Cyber security services industry in India to touch $15 bn by 2025

Cyberattack is one of the important security challenges that the country as well as the world is facing today. The cyberattacks can pose wide-ranging threats to power grids, they can impact and cripple financial institutions, that can result in leakage of sensitive information and so on. 

Growth in India’s digital market is expected to drive up the need for cyber security products and services. The industry had generated a cumulative revenue of about USD 4.3 billion in 2019, and this is expected to reach USD 7.6 billion in 2022, the DSCI report titled ‘’India Cybersecurity Services Landscape’’ said. It added that due to Covid-19 pandemic, cybersecurity is gaining an even higher attention from enterprises and governments alike.

The growth sectors including Banking, financial services and insurance (BFSI), IT and telecom were key verticals of focus and threat, and vulnerability management along with infrastructure and cloud security are key segments in demand. 70% of all breaches still originate at endpoints, despite the increased I.T. spending on this threat surface, according to IDC.

The Indian cybersecurity services industry is expected to grow at a compound annual growth rate (CAGR) of about 21 percent to touch $15 billion by 2025. Cybersecurity is going to be the foundation on which the post-Covid-19 IT industry will be built.

About 80 percent revenue of cybersecurity services comes from global market, and the US, the UK and Australia were the top three geographies of focus, it added. The global cybersecurity services market is expected to reach $89 billion by 2022, with an overall CAGR of 10 percent.

Cyber security demands were 10% of the total IT requirements, during lockdown they have gone up to 15% and the market is poised to grow exponentially, fuelled largely by remote working requirements during the pandemic. Cybersecurity holds the key as 95 percent of the IT industry workforce had to work from home during this unprecedented time. 

“NASSCOM and Data Security Council of India (DSCI) have been working relentlessly putting ahead the issues of the IT Industry to the government and forging a vital partnership to mitigate the Covid-19 impact and ensure business continuity,” electronics and IT Ministry Secretary, Ajay Sawhney, said

DSCI Chairman and NIIT Group Co-Founder Rajendra S Pawar noted that products and services ecosystem are the twin pillars of India’s cybersecurity industry. “The Indian cybersecurity services industry is growing twice as fast as the global market. All challenges come with opportunities, so while Covid-19 is a challenge, it is also a huge opportunity for accelerating the already existing high-level growth in cybersecurity,” he added.

The cyber security products market is estimated to grow faster than the services market. As the cyber criminals have shifted their focus to developing markets like India—which has boarded the digital bandwagon in a big way and where different organisations are at different levels of maturity to fight off cyberattacks. As a result, Indian organisations across sectors are vulnerable to cyberattacks and there have been reported breaches in the recent past causing concern to both governments and businesses.
The cyber security products market in India is expected to grow at a CAGR of 16.9% by 2022. For the purpose of the survey, the cyber security products market has been classified in five categories, viz. data security, endpoint security, network security, identity and access management, and security intelligence detection and response (IDR).

Recently, banks have already started feeling the heat after the Reserve Bank of India (RBI) imposed penalties over non-compliance in the last one year, other industries are not far behind. Regulators are taking cues from global headwinds and crafting their cyber security mandates. Both central and state governments have also stepped up their vigil to protect against and respond to breaches.

The cyber security market is crucial to ensuring India’s stature as one of the world’s leading investment hubs, as well as the security of its major sectors, and is expected to become more pronounced and grow exponentially. This is in part driven by nationwide initiatives such as Digital India, and increasing digitisation of the country’s business environment and daily life. As per a PWC report, Data protection and endpoint security to see relatively higher growth In products, data protection and endpoint security tools will grow .

Three factors for increasing the Cyber attacks:
# With rapid digitisation, and high number of smartphone and internet users, the number of endpoints have also increased
# Attacks against endpoints are rapidly increasing, especially in the form of script based attacks such as powershell attacks (increased by over 1000%)20 and file less malwares. 
# With growing BYOD (bring your own device) ecosystems, the focus has increased on native hardening and monitoring of endpoints, rather than enterprises controlling system security through the backend. 

The PWC report further says, 47% of the survey respondents have highlighted data security and privacy as primary areas of concern and investment. Regulations such as the Personal Data Protection Bill of 2018, compliance with the Aadhaar Act and the Digital Information Security and Healthcare Act (DISHA) of 2018 are also being considered as factors driving data security and privacy requirements.

 
The rising number of connected and mobile devices have created the need to guard the rising number of endpoints having access to critical enterprise data. This, together with rising adoption of IoT and escalating demand for smart devices, is likely to drive the endpoint security market. In most of the breaches, the endpoint has been found to be the most vulnerable weak link and the conduit for the attacks. 

Over 34% survey respondents were of the view that there was a need to increase investments in their respective organisations in endpoint security products. 

Security IDR will continue to be the most dominant product category, occupying 32% of the product mix characterised by advanced analytics in detection and response capabilities.

Rapid technology adoption in other sectors increasing cyber security investments Operational technology and industrial automation are increasingly getting interconnected with IT to meet business requirements. Adoption of smart meters and advanced metering infrastructure, use of drones, virtual reality (VR) and augmented reality (AR) are making it necessary for the sector to be secure. Recent steps taken by the government, such as launching of the National Health Protection Scheme (Ayushman Bharat), where protecting of healthcare information is crucial, are expected to drive spending on cyber security in this sector.

Digitisation is rapidly changing the cyberthreat landscape. India’s growth trajectory and the growing influence of Indian enterprises globally, makes it an attractive target for cyber criminals. The largescale initiatives of the government, such as Make in India, Digital India and Skill India, aimed at economic galvanisation and inclusion, have also begun to leverage emerging technologies to create efficiencies and increase reach. 

Automation in terms of bots, robotics process automation (RPA), AI and ML are driving productivity in services across India. However, increased adoption of digital technologies has also resulted in multi-fold increase of sensitive information being stored online. Though positive for the economy, these digitisation efforts come with their own set of cyber security risks. While earlier instances of cyberattacks were largely for monetary gain, reasons for attacks now also include reputational damage and power play, further compounded by state actors.

Another most important factor is the Network security, which is defined as security measures undertaken by implementing a combination of software, hardware, and networking technologies such as firewall, unified threat management, network intrusion detection and prevention, virtual private network (VPN), content inspection, web content security.

Going forward, attacks are becoming more and more sophisticated, with phishing, identity thefts, advanced worms, DOS and DDOS all attacking vulnerable users who aren’t equipped to deal with them. Traditional crimes are today replaced with modern crimes, where in computer is used as a tool to attack common people and victimize them. Cyberattacks have become more organised with significant funding, passion, they are sophisticated, they often gain access and they wait for the right time, for the moment of their choice for their attacks.

A survey indicates, 70% of cyber security threats are from insiders that make it far more difficult to identify or resolve. 

Cyber security has to be built into the information security system as an ongoing proactive measure. There should be a team of cyber security experts which should constantly monitor, ethically hack and validate the integrity of the IT systems.  All cyber accesses and operations must be closely monitored on an ongoing basis.  Equally, our suggestion is to document and administer a strong protocol and supervision driven system that constantly monitors employee access to the IT systems.
There is a strong suggestion for involving the HR management to monitor and evaluate behavioural patterns of employees working in the IT area for preventive identification of such criminal acts. It is an opportunity for the educational institutions to come-up with the specialised course on Cybersecurity for achieving the long term and sustainable goal. 

Finally, the most important issue is who own the data and where should data be kept. Since, the ownership of data is very critical. IoT, Big Data, and AI all feed into each other and create an ecosystem of automation - IoT devices collect data on millions of criteria and use to train and improve AI algorithms and many do not know how these technologies are linked. Organizations need to transition to a comprehensive security posture that can protect against a sophisticated, ever-changing threat landscape by vulnerability management process that could unifiy cybersecurity strategy and permeates the organization to predict, prevent, and proactively mitigate breaches before they happen.