Cybersecurity Governance and Corporate Legal Responsibility in India

The rapid digital transformation of businesses in India has amplified concerns regarding cybersecurity and corporate accountability. As corporations increasingly depend on digital infrastructure, cloud technologies, and data-driven operations, the risks of cyberattacks, data breaches, and unauthorized access have grown exponentially. Cybersecurity compliance has thus emerged as a crucial component of corporate governance and risk management. In India, the legal framework governing cybersecurity is primarily anchored in the Information Technology Act, 2000 and its subsequent amendments, along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These laws impose obligations on corporate entities to ensure data protection, adopt secure systems, and report incidents of data compromise. However, the evolving cyber threat landscape and the rise of sophisticated attacks, such as ransomware and phishing, have revealed significant gaps in compliance enforcement and corporate preparedness. The recently enacted Digital Personal Data Protection Act, 2023 further strengthens corporate duties by emphasizing consent-based data processing, data fiduciary responsibilities, and financial penalties for non-compliance. Corporate liability now extends beyond reputational harm to include administrative and criminal consequences under Indian law. This paper examines the interplay between cybersecurity compliance and corporate liability, analysing how organizations can integrate legal, technical, and ethical safeguards to achieve digital resilience. It argues that proactive compliance through risk assessment, employee training, and data governance frameworks is essential for mitigating liability and fostering consumer trust. Strengthening regulatory enforcement, promoting transparency, and encouraging cyber literacy among corporate actors are key to ensuring India’s secure digital future.

Cybersecurity Compliance, Corporate Liability, Data Protection

1. Books: [Google Scholar] [Crossref]

2. • Basu, S. (2021). Cyber Law in India: Governance, Regulations and Compliance. Eastern Book Company. [Google Scholar] [Crossref]

3. • Sharma, R., & Kapoor, A. (2022). Corporate cyber governance and liability under Indian law. Journal of Cybersecurity and Digital Governance, 7(2), 45–60. [Google Scholar] [Crossref]

4. • Rao, P. (2021). Data privacy and cyber liability in Indian corporate sector. International Journal of Law & Technology, 15(1), 27–39. [Google Scholar] [Crossref]

5. Government Policies, Acts & Regulations [Google Scholar] [Crossref]

6. • Ministry of Electronics and Information Technology. (2013). National Cyber Security Policy 2013. Government of India. [Google Scholar] [Crossref]

7. • Ministry of Electronics and Information Technology. (2021). Guidelines for Incident Response and Business Continuity. Government of India. [Google Scholar] [Crossref]

8. • Ministry of Electronics and Information Technology. (2023). Digital Personal Data Protection Act, 2023. Government of India. [Google Scholar] [Crossref]

9. • Indian Computer Emergency Response Team. (2022). CERT-In Annual Report 2022. Government of India. [Google Scholar] [Crossref]

10. • Government of India. (2000). Information Technology Act, 2000 (Sections 43A, 72A). [Google Scholar] [Crossref]

11. • Securities and Exchange Board of India. (2018). Cyber Security and Cyber Resilience Framework. Government of India. [Google Scholar] [Crossref]

12. • Insurance Regulatory and Development Authority of India. (2023). Information and Cyber Security Guidelines. Government of India. [Google Scholar] [Crossref]

13. • Telecom Regulatory Authority of India. (2022). Cybersecurity Guidelines for Telecom Service Providers. [Google Scholar] [Crossref]

14. • Reserve Bank of India. (2016). Cyber Security Framework for Banks. RBI. [Google Scholar] [Crossref]

15. • Reserve Bank of India. (2021). Master Direction on IT Governance, Risk, Controls, and Assurance Practices. RBI. [Google Scholar] [Crossref]

16. International Standards & Frameworks [Google Scholar] [Crossref]

17. • International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information Security Management Systems. ISO. [Google Scholar] [Crossref]

18. • National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. U.S. Department of Commerce. [Google Scholar] [Crossref]

19. Industry & Research Reports [Google Scholar] [Crossref]

20. • IBM Security. (2023). Cost of a Data Breach Report 2023. IBM Corporation. [Google Scholar] [Crossref]

21. • KPMG. (2022). Cost of a Data Breach Report 2022. KPMG International. [Google Scholar] [Crossref]

22. • PwC India. (2023). Cyber Security in India: Threat Landscape Report 2023. PwC. [Google Scholar] [Crossref]

23. • Deloitte. (2021). Corporate Cybersecurity Risk and Governance in India. [Google Scholar] [Crossref]

24. • EY India. (2022). Cybersecurity Maturity in Indian Corporations. [Google Scholar] [Crossref]

25. • NASSCOM & DSCI. (2023). India Cybersecurity Industry Report. [Google Scholar] [Crossref]

26. Judicial Cases [Google Scholar] [Crossref]

27. • Shreya Singhal v. Union of India, (2015) 5 SCC 1. [Google Scholar] [Crossref]

28. • Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1. [Google Scholar] [Crossref]

29. • ICICI Bank Ltd. v. Shanti Devi Sharma & Ors., (2008). Delhi High Court. [Google Scholar] [Crossref]

30. • Vishal Jeet v. Union of India, (1990) AIR 1412. [Google Scholar] [Crossref]

• Conflict of Law in the Safeguarding of Malaysian Intangible Cultural Heritage: A Way Forward
• Alternative Dispute Resolution in India: A Brief Overview Justice Delayed is Justice Denied. - William E. Gladstone
• The Role of Museums in Safeguarding Cultural Heritage Rights: Balancing Access and Repatriation
• An Evaluation of the Universal Declaration of Human Rights' Significance and Application in Nigeria
• The Role of International Law in Shaping National Immigration Policies.