Cybersecurity in India: the market almost doubled during the pandemic

The Indian market for cybersecurity products and services totalled a revenue of $9.85 billion in 2021, following a CAGR of nearly 40% over the last two years, according to the report published by the Data Security Council of India, entitled India Cybersecurity Industry – Services and Product Growth Story. This means it has almost doubled over that period ($5,04 billion in 2019).

The « services » business grew from $4.3 billion in 2019 to $8.48 billion in 2021, at a CAGR of 40.33%. As for companies specialising in the supply of products, their 2019 business volume of $740 million reached $1.37 billion last year, following a CAGR of 36.49%.

According to the study conducted by the Data Security Council of India, the Indian cybersecurity sector is resolutely moving towards a platform-oriented approach. Of the cybersecurity product and service companies surveyed, 76% and 78%, respectively, have platform-based offerings, and 74% are using artificial intelligence and machine learning to enhance their solutions.

India, a country particularly affected by ransomware

The growth in the market over the past two years has been largely driven by increased digital transformation, tighter regulatory focus on data and privacy, and growing board-level awareness of cyber threats. And by the fact that India was particularly hit hard during the pandemic, especially by ransomware.

According to a survey by security firm CrowdStrike and market research firm Vanson Bourne, about 76% of organisations in India have experienced at least one ransomware attack in 2021—more than any other country in the world over that period. And about 49% of Indian companies with a digital presence have experienced multiple ransomware attacks.

Leading consulting firms

With India’s share of the global IT outsourcing market (across all domains) at 55%, it is logical that the Indian cybersecurity market is also dominated by service giants (Infosys, Tata Consultancy Services, Wipro, etc.). They naturally draw on their expertise to offer services ranging from consulting to implementation and to the management of controls and security frameworks.

These service companies have also expanded their presence outside the country and set up security operations centres, cyber defence centres, and R&D centres around the world to better serve their customers. According to the Data Security Council of India, service companies have generated 80-85% of their 2021 revenue internationally, while cybersecurity product providers have derived 60-65% of their revenue on the Indian market.

Startups in ambush

But it is not only the large consulting and service groups that are doing well. Thanks to the strong support of Indian authorities, the Indian cybersecurity startup ecosystem has grown significantly in recent years, in particular with the creation of incubation and acceleration programmes, the availability of funding opportunities, and the strengthening of a strong talent pool. While the talent shortage remains, India’s cybersecurity workforce has literally exploded—from 110,000 employees in 2019 to 218,000 in 2021.

India is thus becoming a partner of choice for the provision of cybersecurity services and products worldwide, with startups also expanding their influence internationally. Promising start-ups include WiJungle, which offers unified network security gateways, and Safe Security (formerly Lucideus), whose SAFE platform provides real-time assessment and monitoring services to enterprises.

Strengthening Franco-Indian cooperation

France, via its National Agency for Information Systems Security (ANSSI), has established strong relations with India in the field of cybersecurity. In particular, it launched the Indo-French Roadmap on Cybersecurity and Digital Technology (signed in August 2019). With this roadmap, France and India recognise the need to pursue and deepen the strategic dialogue on defence against cyber threats and affirm their commitment to an open, reliable, secure, stable, and peaceful cyberspace.

In this regard, France and India aim to strengthen information sharing to respond to common cross-cutting threats. They also aim to enhance their coordination in support of ongoing discussions in various multilateral fora on the application of international law and the implementation of the norms of responsible behaviour of states in cyberspace adopted in the previous reports of the United Nations Groups of Governmental Experts.

As part of this roadmap, the ANSSI spoke in October 2019 at the « CyFy » Conference on Technology, Security, and Society, organised by the think tank Observer Research Foundation (ORF). The ANSSI was able to meet with several Indian institutional actors to set the stage for strengthening cooperation in cybersecurity.

As we can see, cybersecurity in India is a highly strategic issue. Alongside the large national consulting and service companies, startups are gradually taking their place, bringing unparalleled expertise and value. This is a good thing for a country that has been hit hard by ransomware attacks.