India’s biggest nuclear power plant and apex space agency were hacked this past year. Malware was installed on computers at the Kudankulam Nuclear Power Plant (KKNPP) as well as the Indian Space Research Organisation (ISRO).

The breaches, only two of the millions reported last year, served to expose just how vulnerable personal and private data is. As is national security data. And as the Indian government has made a concerted digital push, the sheer wealth of data at risk has grown exponentially.

Initiatives like Aadhaar (the Indian equivalent of a social security card) or real time payments system the United Payments Interface have brought into focus the need for robust cybersecurity. And seeking to serve this need is India’s nascent but growing cybersecurity market.

This market for cybersecurity is estimated to grow from about $2 billion this year to about $3 billion in 2022, with a 15% compounded annual growth rate. This is about 1.5X the global rate. Public sector, or government spending, on cyber protection is expected to grow at 13.8% in the same time. In fact, the Ministry of Electronics & Information Technology (MeitY), has asked all ministries to allocate 10% of their IT budgets to cybersecurity and appoint chief information security officers as well.

Indian businesses, however, will most likely not be the beneficiaries of this public sector largesse. Instead, much of this spending will go into the pockets of global cybersecurity firms.

Cyber crime hub

India is ranked third after the US and China in terms of cyber crime incidents. Cyber attack incidents reported by the Indian Computer Emergency Response Team (CERT-In) jumped from about 53,000 in 2017 to over 2 million 2018.

 There are more than 175 cybersecurity product companies in India, according to a Data Security Council of India (DSCI) report in 2018. The instances of them winning a public sector cybersecurity contract, though, have been few and far between. These companies say that the current system is designed to exclude them in favour of multinational corporations such as IBM, and Indian system integrators like Wipro and Infosys who actually implement and maintain the technology. 

“As a result, many Indian cybersecurity companies lose out on lucrative contracts that they are technologically capable of fulfilling. This needs to change,” says Quick Heal managing director and chief technology officer Sanjay Katkar. Quick Heal, with $44 million in annual revenue for the year ended March 2019, is the largest Indian company in the space.

 Now, MeitY has begun taking baby steps towards levelling the playing field and giving Indian cybersecurity firms a fair shot. This has happened through “public procurement orders”, the latest of which was released in the first week of December. 


Pratap Vikram Singh

Pratap is based out of Delhi and covers policy and myriad intersections with the other sectors, most notably technology. He has worked with Governance Now for seven years, reporting on technology, telecom policy, and the social sector.

View Full Profile

Sign up to our India edition to read this story instantly

To sign up, you’ll create an account that will give you access to a new free story published once a week and archive of 214+ previously published free stories from our India edition. You’ll also receive one email every morning from us introducing the day’s story.

If you’ve already signed up, just enter your email below or login using Facebook or Google.