internet.                                                                                            
  • Cyberspace Everyone is welcome to take part. A 40-year-old woman, for example, can have a voice, video, or regular chat with a 20-year-old man who is in another country.
  • Pirated movies, software source codes and game crack-code can be uploaded anywhere in the world in just a matter of seconds.
  • Disseminating pornographic materials, sending threats via email, hacking websites and computers, and other methods of tarnishing a person’s reputation and inciting animosity between people.
  • Credit cards are widely used for shopping and transactions nowadays.
  • All government forms, company forms, passport forms, legal forms, and income tax returns  are filed electronically.

Cyber security

Cyber security indicates the methods and techniques used to protect computers, networks, and data from unauthorized access, flaws, and attacks carried out by cybercriminals via the internet.

ISO 27001 (ISO27001) is an international Cyber security Standard that lays out a framework for developing, implementing, operating, monitoring, reviewing, conserving, and enhancing an Information Security Management System.

India’s Ministry of Communication and Information Technology has a strategic plan called the National Cyber security Policy. This government body’s mission is to protect public and private infrastructure from cyber-attacks.

Cyber security Policy

The cyber security policy is a growing purpose that serves users and producers of all types of information and communication technologies (ICT). It comprises the following:

  • Home users
  • Small, medium, and large Enterprises
  • Government and non-government entities

It acts as a governing framework for actions related to cyberspace security, defining and directing them. It enables all organisations to develop appropriate cyber sescurity policies to fit their needs. The policy lays out a framework for safeguarding data, information systems, and networks.

Confidential Data

[Company name] defines “confidential data” as:

  • Unreleased and classified financial information.
  • Customer, supplier, and shareholder information.
  • Customer leads and sales-related data.
  • Patents, business processes, and/or new technologies.
  • Employees’ passwords, assignments, and personal information.
  • Company contracts and legal records.

Device Security

Company Use

Employees of [business name] are required to safeguard the security of all company-issued devices and information:

  • Password-protect all company-issued devices (minimum of 8 characters). Tablets, desktops, and mobile devices are all included.
  • Before leaving their workplace, ensure that all-important gadgets are secured.
  • Before withdrawing devices from company premises, obtain permission from the Office Manager or Inventory Manager.
  • Don’t discuss personal passwords with employees, friends, senior management, or shareholders.
  • Update security software on your devices regularly.

Personal Use

Employees may be required to access corporate networks using personal devices, according to [Company name]. Employees are required to disclose this information to management for record-keeping purposes in these circumstances. All personnel are obligated to protect the company’s systems:

  • Passwords protect all personal devices used to access company-related systems (minimum of 8 characters).
  • Get antivirus software with all of the bells and whistles.
  • Ensure that your antivirus software is up to date regularly.
  • If you’re going to leave your devices unattended, make sure they’re locked.
  • Maintain a secure environment for all devices at all times.
  • Always use private and secure networks.

Email Security

Data theft, financial scams, and malicious software such as viruses and bugs can be spread through emails, so keeping them secure is a top issue. As a result, every employee at [business name] must:

  • Check each email for authenticity, including the sender’s name and email address.
  • Don’t open suspicious emails or attachments, and don’t click on links in suspicious emails.
  • Check for any grammatical mistakes.
  •  Stay away from titles and links that are to get people to click on them.
  • If you receive any strange emails, contact the IT department.

Transferring Data

[Company name] understands the dangers of transmitting confidential information both internally and externally. To reduce the risk of data theft, we need all staff to:

  •  Don’t give away confidential information to employees or others.
  • Only send sensitive information across the networks of [business name]. Obtain the necessary authorization from senior management.
  • Comply with [business name’s] data protection law and confidentiality agreement by verifying the receipt of the information and ensuring they have adequate security measures in place.
  • Report any breaches, harmful malware, or fraud to the IT department as soon as possible.

Disciplinary Action

If you break this policy, you could face disciplinary action, including termination. The seriousness of the infraction determines [Company names] disciplinary procedures. Unintentional infractions will receive simply a verbal warning; repeated violations of the same sort will receive a written warning; and intended violations will result in suspension and/or termination, depending on the circumstances.

Need of Cyber security policy

1) It increases efficiency

The best part about having a policy is that it allows consistency, saving time, money, and resources. Employees should be informed about their specific duty, as well as what one can and cannot do with sensitive information held by the company, according to the policy.

2) It upholds discipline and accountability

When a human error causes a system security breach, the organization’s security policy will support any disciplinary as well as legal action. Organization policies serve as a contract that demonstrates that a company has taken steps to safeguard its intellectual property as well as its consumers and clients.

3) A commercial agreement can be made or broken by it

During a business transaction involving the transfer of sensitive information, enterprises don’t need to submit a copy of their information security policy to other vendors.

4) It aids security literacy training for staff

A well-written security policy can also be viewed as an educational document that informs readers about the importance of their role in safeguarding sensitive data held by the company. It includes everything from picking the appropriate passwords to giving file transfer and data storage standards, all of which raises employee understanding of security and how it may be enhanced.

To keep our network secure, we employ security policies. During the installation, the majority of security policies are generated automatically. We can also tailor insurance to our particular circumstances. It explains the government’s approach and strategy for protecting the country’s cyberspace. It also provides some guidelines for collaboration between the public and private sectors to protect data and information systems. As a result, the policy’s goal is to establish a cyber security framework that leads to specific activities and programmes to improve cyberspace security.

Types of Cyber Security

  1. Phishing is the act of sending phoney emails that look like they came from a credible source. The goal is to steal personal information such as credit card numbers and login credentials. It is the most common cyber-attack.
  2. Malware is a sort of malware that aims to gain unauthorised access to a computer or damage it.
  • Ransomware is a sort of malicious software that is used to infect computers. Its purpose is to extort money by restricting access to files or the computer system until a ransom is paid. Paying the ransom does not guarantee that the files or system will be restored.
  • Emotet According to the Cyber security and Infrastructure Security Agency, “Emotet is still one of the most expensive and damaging malware programmes.”
  • Denial of Service A denial of service (DoS) attack overwhelms a computer or network, preventing it from responding to requests. Other methods may be utilised, and some cyber attackers take advantage of the period while a network is down to launch attacks. To conduct more attacks the network has been shut down. Botnets, often known as zombie systems, are computer networks that attack and overpower the processing power of a target. Botnets can be found in many different places, each with its own set of issues.

Laws Protecting Cyber Laws in India

Information Technology Act, 2000[1]

This Acts purpose is to provide legal protection for e-commerce while also making real-time data registration with the government more convenient. However, cyber attackers became more cunning. The IT Act, which was passed by the parliament, emphasises on the sanctions and fines that are put in place to protect the e-government, e-banking and e-commerce industries. ITA’s reach has been expanded to include all of the communication devices. The most important is the Information Technology Act, which directs all Indian legislation to regulate cybercrime:

Section 43[2] – People who damage computers without the owner’s permission are subject to this penalty. In such situations, the owner is entitled to full reimbursement for any damages.

Section 66[3] -If a person is proven to have committed any of the acts listed in section 43 dishonestly or fraudulently, this law applies.

Section 66B[4] -Included are the penalties for receiving stolen communication devices or computers in a fraudulent manner, which affirms a possible three-year sentence. Depending on the severity, this period can be increased by a fine of Rs. 1 lakh.

Section 66C[5] -This section examines identity thefts including impostor digital signatures, password hacking, and other distinguishing characteristics of identification. If convicted, a three-year sentence with a fine of Rs.1 lakh might be imposed.

Section 66 D[6] -This section was added on the fly, to punish cheaters who use computer resources to impersonate other people.

The Information Technology Act was passed by the Indian government with the following goals in mind. −

  • To provide legal recognition for transactions conducted by electronic data interchange (EDI) and other forms of electronic communication, also known as electronic commerce or E-Commerce.
  • The goal was to develop alternatives to paper-based communication and information storage systems.
  • The Reserve Bank of India Act, 1934, as well as for matters relating to or ancillary thereto.

As a result, Act No.21 of 2000, the Information Technology Act of 2000, was enacted. On June 9, 2000, President Clinton signed the Information Technology Act, which went into force on October 17, 2000. India has become the world’s 12th country to implement a Cyber Law regime as a result of this legislation.

Indian Penal Code (IPC) 1980

To prosecute identity theft and related cyber fraud the Indian Penal Code (IPC), 1860, and the Information Technology Act of 2000 are used. Cyber fraud is in the IPC’s relevant section:

  • Forgery (Section 464)
  • Forgery pre-planned for cheating (Section 468)
  • False documentation (Section 465)
  • Presenting a forged document as genuine (Section 471)
  • Reputation damage (Section 469)

Companies Act of 2013

The Companies Act of 2013 is referred to by corporate stakeholders as the legal requirement for every day’s operational requirements. These Acts directives bind all required techno-legal compliances, putting less compliant businesses in a legal bind. The SFIO (Serious Frauds Investigation Office) was given powers to prosecute Indian firms under the Companies Act of 2013 firms and their executives SFIOs have also become much harsher in this area with the announcement of the Companies Inspection, Investment, and Inquiry Rules, 2014.

Cyber forensics, e-discovery, and cyber security diligence are all covered under the legislature. The Companies (Management and Administration) Rules, 2014 establishes tight criteria for company directors and leaders to follow when it comes to cyber security requirements and responsibilities.

NIST Compliance

The Cyber security Framework (NCFS), As the most trusted global certification authority, offers a coordinated approach to cyber security as certified by the National Institute of Standards and Technology (NIST). The NIST Cyber security Framework contains all of the necessary rules, standards, and best practices for effectively managing cyber-related risks. The flexibility and cost-effectiveness of this system are paramount. It does so by:

  • Enabling improved cyber security risk interpretation, management, and mitigation — to reduce data loss, data abuse, and the expenses associated with data restoration.
  • Identifying the most crucial activities and operations to concentrate on securing them.
  • Organizations that secure important assets must demonstrate their trustworthiness. Aids in the prioritisation of investments so that the cyber security return on investment is maximised.
  • Regulatory and contractual requirements are addressed. Supports the larger mission of information security.
  • Cyber security risk management becomes easier when the NIST CSF framework is combined with ISO/IEC 27001.

Role of Cybersecurity in Cyberlaw

Cyber security experts are in charge of safeguarding IT infrastructure, edge devices, networks, and data at a high level. They’re in charge of preventing data breaches as well as monitoring and responding to attacks on a more detailed level. Many have programming, systems, or network administration skills, as well as math and statistics expertise. Those abilities are unquestionably important in an IT security professional’s position, but critical thinking, curiosity, and a desire to learn and investigate are as important. Companies should not limit themselves to a narrow pool of candidates because those attributes exist in people from many walks of life. Hackers are also naturally artistic. Security professionals must be astute to outwit them.


New security risks emerge regularly, and IT security professionals must keep up with the most recent hacking techniques. In addition to the above-mentioned high-level responsibilities, IT security teams also do the following tasks:

  • Establish user access controls and identity and access management systems, as well as their implementation.
  •  Keep an eye on network and application performance to look for anomalies.
  • Conduct frequent audits to ensure that security procedures comply.
  •  Use endpoint detection and prevention software to block harmful hacking attempts.
  • Implement patch management mechanisms to ensure that apps are updated automatically.
  • Set up comprehensive vulnerability management mechanisms across all on-premises and cloud assets.
  • Create a disaster recovery/business continuity plan in collaboration with IT operations.
  • Collaborate with HR and/or team leaders to train staff on how to spot suspicious behaviour.

Critical Skills

  1. Strategists – Professionals in cyber security should be able to proactively deploy security measures and controls within enterprises, considering the risks of each action. Advanced security protocols necessitate tactical and strategic assessments of workflows, dependencies, budgets, and resource allocation. Professionals must stay one step ahead of hackers by studying how they infiltrate networks and techniques for preventing them because new ways to hack information are constantly appearing.
  2. Communicators – Effective collaboration with teams and clients requires management and communication abilities. Every member of a company’s staff is affected by technology and security. By teaching and empowering people to assist secure systems, security professionals can interact in meaningful ways.
  3. Lifelong Learners – Technical proficiency is also a must-have ability. The rapid rate of IT security development necessitates constant study, training, and certification. To be able to tackle complicated security challenges, these specialists must be constantly learning new advanced technology skills.


To summarize, while a crime-free society is ideal and merely a dream, there should be a continuing effort to keep criminalities at a minimum through the use of rules. Crime based on electronic law-breaking is expected to increase, especially in a society that is becoming increasingly reliant on technology, and lawmakers must go above and beyond to keep impostors away.

Technology is always a two-edged sword, capable of being employed for both good and evil purposes. Steganography, Trojan Horse, Scavenging (and even Dos or DDos) are all technologies that are not crimes in themselves, but when they fall into the wrong hands with an illegal purpose to exploit or misuse them, they are classified as cyber-crime and are punishable offences. As a result, rulers and legislators should make strenuous efforts to ensure that technology develops healthily and is employed for legal and ethical economic growth rather than criminal activity. It should be the responsibility of the three stakeholders.                                                                                                                      

[1] Information Technology Act, 2000.

[2] Section 43 of Information Technology Act.

[3] Section 66 of Information Technology Act.

[4] Section 66B of Information Technology Act.

[5] Section 66C of Information Technology Act.

[6] Section 66D of Information Technology Act.


Which is the main cyber law in India?

The main law governing the cyber laws is the Information Technology Act, 2000 which had come into force on October 17, 2000. The main purpose of this act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the government.

What is Cyber Security?

Cyber Security indicates the methods and techniques used to protect computers, networks, and data from unauthorized access, flaws, and attacks carried out by cybercriminals via the internet.

What is the need for Cyber Security Policy?

It helps to increase efficiency, uphold discipline and accountability, and aids in security literacy training for staff.

What is NIST Compliance?

The NIST Cyber security Framework contains all the necessary rules, standards, and best practices for effectively managing cyber-related risks. The flexibility and cost-effectiveness of this system are paramount.

What is the role of cyber security experts?

Cyber security experts are in charge of safeguarding IT infrastructure, edge devices, networks, and data at a high level. They’re in charge of preventing data breaches as well as monitoring and responding to attacks on a more detailed level.

Are the provisions of Indian Penal Code applicable?

To prosecute identity theft and related cyber fraud the Indian Penal Code (IPC), 1860, and the Information Technology Act of 2000 are used.

Get in Touch


Please enter your comment!
Please enter your name here


Subscribe Us



Submit Your Post!


     Web Stories

Stay Connected

-Join our Whatsapp Group-spot_imgspot_imgspot_imgspot_img

Latest Posts