By Madan Oberoi
Statistics on the registration and prosecution or conviction of cybercrime play a role in illuminating: The reporting of cybercrime, and the investigation of cybercrime in India.
The following evidence suggests that there was gross under-reporting of cybercrimes by victims and problems in investigation and prosecution of cybercrimes. The situation depicted by these statistics implies that cybercriminals can work with a confidence level ranging from 96% to 99% that they will never be punished for their crimes.
As per reports published by CERT-IN and NCRB (National Crime Records Bureau), the rate of prosecution and conviction of cybercrimes in India in 2015 was as low as 4.88 % and 1.78% (respectively) of the total number of cybersecurity incidents reported.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and IT, is the nodal agency responsible for handling cybersecurity incidents. CERT handles incidents related to spam, website defacements, website intrusion, phishing, malware propagation, malicious code and network scanning and probing. Interestingly the number of cybersecurity incidents handled by CERT in 2015 has reduced by 14.7%.
On the other hand, the number of cybercrime cases registered in India has increased considerably in 2015, by 20%. However prosecution of cybercrime in India still remains very low with only 5,425 cases being sent for prosecution in 2015. The percentage of cybercrimes ending in conviction in 2015 was as low as 1.78% of the reported or detected cybersecurity incidents.
While there has been an increase in the number of cybercrime cases registered in 2015, the number (11,592) still indicates under-reporting of cybercrime cases to LEAs in India. Companies choose not to report cases as they fear loss of reputation; further companies and affected individuals do not have the confidence in the capabilities of LEAs. The percentage of cases being taken up for prosecution (46% of the total number of registered cases) suggests that capabilities to investigate the multi-jurisdictional cybercrime needs to be strengthened.
This clearly points to the need to combat these low prosecution and conviction rates of cybercrime through:
- Moving from a reactive approach to intelligence led proactive approach to combat cybercrime by law enforcement agencies in collaboration with stakeholders like private sector and academia.
- Capacity strengthening of law enforcement agencies to combat cybercrime through bridging the gaps in skillsets and infrastructure.
- Developing a platform for global coordination of intelligence and operations.
- Providing strategic and research support to law enforcement agencies to combat cybercrime.
The author is an Indian Police Service (IPS) officer presently deployed with INTERPOL as Director of its Global Cybercrime Programme. This post reflects the author’s personal views and not of INTERPOL or the Government of India.