Not surprisingly, the $60-billion-plus IT services industry in India, known for being a pioneer in establishing quality standards that has impressed its global clients, is not taking chances.
While most of these companies have their own security best practices, efforts are underway to standardise them, spearheaded by the Data Security Council of India, a Nasscom organisation that looks after data protection in India.
In a pioneering move, DSCI is planning to launch a certification process for the Indian IT services providers.
Cyber attacks in the recent past -- whether targeting consumer electronics giant Sony, or the systems of International Monetary Fund -- are even more insidious because they don't reveal any common pattern or motive.
The only thing that is certain is that companies that fall prey to such attacks are subject to a high degree of reputational risk, not to mention the financial losses incurred due to data leakage.
"It starts with the basic premise of making quick money to more complex things like competitive warfare and espionage. In my opinion there is no simple trend or pattern," says Sudhir Kumar Reddy, CIO of MindTree.
"The perpetrators of these attacks could be disgruntled employees on the inside to professional hackers on the outside," he adds.
The reason why experts feel that Indian IT services industry is a ripe target for possible attackers is that they are sitting on tonnes of data generated both domestically and by their global clients.
Any kind of assault to their systems could have a disastrous impact on the export-driven industry and tarnish its image considerably.
This is especially so since competing emerging markets are trying to position themselves as safer and viable destinations for IT outsourcing.
"Of course, it could affect the reputation of the industry. In terms of data, the attackers could pull out financial data, competition data and HR data which will have a serious impact on their business," said Siddharth Vishwanath, associate director (consulting) PwC.
According to security experts, the risk is more in a case where the IT/BPO company is handling a client's data.
For example, the global banking clients of most of the IT/ITeS services providers in India share their corporate banking information, including the names and details of their customers, with their service providers.
Take the example of a large bank which outsources its works to most Indian IT services providers.
"We need to protect not only the corporate banking information of the client, but the privacy of millions of their customers as well," said an industry source on condition of anonymity.
Some Indian IT companies,
How to avoid Internet banking frauds
India's anti-piracy laws are medieval: Experts
'Nandan Nilekani is subverting the Constitution'
Nuclear fault lines run deep
India's new age serial entrepreneurs