--- layout: default title: "Cyber Security Proves a Challenge for Booming E-Commerce in India" description: "An Economic Times report examining India’s rapidly expanding e-commerce sector and the surge in data breaches, security lapses and weak regulatory mechanisms, with commentary from Sunil Abraham and other experts." categories: [Media mentions] date: 2015-06-25 source: "The Economic Times" authors: ["Malavika Murali", "Payal Ganguly"] permalink: /media/cyber-security-challenge-booming-ecommerce-india/ created: 2025-12-10 --- **Cyber Security Proves a Challenge for Booming E-Commerce in India** is a report published in *The Economic Times* on 25 June 2015. The story highlights a growing set of cyber security concerns affecting India's e-commerce and startup ecosystem — particularly the increasing number of breaches, lax internal security practices, and the absence of structured breach-notification norms. The article includes commentary from Sunil Abraham, who explains why India’s regulatory system significantly undercounts breaches and leaves users exposed. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 4. [External Link](#external-link) ## Article Details
📰 Published in:
The Economic Times
✍️ Authors:
Malavika Murali & Payal Ganguly
📅 Date:
25 June 2015
📄 Type:
News Report
📰 Newspaper Link:
Read Online
## Full Text

Synopsis
Are users taking a risk by allowing applications to gain access to personal data shadowed by an upgrade? "Most definitely," said Bikash Barai.

BENGALURU / HYDERABAD: When Pavitra Badrinath saw that the upgrade to a shopping application on her smartphone asked access to her contacts and messages, she decided against it. "Laws on privacy are not clear in India. So I am doing what I can to protect my information," the 26-year-old technology firm employee said.

Are users taking a risk by allowing applications to gain access to personal data shadowed by an upgrade? "Most definitely," said Bikash Barai, cofounder and chief executive of security firm iViz Security.

With at least 10 alleged breaches and hacks into the databases of startups such as Ola and Gaana this year, the alarm bells are going off. Experts warn that emerging businesses are lax with security frameworks, which is especially worrying as millions more Indians are shopping online, including on their phones, exposing crucial personal and financial data to fraud.

More than 70% of Indian companies are underprepared when it comes to cyber security, according to a report by CISO Platform, a social platform for security experts where Barai is chief adviser.

India's largest cab-hailing firm Ola denied hackers’ claims in an email response to ET.

Music service Gaana.com, in response to being hacked by a person in Pakistan calling himself MakMan, said it had strengthened its security team and offerings in recent weeks. "In addition, we are working on a 'bug bounty' program, which will allow individuals to point out any potential vulnerability in a safe way," said Pawan Agarwal, business head at Gaana.com.

According to Google India, the number of online shoppers is expected to cross 100 million by the end of next year, from 35 million in 2014. But lack of robust regulations and data privacy law, as well as the fragmented nature of the startup ecosystem, does not allow much scope for research on cyber security, said experts.

"Under the Indian regime there are no self-regulatory mechanisms for putting out breach notifications," said Sunil Abraham, executive director of the Centre for Internet and Society. "The numbers available with a central body like Data Security Council of India will be a gross underestimation of the cases of breach."

"Most of the startups in India want to do everything in-house. This can lead to a potential compromise or lack of expertise on the security front, even if it is made priority," said Harshit Agarwal, founder and chief executive of Singapore-based Appknox, which provides security services to Paytm, Freecharge and Myntra among other clients.

Jabong founder and managing director Praveen Sinha said the online fashion retailer spends 15-20% of its revenue on cyber security.

But other startups contended that budgets and teams sizes are not accurate indicators of security preparedness.

"We do not work with any external security firms as we have realised that the average report is as good as our internal team can make," said Mukesh Singh, CEO of online grocer ZopNow.

Paytm vice president Amit Lakhotia said the payments startup that handles about 2 million transactions a day has an adequately sized team of scientists, analysts and engineers for cyber security. "Security isn't necessarily better with a large team, but instead with the right team," he said.

{% include back-to-top.html %} ## Context and Background This article reflects a moment when India's e-commerce sector was witnessing explosive growth but had not yet built the security culture, regulatory frameworks or professional practices needed to protect tens of millions of new online shoppers. The breach incidents referenced — from taxi platforms to music streaming services — illustrate the systemic weaknesses of young digital businesses attempting to scale without investing adequately in cybersecurity. The absence of mandated breach-notification norms, highlighted by Sunil Abraham, further meant that users and regulators lacked visibility into the true scale of cyber incidents. The piece also captures early debates around app permissions, data minimisation, and over-collection of personal information — issues that would later become central to Indian privacy policy, consumer-protection discourse and the push for a formal data protection regime. ## External Link - Read on The Economic Times