NEW EPOCH OF SECURITY: CYBERSECURITY AT THE GLOBAL  LEVEL

ABSTRACT 

This article compares and analyzes the evolving nexus of cybersecurity in today’s digital age, focusing on  the legal frameworks that govern these domains at a global level. It highlights the need for robust policies  that address the increasing frequency and sophistication of cyber threats. The analysis includes case studies  and recent legislation that emphasize both theory and its practical application. In the end, it seeks to enhance  understanding of the crucial role law plays in safeguarding against cyber risks while fostering innovation. 

INTRODUCTION 

“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” – Stephane Nappo, 

Imagine storing all your sensitive information securely on your laptop, only to receive a notification that  encrypts all your files and demands crores of money to decrypt your sensitive information, warning that the  information will be misused otherwise. Petrifying right? 

Cybersecurity is the process of securing computers, servers, networks, and data from cyber-attacks that  may lead to unauthorized access, harm, or theft. With our growing dependence on digital technology, so  grows the need for cybersecurity to maintain stability. 

As people and organizations started to make their information digital, they became exposed to cyber threats,  including malware and phishing scams, and more. These imply a serious threat to national security and  business integrity. Cybersecurity is crucial for defending private and public sector data and for supporting  the robustness of systems and institutions in the modern era.  

In this article, we will discuss how cybercrimes, though digital, can pose a threat to security and compare how different countries mitigate cybercrimes by using laws and entities. 

RESEARCH METHODOLOGY 

The research method for this study utilizes the comparative method, enabling a proper analysis of  cybersecurity legislation in different jurisdictions globally. The data was obtained through a detailed review  of legislation in top countries like the USA, Europe, India, Japan, Russia, and so on . 

Analysis of important case laws is done and scholarly articles legal experts’ reports and statistics were also  added, providing insights into the developing character of cybersecurity and related legal issues.

GLOBAL STATISTICS ON CYBERCRIMES 

According to the World Cybercrime Index,  

• Cybercrimes are reported in Russia frequently and least in Belarus. 
• The most common cyber threat facing businesses and individuals is phishing. • Data breaches cost businesses an average of $4.88 million in 2024. 
• Poland has the strongest cybersecurity (90.83%) UK ranks 5th (75%) 
• While it identifies Russia, Ukraine, and China as the top 3 cybercrime hotspots 

CYBER SECURITY – EVOLUTION 

• 1990s: Rise of viruses necessitated the introduction of anti-virus software and firewalls. 
• Early 2000s: Emergence of worms highlighted the need for better security. Examples: Morris worm and WannaCry ransomware. Introduction of Intrusion Detection and Prevention Systems (IDPS) as  a response. 
• Current focus on Advanced Persistent Threats (APTs) and insider threats. Use of modern methods, like network flow analysis to detect unusual traffic patterns. 

CYBERSECURITY RESILIENCE: A MULTI-DIMENSIONAL APPROACH 

Cybersecurity resilience has emerged as a critical imperative for nations, organizations, and individuals  alike. Unlike traditional cybersecurity approaches that primarily focus on prevention, a multi-dimensional  approach to resilience emphasizes the capacity to withstand, recover from, and adapt to cyber threats. 

This involves not only technological solutions but also organizational culture, policies, and cross-border  collaboration. A key aspect of a multi-dimensional approach to cybersecurity resilience involves – 

1. Integrating legal frameworks. 
2. Regulatory measures that promote accountability. 
3. International frameworks. 
4. Education and awareness.  
5. Investment in training programs that equip knowledge and skills to users for responding to cyber  threats effectively. 

ROLE OF LEGISLATION AND ENTITIES – GLOBAL 

1. INDIA 
2. INFORMATION TECHNOLOGY ACT, 2000

• The IT Act, 2000, popularly known as Indian cyber law, imposes sanctions against cybercrimes and  digital offences.  
• Chapter XI states all the cybercrimes as offences and includes punishments for the same, mostly  with an imprisonment period of 3 – 10 years and a fine ranging from 1 lakh to 1 crore.  • Section 66F states the punishment for cyber terrorism, which results in life imprisonment. 

2. DIGITAL PERSONAL DATA PROTECTION ACT, 2023 

It imposes penalties and, under section 33, empowers the Data Protection Board of India to impose such penalties on the guilty for non-compliance and violating the provisions. 

3. ENTITIES 

DATA PROTECTION BOARD OF INDIA (DPBI) is a statutory body established under the DPDP  Act, 2023, to enforce the country’s data protection laws. It includes investigating data breaches,  adjudicating complaints, imposing, issuing directions for compliance, and managing dispute  resolution. 

4. MISCELLANEOUS 

• The National Cyber Security policy of 2023, Information Technology (Guidelines for  Intermediaries and Digital Media Ethics Code) Rules, 2021, and National Cyber Security  Policy, 2013. 

RUSSIA  

1. CRIMINAL CODE OF THE RUSSIAN FEDERATION, 1996 

• Chapter 28 of this code mentions the crimes in the sphere of computer information. Article  272 (Illegal Accessing of Computer Information), article 273 (Creation, Use, and  Dissemination of Harmful Computer Viruses), and article 274 (Violation of Rules for the  Operation of Computers, Computer Systems, or Their Networks).  
• The punishment for these crimes includes a fine up to f 100 to 200 thousand roubles and  imprisonment of 18 months to 7 years. 

2. FEDERAL LAW NO. 149-FZ OF 27 JULY 2006 

Specifies information, information technologies, and protection of information that reinforce  cybersecurity. Consisting of 18 articles, this law regulates the usage of information and protects it. 

3. FEDERAL LAW NO. 187-FZ OF 26 JULY 2017

This law establishes the framework for the safety of the Russian Federation’s critical information  infrastructure (CII).  

4. ORGANIZATIONS AND ENTITIES 

• The key organizations include the Federal Security Service (FSB),  
• The Foreign Intelligence Service (SVR), and  
• The Federal Service for Technical and Export Control (FSTEC). 

III. EUROPE 

1. THE CYBERSECURITY ACT, 2019 

The landmark law in the European legislature that grants a permanent mandate to the agency and  gives it more resources and new tasks. 

2. THE EUROPEAN CYBERSECURITY CERTIFICATION FRAMEWORK  Established by the Cybersecurity Act, 2019, it is a system established by the European Union that  provides requirements and criteria for certifying the cybersecurity of information and  communication technology products, services, and processes. 
3. ENTITIES 

• NATIONAL CYBER SECURITY CENTRE (NCSC) managed 430 cyber incidents, with 89 of these  being classed as nationally significant.  
• EUROPEAN UNION AGENCY FOR CYBERSECURITY (ENISA) provides essential  cybersecurity advice and resources, promoting digital safety for European citizens. • ECSO (EUROPEAN CYBER SECURITY ORGANISATION): 

A non-profit organization that unites public and private sectors to develop and strengthen Europe’s  cybersecurity resilience and strategic autonomy. 

• EUROPOL’S CYBERCRIME CENTRE: 

Part of Europol, it coordinates law enforcement efforts against cybercrime. 

4. MISCELLANEOUS 

• Cyber Resilience Act, 2024, but the main obligations will apply from December 2027. • The Cyber Solidarity Act, 2025, entered into force on 4 February 2025. 

UNITED STATES of AMERICA 

1. CISA (Cybersecurity Information Sharing Act), 2015 

• A chief legislation in the USA’s cyberlaws, which governs cybercrimes and regulates them.
• Sections 104, 105 explicitly mention the authorities and regulate and provide the regulations  for the authorities to defend from cyberattacks. 

2. CFAA (Computer Fraud and Abuse Act), 1986 

Imposes punishments for digital crimes, including imprisonment from 1 year to 10 years. 

3. FISMA (Federal Information Security Management Act) mandates a risk-based approach to  security, including risk assessments, security plans, and annual reviews to ensure the confidentiality,  integrity, and availability of federal information. 
4. ENTITIES 

• CISA – The Cybersecurity and Infrastructure Security Agency acts as the national coordinator for  critical infrastructure protection and works with federal agencies, state, local governments, and  private sector partners. 
• FBI – Federal Bureau of Investigation, which investigates cybercrimes 
• FTC – Federal Trade Commission, protects consumers from deceptive practices and data breaches. 

JAPAN 

1. THE BASIC ACT ON CYBERSECURITY (2014) 

Consisting of 2 chapters and 38 articles, it outlines all cybersecurity strategies, authorities, and penal  provisions for violations.  

2. JAPAN’S “ACT ON PROHIBITION OF UNAUTHORIZED COMPUTER ACCESS” (UCAL), 1999 

It criminalizes unauthorized access to computer systems, including using an authorized user’s ID or  password without permission or inputting commands to bypass access controls.  

3. THE ACT ON THE PROTECTION OF PERSONAL INFORMATION, 2003 comprising 6  chapters and 185 articles, imposes penalties and fines of up to 500,000 yen.  
4. JAPAN’S PENAL CODE provisions in articles 223(1) and 175 explicitly penalize cybercrime  offenders with imprisonment of 2-3 years and fines ranging from 300,000 to 2,500,000 yen.  
5. ENTITIES 

• THE NATIONAL CENTRE OF INCIDENT READINESS AND STRATEGY FOR  CYBERSECURITY (NISC),
• THE CYBERSECURITY STRATEGY HEADQUARTERS (CSHQ) 
• MINISTRY OF INTERNAL AFFAIRS AND COMMUNICATIONS (MIC) 
• THE PERSONAL INFORMATION PROTECTION COMMISSION (PPC) oversees data  protection laws.  

CHINA  

1. CYBER LAW OF CHINA, 2017 

• This was adopted by the National People’s Congress (NPC) in November 2016 after a year of  legislative proceedings, and will come into effect on 1 June 2017. 
• It consists of 7 chapters and 79 articles.  
• The law provides safeguards for national cyberspace sovereignty, protection of critical information  infrastructure and data, and protection of individual privacy. 

2. PERSONAL INFORMATION PROTECTION LAW (PIPL), 2021 

• Articles 66 to 71 state all the legal liabilities of the offenders and punish them in accordance with the law.  
• Articles 38 to 43 provide Rules for Cross-border Provision of Personal Information. 

3. ENTITIES  

• THE CYBERSPACE ADMINISTRATION OF CHINA (CAC), which acts as the chief internet  regulator and oversees cybersecurity and data protection laws. 
• THE MINISTRY OF PUBLIC SECURITY (MPS) 
• THE MINISTRY OF INDUSTRY AND INFORMATION TECHNOLOGY (MIIT) 

LANDMARK CASELAWS 

1. UNITED STATES V. MORRIS, 1991 928 F.2d 504, 1991 U.S. App. 3682. FACTS. 

• The Defendant was a computer science graduate student at Cornell University.  • The Defendant released a “worm” on the internet designed to spread across a wide network of  computers across the country.  
• The worm spread like wildfire, which caused significant damage to computers around the country.  • Defendant was thereafter convicted, and he appeals on the ground that the government failed to  prove he intended every element of the offense.

ISSUES 

Must the government not only prove that the Defendant intended to access a federal interest computer but  also that he intended to prevent authorized use of the computer’s information and thereby cause loss? 

JUDGEMENT 

Morris was convicted. The Computer Fraud and Abuse Act of 1986 applies to anyone who intentionally  accesses a federal interest computer without authorization and alters, damages, or destroys information, or  prevents authorized use of any such computer or information, and thereby causes loss. 

Therefore, the Defendant remains convicted since it was proved beyond a reasonable doubt that the  Defendant intentionally accessed federal computers. 

2. ICICI BANK V UMASHANKAR, 2022 

FACTS 

• This appeal is under Section 57 and 43 (g) of the Information Technology Act, 2000. • The original petition was filed under Sections 43 read with 46 of the IT Act, 2000, by respondent, who alleged wrongful withdrawal of Rs. 6,46,000/- from his bank account held with the appellant,  ICICI Bank. 
• The Adjudicating Officer directed the appellant to pay compensation of Rs. 12,85,000/- based on findings against the appellant
• Respondent had approached the Banking Ombudsman and filed complaints with police authorities,  including the Cyber Crime Police, registering an FIR under Section 66 of the IT Act, 2000.  • The dispute centres on alleged negligence of the Bank in maintaining adequate security measures,  leading to the fraud. 

ISSUES 

• Whether the appellant Bank was liable under Section 43 of the IT Act, 2002, for assisting the  fraudster in facilitating unauthorized access to the computer system? 
• Whether mere negligence by the Bank suffices to establish liability? 
• Whether the appellant Bank failed to maintain reasonable security practices and procedures as  required under the IT Act, 2000? 

ARGUMENTS 

BANK- 

• The Bank denied negligence or connivance and contended that the customer was negligent in  disclosing confidential information, falling victim to phishing fraud.
• The Bank asserted it had proper security policies, including multiple authentication methods beyond passwords such as mobile alerts and SMS confirmations.

RESPONDENT – 

• The respondent alleged negligence by the Bank in failing to maintain proper security procedures on  its official website, allowing fraudulent access. 
• Bank failed to file a criminal complaint promptly and allowed erasure of CCTV footage under the  pretext of an in-house investigation, raising suspicion. 

JUDGEMENT 

• The court dismissed the appeal. 
• The Court examined Section 43, particularly clause (g), which penalizes assisting any person to  facilitate unauthorized access to a computer system in contravention of the Act. 
• liability was considered under Section 43(g) alone. 
• The Court found that the Bank’s security system was inadequate, particularly its email system, which allowed fraudulent emails from a sub-domain of the Bank’s domain, misleading the  respondent. 
• Section 43(g) of the IT Act, 2000, penalizes assisting anyone to access a computer, computer  system, or network in violation of the Act’s provisions. This act is considered phishing.  

RECENT DEVELOPMENTS 

1. INTERNATIONAL CONFERENCES – Black Hat USA 2025, Gartner Security & Risk  Management Summit, Blue Team Con, and CMMC CON 2025, where global personalities come  together and discuss key issues like cybercrimes, cloud security, cyber risk management, and so on. 
2. INDIA – amendments have been made to the Telecommunications (Telecom Cyber Security)  Amendment Rules, 2025, which strengthen mobile Number Validation and IMEI compliance in India. 3. EUROPE – amendments include the EU’s Cyber Resilience Act mandating security standards for  digital products. 
3. CHINA – On March 28, 2025, the Cyberspace Administration of China issued new draft amendments  to the Cybersecurity Law for public comment. the latest draft amendments to the CSL further  strengthen enforcement measures and penalties within China’s data compliance framework. 
4. JAPAN – In February 2025, Japanese Prime Minister Shigeru Ishiba visited Washington, D.C., and  held a summit meeting with President Trump. The two leaders issued a joint statement, declaring that  they “intend to expand bilateral security cooperation in cyberspace by leveraging new technologies  such as artificial intelligence and secure and resilient cloud services to deepen information-sharing.”
5. USA – On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to  Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order  14144”) that highlights key cybersecurity priorities for the current Administration. It focuses  cybersecurity-related sanctions authorities on “foreign” persons. 

CRITICAL ANALYSIS 

Cybersecurity law is prone to huge loopholes and ambiguities, particularly in the classification of  cybercrimes and holding culprits liable for offenses, which hinders enforcement. 

In real life, however, most jurisdictions have failed to effectively enforce legislation by observing frequent  high-profile breaches.  

Though many legislations are stricter than before, cybercrimes persist in every nation.

SUGGESTIONS  

A multifaceted approach is essential. Lawmakers should establish clear, comprehensive definitions of  cybercrimes. Implementing uniform standards for cybersecurity practices across sectors would ensure a  baseline level of protection.  

Courts should develop precedents that address emerging technologies and cyber threats, promoting  adaptability in legal frameworks. 

Society can play an active role by raising awareness about cybersecurity rights and advocating for stronger  protections. Educational programs about cybersecurity could empower individuals and organizations to  better protect themselves. 

Fostering international cooperation is vital, as cyber threats are often transnational. Treaties can help  harmonize laws and enforce protections across jurisdictions, making it harder for cybercriminals to exploit  legal gaps. 

CONCLUSION 

In conclusion, the comparative analysis of global cybersecurity frameworks demonstrates significant  variations in effectiveness and enforcement, robust protection against cyber threats.  

As we navigate the complexities of the digital landscape, lawmakers, judiciary, and civil society must unite to create adaptive and effective legal structures.  

Will we rise to the challenge and ensure a secure cyberspace for future generations, or will we continue to  be vulnerable to evolving threats?

BIBLIOGRAPHY 

1. United States V. Morris, 1991, 928 F.2d 504, 1991 U.S. App. 3682. 
2. Icici Bank V Umashankar, 2022 Lawsuit(Mad) 4854. 
3. Information Technology Act, 2000 
4. Digital Personal Data Protection Act, 2023 
5. Criminal Code Of The Russian Federation, 1996 
6. Federal Law No. 149-Fz Of 27 July 2006 
7. Federal Law No. 187-Fz Of 26 July 2017 
8. The Cybersecurity Act, 2019 
9. Cisa (Cybersecurity Information Sharing Act), 2015 
10. Cfaa (Computer Fraud And Abuse Act), 1986  
11. The Basic Act On Cybersecurity (2014), 
12. Japan’s “Act On Prohibition Of Unauthorized Computer Access” , 1999  
13. The Act On The Protection Of Personal Information, 2003  
14. Cyber Law Of China, 2017  
15. Japan’s Penal Code, 1907 
16. Personal Information Protection Law (PIPL), 2021 
17. Cybersecurity & infrastructure security agency, Federal Information Security Modernization Act https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act
18.  Department for Science, Innovation and Technology, National Cyber Security Centre, The Rt Hon Wes Streeting  MP and The Rt Hon Peter Kyle MP, Apr 1, 2025. 
19. Kriti, Telecommunication Amendment Rules, 2025, SCC Online Times, Oct 25, 2025. https://www.scconline.com/blog/post/2025/10/25/telecommunications-telecom-cyber-security-amendment-rules-2025- legal-news/ 
20. Collins Fan and Qian Zhou, China’s Cybersecurity Law Amendments: Key Changes in the Second Draft, Apr 1, 2025. https://www.china-briefing.com/news/china-cybersecurity-law-amendments-2025/