At the same time, CERT-In advisories show, the digital payments infrastructure is increasingly coming under attack. Globally, too, the past few weeks have been painful from a cyber security point of view.
The government is mulling over a cyber-security cess to build a moat around Digital India, which includes the sprawling digital economy architecture that has come up post demonetisation. Beefing up cyber-security is a crying need in India. As per RBI data, digital transactions—that leave behind a deep data footprint—grew by over 13% in October over September. At the same time, CERT-In advisories show, the digital payments infrastructure is increasingly coming under attack. Globally, too, the past few weeks have been painful from a cyber security point of view. After the deadly ransomware attacks that temporarily shut down many institutions and firms, the Equifax breach exposed personal information of over 145 million US customers and Yahoo recently acknowledged that 3 billion e-mail accounts had been breached in the 2013 attack on it. That India needs to invest more in cyber-security can’t be stressed hard enough.
But the question is whether a cess is the right way to go about funding it. India has a poor history with spending the collections from imposition of various cesses, even though these are supposed to be collected under very specific expenditure heads. Take the Universal Service Obligation Fund (USOF) cess imposed on telecom service providers, for example. The USOF kitty is meant to be spent on facilitating greater connectivity in rural areas. But, at present, only Rs 37,500 crore of the over Rs 87,500 crore collected under this head since FY03 has been spent, leaving the USOF with a whopping Rs 50,000 crore sitting idle. The secondary and higher education cess collected Rs 64,228 crore during 2006-2015. But neither has a fund been designated to deposit the proceeds, nor have schemes been identified for spending. There are many other examples of cess collections lying unspent even as it is nearly impossible to roll back a cess once it is imposed. Every stakeholder, be it banks, individuals or merchants, must pay to fund stepping up cyber-security. But the government must find ways other than a cess to collect this—perhaps through tax.