The Highs & Lows of Current Cybersecurity Scenario
According to research by the Data Security Council of India (DSCI), India's cyber security industry nearly quadrupled in size during the pandemic, with revenues from cyber security goods and services rising from $5.04 billion in 2019 to $9.85 billion in 2021. At the same time, despite continuing talent shortages, India's cyber security workforce grew from 110,000 personnel in 2019 to 218,000 in 2021. However, it is not just the giant suppliers propelling the sector forward. The cyber security startups and SMEs in India snowballed as well. India's cyber security market is dominated by security services, with firms leveraging their global skills and experience to deliver transformative and platform-based services. Services firms have ingrained security into their DevOps processes, from consultation to implementing and monitoring security controls and frameworks to secure their customers' and end-user data and privacy. To better serve their clients, they have also expanded their global footprint and opened security operations centers, cyber defense centers, and research and development centers throughout the world. Diving deep into the current and future market trends and cyber laws, Mayuresh Purandare, Head IT – Infrastructure & Security, Marico Limited, shares key insights of the Indian cybersecurity market with CIO Insider.
In conversation with Mayuresh Purandare, Head IT - Infrastructure & Security, Marico Limited.
Could you mention a few developments fueling the growth of the cybersecurity market today?
The vast talent pool in India is being groomed into cybersecurity. Further, Veterans from the industry are setting up their own startups and creating solutions for niche markets. Additionally, startups are starting startups for startups, pooling in fintech companies that have to face cybersecurity regulations, among others. Although the latter may take pride in business ideas, they seldom stomach compliances. Hence, with cloud adoption, startups are helping new startups to set up governance frameworks.
What is your take regarding the scope of vocational opportunities on the same?
I’ll divide cybersecurity into two verticals,
including technical and operational requirements around security products management, implementation, Firewall management, and SD VAN management. Engineering graduates can opt for technical roles, given they incline it. The other vertical would be policy framework governance which MBA, IT, and Chartered Accountants could work with companies on compliances. More scope to LLB students regarding the governance vertical of cybersecurity since there is more emphasis on cyber law at present.
Could you share insights about the recent trends regarding cyber laws seen in startups today?
Globally, countries are bolstering their laws and considering cybersecurity a top risk. Clearly, this is why most countries are developing their own cyber laws. India has a good talent pool capable of catering to the laws of various countries. Additionally, startups specializing in cyber laws are offering consultancy services globally. Take GDPR (General Data Protection Regulation), for instance. Most practitioners in India have mastered it and are supporting European nations. Thus, startups are training talents to ensure their awareness of laws through SOC (Security Operations Center) as a service to countries. They have also begun to help hire CISOs (Chief Information Security Officer) based out of India to other countries due to the cost element when the scenario is vice versa. Besides, innovative startups in India are indigenously developing their SaaS products. One that I recently evaluated is the Indusface, a WAFP (Web Application Firewall Product), which is becoming a favorite product among banks.
the layered defense in cybersecurity will remain paramount, embracing constant investment into the same due to emerging cybersecurity threats
Despite the government implementing rules in cybersecurity, its adoption and investment are yet to reach every vertical. Verticals such as oil and gas, banking, and other financial services increasingly invest in cybersecurity, while others attempt to increase their investments. Areas like IT and OT, application, and identity, especially when enforcing two-factor authentication.
Show us a glimpse into the future of the cybersecurity market.
The future is digital and is likely for local authorities over countries to overtake individual companies’ cybersecurity requirements. For instance, certain companies could show hesitancy in investing in firewalls, considering the immense investment they have to make. At the same time, future governments might pass down a framework that mandates investments into the same. CISOs and young companies could face hardships in keeping up with the changing laws, which may not only call for a lot of outsourcing, but the former could shift its focus towards KPI. Most people would rely on outsourced security service providers.
Needless to say, existing global inflation could make price sensitivity play a key role by placing priority on security and resulting in investments into the same. Hence, cost-effective solution providers who will be able to fulfill the laws of the land and the governance standards would be much needed. Additionally, the enormous talent pool seated across tier three and four cities could result in the birth of cybersecurity. OEMs like Amazon, Microsoft, Palo Alto Networks, Semantic Web Company, among others, would either take over startups or invest in them to accelerate innovation. Lastly, the layered defense in cybersecurity will remain paramount, embracing constant investment into the same due to emerging cybersecurity threats.