India’s biggest nuclear power plant and apex space agency were hacked this past year. Malware was installed on computers at the Kudankulam Nuclear Power Plant (KKNPP) as well as the Indian Space Research Organisation (ISRO).
The breaches, only two of the millions reported last year, served to expose just how vulnerable personal and private data is. As is national security data. And as the Indian government has made a concerted digital push, the sheer wealth of data at risk has grown exponentially.
Initiatives like Aadhaar (the Indian equivalent of a social security card) or real time payments system the United Payments Interface have brought into focus the need for robust cybersecurity. And seeking to serve this need is India’s nascent but growing cybersecurity market.
This market for cybersecurity is estimated to grow from about $2 billion this year to about $3 billion in 2022, with a 15% compounded annual growth rate. This is about 1.5X the global rate. Public sector, or government spending, on cyber protection is expected to grow at 13.8% in the same time. In fact, the Ministry of Electronics & Information Technology (MeitY), has asked all ministries to allocate 10% of their IT budgets to cybersecurity and appoint chief information security officers as well.
Indian businesses, however, will most likely not be the beneficiaries of this public sector largesse. Instead, much of this spending will go into the pockets of global cybersecurity firms.
There are more than 175 cybersecurity product companies in India, according to a Data Security Council of India (DSCI) report in 2018. The instances of them winning a public sector cybersecurity contract, though, have been few and far between. These companies say that the current system is designed to exclude them in favour of multinational corporations such as IBM, and Indian system integrators like Wipro and Infosys who actually implement and maintain the technology.
“As a result, many Indian cybersecurity companies lose out on lucrative contracts that they are technologically capable of fulfilling. This needs to change,” says Quick Heal managing director and chief technology officer Sanjay Katkar. Quick Heal, with $44 million in annual revenue for the year ended March 2019, is the largest Indian company in the space.
Now, MeitY has begun taking baby steps towards levelling the playing field and giving Indian cybersecurity firms a fair shot. This has happened through “public procurement orders”, the latest of which was released in the first week of December.