A tale of two orders: untapped solutions to cyber vulnerabilities
In an era where data breaches and ransomware attacks increasingly threaten national security, the recent orders issued by the Punjab and Haryana High Court expose a troubling lapse in India’s cyber security preparedness. The court in May this year issued a far-sighted directive, prescribing measures to combat cybercrime—chief among them, stronger control over SIM card proliferation. This was a primary tool for cybercriminals to anonymise their fraud. One person, one pre-paid SIM regime was suggested by the court. The government’s response, however, has been insufficient: a half-measure, limiting each person to a maximum of nine SIM cards. This piecemeal approach ignored the comprehensive vision the court had laid out for a robust, layered cyber defence.
The original order in “CRM-M-22266 of 2024” had anticipated a digital future where cyber security required more than just restricting SIM cards. It called for systemic, structural changes, such as enhanced identity verification systems, stronger inter-sector cooperation, and broad public education initiatives. But the government’s inability to implement these recommendations in full has left the people vulnerable. The recent court ruling reiterating the same concerns highlights a grim reality: the country’s susceptibility to cybercrime remains just as perilous, if not more so, than before.
In its latest order issued in “CRM-M-34105 of 2024” after about six months, the high court again pointed to India’s escalating vulnerability to cyber attacks, underscoring the growing cost of neglecting earlier judicial insights.
Cyber incidents are no longer abstract threats—ransomware attacks alone have surged by over 50 per cent in recent years, according to reports from cyber security firms. These threats are a harsh reality now, not a distant possibility. Had the government embraced the full scope of the court’s recommendations, focused on identity verification, inter-agency coordination, and public awareness—the current cyber-defence posture would likely be stronger, more resilient.
The statistics speak volumes. Ransomware attacks have increased by over 300 per cent globally in the last five years, with India being a primary target. In fact, the National Crime Records Bureau (NCRB) recorded more than 50,000 cases of cybercrime in 2022 alone, with losses running into millions of dollars. Despite these numbers, the government’s actions remain fragmented, addressing symptoms rather than the root cause.
India’s cyber security strategy cannot afford to remain reactive. It must become proactive. The time has come to heed the high court’s call for comprehensive reform. Cyber security must be treated as a national priority—one that transcends policy gimmicks and instead focuses on long-term, sustainable solutions that protect both our infrastructure and the trust of citizens in the systems they depend on daily.
It is imperative that judicial foresight is not just acknowledged but implemented. India cannot afford to wait until its digital infrastructure is irrevocably compromised. The future of the national security and economic stability depends on the swift and robust application of the high court’s recommendations. Anything less could have far-reaching consequences.