Insight – Bolstering India’s cyber security capabilities
Australian cyber security firms looking to do business in India have a unique entry point: supplying or partnering with multinational technology integrators that are actively looking for new products and services to broaden their cyber security capabilities.
This opportunity comes at a time when India is looking to ramp its cyber security defences as well as establish itself as a global cyber security leader.
A generation ago, Indian technology consulting and system integration (SI) firms disrupted the SI industry with their low-cost, offshore model for technology development and business process outsourcing.
Today, India is a leading destination for technology and associated services, with a 55 per cent share of the US$190 billion global services sourcing market in 2017–181. Indian IT and IT services companies have set up over 1,000 global delivery centres in about 80 countries.2 Around 75 per cent of the world’s digital talent live in India.3
India’s technology prowess is underpinning its transition to a digital economy. National projects such as Digital India, Smart Cities and the National Broadband Network are altering the country’s digital landscape, with direct impacts on governance, transparency and accountability. Cyber security is integral to the success of these projects.
E-commerce is also on the rise in India, with an estimated two billion daily transactions.4 The emergence of new services and applications, cloud and cognitive technologies, has made cyber security even more important as the value of data and its applications in commerce grow daily.
Rising threat levels
However, the rapid move to a digital environment has come at a price. According to security solutions provider Symantec, India is the second most vulnerable country in the world to targeted cyber-attacks.5 Its enterprises are the sixth most targeted by cyber criminals.6
The cost of cyber-attacks in India is estimated at more than US$4 billion annually.7 Many cyber-attacks go undetected and unreported, so this number is likely to be much higher. The cost is forecast to reach as high as US$20 billion over the next 10 years,8 as the operations of most Indian companies become networked and the Smart Cities agenda develops.
The banking, utilities, critical infrastructure, telecommunications, defence and government sectors are the victims in three-quarters of all cyber-attacks in India.
Increased cybercrime has forced Indian companies to spend more on cyber security. A PWC survey found the average information security budget for Indian companies has increased at a compound annual growth rate of 25 per cent over the past five years. 9
Despite investments in high-end security products, cyber-breach prevention, detection and incident response, the cyber security capabilities of most organisations are yet to mature. Most Indian companies see cyber security as a technology issue rather than a business strategy issue, but this view is changing.
‘There is now an unprecedented expectation from cyber security professionals to provide an assurance to the organisation’s board and senior management that they have the right cyber security strategy and remediation processes to address cyber risks and breaches,’ says Vishal Salvi, Chief Information Security Officer at Infosys.
‘This change, coupled with the dynamically changing cyber threat landscape, will drive a new order in terms of how cyber security will be managed going forward.’
Australia in prime position
Against this backdrop, there are tangible opportunities for Australian industry, governments, academia, universities and research organisations to help India resolve its cyber security issues.
To successfully grow their cyber security business in India, Australian companies are advised to target multinational systems integrators in India as they are constantly seeking new value-added cyber security products and services to broaden their core offerings.
Australia is respected in the Indian market as being at the forefront of online safety and security, with robust legislation, advanced law enforcement capability, rigorous policy development and strong technical defences. Australian firms can capitalise on this reputation to tap into supply and partnership opportunities.
There are also opportunities to work directly with Indian banks, insurance firms, fintech providers, health organisations, critical infrastructure companies, training and research institutes, and universities. Government is also seeking cyber security expertise, products and services.
Training and research to meet skills gaps is also in major demand, an area where Australian universities and companies are well equipped to provide. There has been a sharp rise in demand for cyber security professionals since Europe’s General Data Protection Regulation (GDPR) came into effect in May 2018.
In terms of ease of doing business in India, there are several advantages to having a local representative. Some Indian corporates and the government insist on financial and performance guarantees so Australian firms would benefit from partnering with local companies and bidding for opportunities in consortium.
A hub for cyber security
In addition to addressing its cyber security challenges, India wants to position itself as a global hub for cyber security solutions.
The National Association of Software and Services (NASSCOM) set up a Cyber Security Task Force in 2018 to create a roadmap for India with a three-point strategy:
- Increase the value of the Indian cyber security industry to US$35 billion by 2025
- Work with user organisations such as the National Critical Information Infrastructure Protection Centre and CERT-in, as well as the banking, telecom, insurance and critical infrastructure sectors, to study the Indian cyber security ecosystem, identify challenges and develop an action plan to address priority issues. It will also identify opportunities for the Indian IT industry in the global cyber security space and bring together stakeholders from across the board to develop cutting-edge technologies and address global market requirements. Learnings from other countries will help the task force better understand how to catalyse the security product ecosystem in India.
- Develop data protection and privacy regulations such as privacy certification to ensure India can meet the requirements of the GDPR.
Once again, Australia’s expertise can assist the Cyber Security Task Force to meet these goals.
Register for a free webinar on India’s cyber security market, where Austrade and representatives from India’s cyber security industry will discuss the market, trends and opportunities. Austrade is also planning a cyber security mission to India in late 2018. Details will be available shortly.
Contact Austrade for information on opportunities in the Indian cyber security sector.
 PwC, The Global State of Information Security® Survey 2018, October 2017
Indian Brand Equity Foundation, IT & ITeS industry in India, June 2018, https://www.ibef.org/industry/information-technology-india.aspx
Capgemini, World Payments Report 2016, September 2016
Symantec, 2018 Internet Security Threat Report, March 2018
The Indian Express, Symantec report: Cybercriminals love Indian enterprises, social media adding fuel to fire, 24 April 2016, https://indianexpress.com/article/technology/tech-news-technology/symantec-security-threat-report-2015-cyber-security/
ACI Worldwide & AGS Transact Technologies, Transactions 2025, 12 March 2018, https://www.aciworldwide.com/news-and-events/press-releases/2018/march/aci-worldwide-and-agsttl-highlight-megatrends-shaping-india-digital-payments-revolution