Rising Focus on Cybersecurity in India

Introduction
Artificial intelligence (AI), quantum computing, 5G, Internet of Things (IoT), and other quickly evolving and pervasive technologies are providing enormous growth prospects for firms in many industries; the global digital economy's expansion is visible after the Covid-19 pandemic. However, these innovations also increase the attack surface, posing a wide range of cybersecurity dangers, and giving hackers new ways to compromise, abuse, and harm vital IT assets. According to Indian Computer Emergency Response Team, India registered a staggering 3.63 million cybersecurity events from January 2019 to June 2022; the annual bifurcation is shown in the adjacent figure. The datacentre/IT/ITeS sector accounts for the most ransomware attacks in H1 2022, followed by the manufacturing and financial sectors. Ransomware organisations have also targeted vital infrastructure, including oil and gas, transportation, and power. To fight the increasing cyber threat, the Indian cybersecurity ecosystem, comprising government organisations and private companies (including start-ups), is also blooming.

Commercial Cybersecurity Space
The global IoT industry is expected to rise to USD 1,854.76 billion by 2028, creating numerous opportunities for suppliers and businesses wanting to profit from IoT. The cybersecurity sector is expected to have a sizeable portion in the IoT market, considering the rapid expansion of the IT sector and the need for security.

Revenue of the Indian cybersecurity industry is predicted to increase at a CAGR of 30.4% from USD 4.08 billion to USD 15.40 billion during 2018-2023E. The adoption of a cloud-first strategy, business-led innovation, remote working circumstances, an expanding threat landscape and increased threat awareness, domestic and international compliance standards, and data privacy are the main drivers of the Indian cybersecurity industry.

The sector's estimated employee base is expected to expand to around 2.7 times in 2022 as against 2019, which is further expected to scale up significantly in the future, providing good employment opportunities. Reportedly in 2019, the talent pool was sized at 110k and 15k for cybersecurity services and products, respectively, and estimated to be 305k and 37k in 2022.

Due to strict regulations, better awareness levels, more cybersecurity budgets and quicker decision-making processes, developed countries have been booming markets. Major businesses are concentrating on regions such as the US and Europe because there are more cyberattacks on such sites. They also have more outdated technology being upgraded, renovated and revamped. This is primarily causing the US, and Europe's banking, manufacturing, energy, travel and transportation sectors to ramp up spending. With a combined 58% revenue contribution, North America and Europe remain the top two regions for services and product revenue. Regions with the fastest growth rates are Asia and MEA.

Government Initiatives

• The Government of India (GoI) has taken several technical, institutional, and legislative steps to tackle issues related to cybersecurity, including the National Cyber Security Policy (2013) and enactment of the Information Technology (IT) Act, 2000.
   
• The Indian Computer Emergency Response Team (CERT-In) was founded by the Ministry of Electronics and Information Technology (MeitY) as the national bureau for event response, including evaluation, prediction and alerts for cybersecurity breaches. The main responsibility of CERT-In is to increase security awareness among the Indian online community as well as offer technical support and guidance on how to recover from computer security incidents.
  
  To exercise the authority granted by the Information Technology Act, 2000 (section 79A), the Cyber Forensics Lab at CERT-In has been designated an Examiner of Electronic Evidence. The lab is equipped with the tools to examine digital evidence obtained from data storage and mobile devices.
• The Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) (CSK), a constituent of the Digital India initiative of the GoI under MeitY, works to create a secure cyberspace by identifying botnet infections in India and alerting, facilitating the cleaning process along with securing systems of end users to avoid future infections. CSK was established in line with the goals of the National Cyber Security Policy, which calls for the development of a safe national cyber ecosystem. Internet service providers, product/antivirus businesses and this centre closely coordinate and collaborate to run its operations. Users can safeguard their systems and devices using the knowledge and resources available on this website. Under the Information Technology Act of 2000 (section 70B), CERT-In oversees the running of this centre.
   
• The Ministry of Home Affairs' (MHA) role is concentrated to establish guidelines to help secure information which might affect internal security as well as national security. Cyber and Information Security (C&IS) division of MHA deals with issues relating to Cyber Crime, Cyber Security, National Intelligence Grid (NATGRID) and National Information Security Policy & Guidelines (NISPG)
  
  NATGRID is an integrated intelligence master database structure that links databases from several security agencies within the GoI. It collects detailed patterns obtained from numerous organisations and makes them easily accessible to security agencies around the clock.
  
  NISPIG encompasses government and public sector associations, related bodies and other third parties to safeguard the information under their ownership and control throughout the information's lifecycle, including creation, storage, processing, accessing, transmission, annihilation, etc.
  
  Cyber Crime Prevention against Women and Children (CCPWC) Scheme is established by MHA to give the states/UTs financial support of USD 11.99 million for the establishment of cyber forensic-cum-training laboratories; employing junior cyber consultants; and development of the capacities of Law Enforcement Agencies (LEAs), public prosecutors and judicial officers.
   
• MHA established the Indian Cyber Crime Coordination Centre (I4C) to deal with all types of cybercrime in the country in a coordinated and comprehensive manner. It has an outlay of USD 49.9 million.
  
  The main duties of I4C are to (i) act as a node in the fight against cybercrime; (ii) recognise research problems/needs of LEAs, and engross in R&D activities to develop new technologies and forensic apparatuses in association with academic and research institutes in India as well as abroad; (iii) prevent the use of cyberspace to further extremist and terrorist groups' cause; (iv) suggest amendments to cyber laws as needed to keep up with rapidly evolving technologies and international cooperation; and (v) coordinate all activities related to the implementation of MLATs with other countries associated to cybercrimes keeping the concerned nodal authority in MHA in a loop.
  
  There are seven components of the I4C Scheme, each having distinct responsibilities: Cybercrime Ecosystem Management Unit, National Cybercrime Training Centre (NCTC), National Cyber Crime Research and Innovation Centre, National Cybercrime Reporting, National Cybercrime Forensic Laboratory (NCFL) Ecosystem, National Cybercrime Threat Analytics Unit (TAU), and Platform for Joint Cybercrime Investigation Team.
   
• National Cyber Coordination Centre (NCCC) and National Critical Information Infrastructure Protection Centre (NCIIPC) are some other initiatives undertaken by the government concerning cybersecurity.

Outlook
With the recent digitalisation boom, cybersecurity issues are also rising, especially infrastructure breakdown due to cyberattacks, identity theft and ransomware. To combat these issues, India has a strong and expanding cybersecurity ecosystem within a strong framework set up by the GoI, with private players offering several cybersecurity services and products. The GoI has taken elaborate steps and designated several organisations with responsibilities to ensure national security and other privacy concerns in cybersecurity. The outlook for Indian cybersecurity companies is also bright, as their revenue stream from foreign markets is on the rise.

The exchange rate used INR/USD- 0.012