India is embracing digitalisation, as are many countries, and doing so at a blistering pace. It is one of the largest and fastest-growing markets for digital consumers, with 825m internet subscribers as of 2021, second only to China. Widespread digital adoption has been hastened by pandemic-induced consumer behaviour, including broad use of digital payments such as government-supported e-Aadhaar cards (used for identification and digital payments), internet for all, taxation and an ecosystem for facilitating digital governance. Continued Indian economic growth will also be an ongoing contributor to increased IT-enabled services and digital methods — resulting in core digital sectors increasing in GDP to $435bn by 2025.
India in fact, is digitalising faster than any other country except for Indonesia, as shown in a study of 17 mature and emerging economies. As of 2020, India has 1.5bn mobile ‘phone users and 24.27bn apps downloaded from app stores, including Apple’s App Store and Google Play. This translates to 11.3% of the 218bn app downloads reported globally. Still, there remains plenty of room to grow: Just over 40% of the population has an internet subscription.
Digital uptake points to bright economic outlook
The continued zeal for digitalisation points to tremendous potential for economic growth and opportunity. Estimates are that by 2025, core digital sectors such as IT and business process management, digital communication services and electronics manufacturing could double their GDP level to between $355bn to $435bn. Productivity unlocked by the digital economy has the potential to create 65m jobs by 2025.
Tangible impacts of digitalisation in the marketplace include a growing embrace of a variety of new, faster payment modes within the Indian digital payment space. Digital payment has seen extraordinary growth in the last few years, with the volume of transactions increasing at an average compound growth rate (CAGR) of 23%. That growth has been driven by multiple factors, chief among them the launch of new and innovative payment products, increasing smartphone adoption, a growing need for faster payment modes and a strong push from the government and regulators toward adoption of digital channels.
Prior to 2010, digital transactions saw single-digit growth. From 2010 to 2016, this figure rose to 28% owing to the launch of faster payment modes in the country and jumped to 56% in 2016-17 following demonetisation. The COVID-19 pandemic has further accelerated the shift to digital payment modes. Together, these factors are likely to create a revenue pool of INR2.937tn ($39.04bn) by 2024-25 for payment players – a figure that stood at INR1.982tn in 2019-20.
Threats emerge with greater exposure
Along with expanding opportunity, comes an acceleration in exploitation efforts by cyber criminals. The threat landscape in India, as well as in the APAC region, has been constantly evolving and is becoming more sophisticated and targeted in nature. The proliferation of new digital payments/transaction channels, the increasing embrace of 5G technology and the expansion of the internet of things (IoT), have all helped to increase exposure to cyber threats. This is due to the expansion of a massive number of attack surfaces — those technological areas where bad actors can exploit vulnerabilities for an attack, from mobile devices to workstations and laptops, network file servers, applications, outdated software and more.
For example, on a global scale, we have seen 39% of consumers expressing an intention to upgrade to 5G, helped along by an increasing interest that emerged during the COVID-19 health crisis work-from-home migration. However, analysis based on current 5G smartphone ownership, tech attitudes, life stage of consumers, income and demographics reveals that only about 21% of consumers would realistically upgrade to 5G in 2021 (the rest in 2022 or later). This still translates to at least 300m customers across 20 markets who would be 5G subscribers in 2021.
Commercial launches in India, Brazil and Indonesia could surpass that figure. IoT analytics predicts there will be about 11.6bn IoT devices by 2021. These devices provide a particularly large attack surface due to their internet-supported connectivity and can be hacked remotely, presenting an expansive area of vulnerability.
Digital adoption and growing consumer risks
Today’s threats increasingly focus on individual internet users, who can be especially vulnerable and easy targets for cyber criminals who can obtain larger financial gains with little investment. Most recently, a trend of targeted attacks within the country has been observed, involving accessing some sensitive data that can be misused by cyber criminals.
Consumer cyber crime takes many forms – as shown in the graphic below – but the risks associated with digital adoption fall into broader patterns or ‘types’. These can be divided into categories including: Floating, non-existent ‘agencies’ which dupe customers with the pretext of supplying food, medicine, oxygen and other essentials; luring people into online transactions and then robbing them after obtaining their account details/hacking accounts; and creating fake social media accounts representing influential figures, such as Indian Administrative Service (IAS) and IPS officers, to deceive the public by using the organisation’s familiar and trusted names.
As we look forward to the opportunities that digital connection will continue to bring, we must accelerate the fight against a variety of perils posed by the World Wide Web. An increase in cyber maturity among individual online users is critical to help them keep their valuable possessions secure from potential threats.
One thing is clear: As we continue to build a digitally-driven nation, it will be increasingly critical proactively to prevent, investigate and penalise cyber criminal groups. These threats will continue to proliferate as cyber criminals exploit vulnerabilities of both businesses and individuals for financial gain.
Growing online transactions generate bigger incentives for cyber criminals, with the mining of data such as customer information, product survey results and general market information. All these connections make for a very attractive intellectual property target. Awareness of the breadth and depth of cyber threat is critical. For example, consumers are somewhat familiar with phishing but may not be as versed with ‘phishing-as-a-service’, currently popular with more organised cyber criminals. This includes payment delivery and tax-themed phishing scams, downloads and spear phishing (sending emails ostensibly from a trusted sender to induce individuals to reveal confidential information). Phishing is relatively easy for threat actors to execute and produces desired results with little effort.
How routine and expansive those threats are not fully understood, but we know they are increasing. Complicating things is the difficulty of enforcing laws against threat actors, given that victims and perpetrators are in different geographies. Another reality: Regulations and the judicial system overall are not robust enough to ensure these crimes are controlled, though progress is being made in the form of a data protection bill currently being evaluated, with increased tracing of cyber criminal activity in large geographic areas like India.
Managing risk – and expanding protection
The personal lines cyber insurance market is still in its initial stages, particularly in Asia. Low awareness of cyber threats due to the relative digital maturity of the Asia market is a clear and present challenge. Focusing on creating greater awareness of cyber threats – as well as helping individuals understand how to educate and protect themselves from the impact of cyber crime – is an imperative for the insurance industry. Coverages such as theft of fund, online shopping, and data restoration are already in market. Insurers must continue to develop and increase awareness of helpful solutions to mitigate the effect of cyber crime and offer valuable, relevant protection.
While judicial systems and regulations play a role, they are not yet strong enough to ensure closer management of these crimes. Helping individuals become their own advocates for cyber security is central to mitigating cyber crime. Munch Re and other insurers have made a commitment to educating consumers around the globe about cyber threats facing individuals and helping to increase resiliency to these attacks by providing coverage for a wide array of cyber risks. The digital world is still, in many ways, the new frontier. Ongoing education and commitment from those who can help individuals proactively identify cyber risks, and recover from cyber attacks, is our best hope for a safer, more productive digital world. A
Mr Kumar Shivam is cyber underwriter and Mr Sudeep Pandey is underwriter at Munich Re, India.