Get full access to one story every week, and to summaries of all other stories. Just create a free account

India’s biggest nuclear power plant and apex space agency were hacked this past year. Malware was installed on computers at the Kudankulam Nuclear Power Plant (KKNPP) as well as the Indian Space Research Organisation (ISRO).

The breaches, only two of the millions reported last year, served to expose just how vulnerable personal and private data is. As is national security data. And as the Indian government has made a concerted digital push, the sheer wealth of data at risk has grown exponentially.

Initiatives like Aadhaar (the Indian equivalent of a social security card) or real time payments system the United Payments Interface have brought into focus the need for robust cybersecurity. And seeking to serve this need is India’s nascent but growing cybersecurity market.

This market for cybersecurity is estimated to grow from about $2 billion this year to about $3 billion in 2022, with a 15% compounded annual growth rate. This is about 1.5X the global rate. Public sector, or government spending, on cyber protection is expected to grow at 13.8% in the same time. In fact, the Ministry of Electronics & Information Technology (MeitY), has asked all ministries to allocate 10% of their IT budgets to cybersecurity and appoint chief information security officers as well.

Indian businesses, however, will most likely not be the beneficiaries of this public sector largesse. Instead, much of this spending will go into the pockets of global cybersecurity firms.

Cyber crime hub

India is ranked third after the US and China in terms of cyber crime incidents. Cyber attack incidents reported by the Indian Computer Emergency Response Team (CERT-In) jumped from about 53,000 in 2017 to over 2 million 2018.

 There are more than 175 cybersecurity product companies in India, according to a Data Security Council of India (DSCI) report in 2018. The instances of them winning a public sector cybersecurity contract, though, have been few and far between. These companies say that the current system is designed to exclude them in favour of multinational corporations such as IBM, and Indian system integrators like Wipro and Infosys who actually implement and maintain the technology. 

“As a result, many Indian cybersecurity companies lose out on lucrative contracts that they are technologically capable of fulfilling. This needs to change,” says Quick Heal managing director and chief technology officer Sanjay Katkar. Quick Heal, with $44 million in annual revenue for the year ended March 2019, is the largest Indian company in the space.

 Now, MeitY has begun taking baby steps towards levelling the playing field and giving Indian cybersecurity firms a fair shot.


Pratap Vikram Singh

Pratap is based out of Delhi and covers policy and myriad intersections with the other sectors, most notably technology. He has worked with Governance Now for seven years, reporting on technology, telecom policy, and the social sector.

View Full Profile

Enter your email address to read this story

To read this, you’ll need to register for a free account which will also give you access to our stories and newsletters

Or use your email ID