Skip to content
Home » Insights » The Legal Shield: Safeguarding Indian Businesses with Cybersecurity Law

The Legal Shield: Safeguarding Indian Businesses with Cybersecurity Law

Cybersecurity Law: Protecting Indian Businesses from Digital Threats

Cyber threats are no longer limited to large corporations. In India, even small and medium businesses face the risk of cyberattacks, data leaks, phishing scams, and ransomware. Despite this, many organisations continue to overlook the importance of cybersecurity law. It is not just about compliance—it is about survival, accountability, and protecting your business’s long-term credibility.

The Legal Framework of Cybersecurity Law in India

Indian cybersecurity law currently spans across multiple statutes, creating a layered yet fragmented legal environment. Businesses must understand how each regulation contributes to their overall compliance obligations.

1. Key Legislations Governing Cybersecurity

  • Information Technology Act, 2000 (IT Act)
    • Section 43A: Companies must pay compensation for failure to protect sensitive personal data.
    • Section 66: Imposes penalties for hacking, identity theft, and other cyber offences.
    • Section 72A: Prevents disclosure of personal data without consent.
  • Digital Personal Data Protection Act, 2023 (DPDP Act)
    • Provides a legal structure for digital privacy, with emphasis on consent, breach notification, and citizens’ data rights.
  • Indian Penal Code, 1860 (IPC)
    • Section 420 & 468: Frequently invoked in cases of online fraud and document forgery.
  • CERT-In Directions (April 2022)
    • Require reporting of cybersecurity incidents within six hours.
    • Mandate data breach response protocols, logging of systems, and designating contact persons.

2. Why Indian Businesses Struggle with Cybersecurity Compliance

Many Indian businesses—especially startups and MSMEs—do not prioritise cybersecurity law due to:

  • Using outdated or pirated software
  • Lack of trained staff or legal oversight
  • Weak or absent network security frameworks
  • Delayed data breach response or non-disclosure
  • Limited awareness of privacy regulations and criminal liabilities under cybercrime law

It often takes a cyberattack or legal penalty for companies to realise the cost of non-compliance.

3. Cases Shaping Cybersecurity Law in India

  • Zomato Data Breach (2021)

Over 17 million user accounts were compromised. Although passwords were hashed, the case highlighted weaknesses in data breach response and incident communication.

  • Sony Entertainment v. CERT-In (2022)

The Delhi High Court upheld CERT-In’s power to demand server logs and detailed breach reports—strengthening enforcement of cybercrime law in India.

  • SBI Server Exposure (2019)

Misconfigured servers leaked millions of customer details. The incident demonstrated the dire need for strong network security and routine audits.

4. Actionable Steps for Indian Businesses

  • Build Strong Network Security
  1. Audit systems regularly
  2. Use encryption and endpoint protection
  3. Deploy two-factor authentication for all access layers
  4. Train employees on phishing and ransomware detection
  • Prepare and Practise Data Breach Response
  1. Create a data breach response policy with clear timelines
  2. Define who reports to CERT-In and the Data Protection Board
  3. Notify affected users without undue delay
  4. Maintain 180-day system logs as per law
  • Ensure Privacy Regulation Compliance
  1. Draft a customised privacy policy that reflects the DPDP Act
  2. Collect only necessary personal data
  3. Obtain informed user consent
  4. Provide users with options to access, correct, or erase data
  • Comply with Cybercrime Law Obligations
  1. Keep forensic logs and IT audit trails
  2. Understand cyber offence liabilities under the IPC and IT Act
  3. Educate your workforce on digital crimes and their legal implications

Constitutional and Judicial Backing

The Supreme Court’s ruling in Justice K. S. Puttaswamy v. Union of India established the right to privacy as a fundamental right. This ruling, along with the DPDP Act, creates a legal expectation that businesses must protect user data through effective cybersecurity law compliance

About LawCrust Legal Services

LawCrust Legal Consulting, a subsidiary of LawCrust Global Consulting Ltd., provides premium Legal services, ranked among the top 10 legal consulting firms in India, and offers business-focused legal solutions that go beyond compliance. As a Top corporate law firm service provider in India, we specialise in contractscompany lawM&AFundraising SolutionsStartup SolutionsInsolvency & BankruptcyDebt RestructuringHybrid Consulting SolutionsIBC mattersdata protectionintellectual property (IP), and cross-border structuring for NRIs. Our fixed-cost legal plans and virtual access make legal support simple, strategic, and scalable.

Need reliable legal backing for your business? Partner with LawCrust — where legal meets growth.

Contact LawCrust Today!

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *