Bengaluru: Banks and other intermediaries should be held liable for financial losses arising out of cybercrimes, according to a cyber law and data protection expert. 

"There's something called intermediary liability. Banks that allow the opening of mule accounts through fake KYC documents should be made the main accused (in a cybercrime case). Culprits should be accused number 2," said N A Vijay Shankar, Founder Chairman of the Digital Society Foundation. 

He was speaking at a panel discussion on 'Tracking cybercrime in India's Silicon Valley' at the DH Bengaluru 2040 Summit on Friday. The panel highlighted the growing complexities of cybercrimes and the challenges in law enforcement. 

M A Saleem, Director General of Police of the Criminal Investigation Department (CID), emphasised that cybercrimes often transcend geographical boundaries, making international cooperation difficult. He pointed out that Mutual Legal Assistance Treaties (MLATs) are slow, and many cases go unreported, further complicating investigations. 

"Cybercriminals don’t rely on traditional methods; they use VPNs, fake bank accounts and layered banking transactions," Saleem noted. He also highlighted the lack of cooperation from cryptocurrency companies, stating that only eight out of 31 exchanges responded to law enforcement requests. 

Shankar argued that existing laws are effective in tackling even new-age cybercrimes and lamented that they are not always implemented effectively. According to him, cybercrime investigations have actually become difficult in 20 years. 

"The Information Technology Act is not weak — it can even cover AI-driven cybercrimes. The problem is in applying the relevant sections," he explained. Stating that criminals are applying AI and quantum computing, he called for stricter regulation under existing data protection laws. Despite the challenges, Saleem expressed confidence in India’s cybercrime investigation capabilities and noted that the Digital India Act — a law proposed to replace the IT Act — would cover a whole gamut of things. 

He said that 16 digital forensic tools had been developed to recover deleted data while scores of research papers had been produced to aid investigations. 

"The CID has a 70% detection rate in cybercrimes. We have a fairly good capacity to investigate cybercrimes even if their patterns change,” Saleem stated. However, judicial officers should be trained in appreciating new-age evidence, he added. 

Kapil Gupta, vice president at cybersecurity firm Fortinet, discussed the role of the dark web, describing it as an untraceable part of the internet where criminals operate anonymously. He stated that 80% of Fortune 100 companies that responded to surveys had reported data breaches. He also emphasised the need for mitigation strategies such as layered digital defences to combat evolving cyber threats and developing zero trust in the system.