Recently a Pune-based co-operative bank, Cosmos Bank, set up in 1904, came under a cyberattack. Within minutes, the credit card data of its customers was hacked into, and transactions carried out using them, in foreign countries, totalling —₹94 crore. Who bears this loss? The PM has assured, in his Republic Day Address, that honest taxpayers will be protected. Will they? Can they?

There are other examples. A 27-year-old Delhi guy discovered not only that his PAN card details were hacked and misused to make an international payment, but that he was purportedly a director in 13 companies!

Experts suspect the role of a North Korean group in the Cosmos cyberattack. More threatening is the cyber expertise of the Russians, revealed in an article in Wired ‘The Untold Story of NotPetya, the most devastating cyberattack in history’.

Malware threats

One has heard about the malware called WannaCry, which froze computers and ‘unfroze’ them after a ransom payment in bitcoins. NotPetya, released later, is more dangerous. It resulted, ultimately, in $10 billion of damages. What was worse is that the virus spread randomly. Originally it was targeted at a Ukrainian bank, whose system was hacked in two minutes. From there it spread, randomly, to companies such as Maersk, the world’s largest shipping conglomerate, freezing its entire computer system. One of several consequences was that close to a fifth of the world’s shipping capacity, was dead in the water.

It randomly spread to other companies, including Merck, FedEx, Saint Gobain, Mondelez, and even back to Russian oil giant Rosneft.

So why should investors bother about this?

As James Rikards, an American lawyer and speaker, points out on zerohedge, the world’s systems are very vulnerable to cyberattacks and, being interconnected, can wreak enormous havoc. We have recently witnessed the devastation in Kerala caused by the excess water released from dams to prevent them bursting. Imagine if the water could be released by hacking into the computer systems of the dams, at the whims of a cyber terrorist.

Or if power grids were shut off, remotely, causing immense problems; traffic signals would stop; food stored under refrigeration would rot, hospitals would not be able to conduct operations and so on.

Who can, or will, protect individual investors?

We have been unable to protect investors from non-digital crime and cyber terrorism is far far worse.

We would need not only the skill sets to build robust systems and to thwart attacks but, perhaps more importantly, an attitudinal change. Currently the attitude of investigative agencies as well as the judiciary is benign towards crooks (their ability and willingness to grease palms is higher) and hostile towards victims. At the same time government is compelling everyone to become more digitally integrated. Making the linking of things like bank accounts with a (supposedly secure) Aadhaar card compulsory.

Ok, so we do that. But doing so implies that the government assumes responsibility to first prevent a misuse or, should a misuse occur, to recompense the victims?

Will it?

The global risk is the increase rhetoric of trade wars, and the likelihood of a further hike in interest rates, which would further strengthen the dollar and make India’s CAD worse. Flight of FIIs can accelerate, and, should this coincide with investor apathy, then things will get smelly. Its better to take action to protect investors now, before the apathy sets in.

(The writer is India Head — Finance Asia/Haymarket. The views are personal.)