With the growing penetration of digital technologies, cyber security has become an essential part of national security. In order to prevent cyber threats, governments are advancing national cybersecurity strategies and developing new legal mechanisms. India, being among the largest digital economies in the world, is also working on strengthening its cybersecurity. The importance of cybersecurity that goes beyond the digital world and became a matter of national policy was stressed recently by Prime Minister Narendra Modi during his speech in February 2022, at the webinar on ‘Aatmanirbharta in Defence-Call to Action’ [Jagran, 2022].
According to McKinsey Global Institute, India is the second-fastest digital adopter among the 17 most digital economies of the World as of 2019 [McKinsey Global Institute, 2019]. Yet only in 2020, over 82% of Indian companies had faced ransomware attacks, while the cost of recovering from these ransomware attacks tripled from $1.1 million in 2020 to $3.38 million in 2021 [Meharchandani, 2021]. On top of that, India was among the most-attacked countries in Asia in 2021 along with Japan and Australia, where server access attacks (20%), ransomware (11%) and theft (10%) were recorded as the most frequent [Business Standard, 2022].
Strengthening cybersecurity in the country became essential for the Indian government. Initially, India introduced its National Cyber Security Policy in 2013 to protect against cyber-attacks, which became ineffective over time. In 2020, the Data Security Council of India announced the National Cyber Security Strategy, which maintains cyber safety in political, economic, security and energy fields. The strategy has three major clusters such as securing national cyberspace, synergizing resources and strengthening structures, people, processes, and capabilities. Overall, 21 priority areas are defined to ensure safe and secure cyberspace [DSCI, 2020]. Apart from that, the National Cyber Security Strategy 2021 has been developed over the last two years by the National Security Council Secretariat and waiting for its approval. Once signed, the new strategy will provide a legislative framework for combating emerging cyber security threats and ensuring maintaining of cyber safety by all stakeholders.
Institutionally, cybersecurity is coordinated by several key agencies, such as the Defence Cyber Agency and the National Technical Research Organisation that coordinate major cyber security mechanisms. The National Critical Information Infrastructure Protection Centre and the National Disaster Management Authority work on protecting cyber infrastructures, whilst the National Cyber Coordination Centre (NCCC) is India’s major operational cybersecurity and e-surveillance agency [Mohan, 2021].
Over the last few years, the cybersecurity industry in India almost doubled in size from $5.04 billion in 2019 to $9.85 billion in 2021 according to DSCI. Ensuring cyber security became a top priority not only for tech companies, but also for entrepreneurs, government agencies and individuals since cybersecurity protects hardware, software, and data from various cyberthreats. As a result, the number of employees involved in providing cybersecurity increased from 110.000 employees in 2019 to 218.000 in 2021 [Tan, 2022]. However, according to the State of Cybersecurity 2021 Part 1 survey, there is a constant shortage of cybersecurity specialists with over 49% of respondents facing a deficit of specialists. Overall, India’s shortage of cybersecurity workforce is 9% higher than the global average [Choudhary, 2021].
At the national level, the importance of cybersecurity was reassessed after the malware attack at the Kudankulum nuclear power plant in TamilNadu and on the Indian Space Research Organisation headquarters in Karnataka in 2019. The malware known as Dtrack attacked internal systems, which previously was also used to hit financial institutions in India. Fortunately, the malware was limited to administrative systems, yet the case demonstrated an urgent need to increase the cybersecurity protection of all government services and strategic facilities [Mohan, 2021]. The malware attack on nuclear plants was launched by North Korean hackers using Chinese networks. In addition, India often becomes a target of Chinese and Pakistani hackers, hence presuming India’s cyber-intelligence is not prepared enough to counter sophisticated cyber-attacks. In this regard, the Indian government is cooperating with specialists from the US, the United Kingdom and France to raise the awareness of cyber threats and ensure essential cyber security measures [Gurjar, 2021].
With over 1.15 billion mobile phones and over 700 million internet users in India, cyber threats are also becoming a real concern for citizens. At the household level, cyberthreats include, in addition to malware, viruses, Trojans, spyware, backdoor services, network attacks, and various types of fraud, including financial interventions [Mathur, 2022]. Raising digital literacy is critical for preventing cyberthreats among the population.
With the penetration of digital technologies into all spheres of life, the risks emanating from cyberspace are progressing. Yet India’s huge IT market opens vast opportunities for digital transformations if cyber safety will be secured. To ensure this security it is essential to advance cyber regulations and implement strategies that will push India to advance its cyber space and achieve breakthroughs in IT technologies. Other top digital economies are also developing their cyber capacities and implementing new regulations to secure from cyber threats and data breaches, while on the other hand through this advancement strengthening their cyber potential.
To strengthen cybersecurity it is critical to elevate the cyber skills of the population. According to estimates, India will need over 1.5 million vacancies by 2025 in cybersecurity [Choudhary, 2021]. Hence, advancing human capital and developing a new generation of IT specialists with competitive skills in cybersecurity might reinforce India’s status as an IT hub and promote India’s digital transformation. Cybersecurity became an essential part of national defence and imperative for every business and person.
India’s experience in the cyber field, including its cybersecurity, might be useful for the Central Asian IT specialists as well. India’s emerging market, relatively close location, and high level of Indian IT expertise provide a good alternative for learning and developing new technologies. Given that the IT cooperation between India and Central Asian states is gradually emerging, Central Asian IT experts can revise the importance of India’s IT hub and shift their interest towards the emerging Asian markets, where India has a good reputation. While India also needs to strengthen its cybersecurity, Central Asian colleagues already could learn the methods of maintaining cybersecurity in India.
Business Standard (2022). Cyber attacks: India among top 3 most-affected nations in Asia in 2021. Retrieved from https://www.business-standard.com/article/international/cyber-attacks-india-among-top-3-most-affected-nations-in-asia-in-2021-122022400945_1.html. Accessed on 13.03.2022.
Choudhary, Govind (2021). Shortage of the cybersecurity workforce in India is 9% higher than the global average: RV Raghu. Retrieved from https://www.expresscomputer.in/security/shortage-of-the-cybersecurity-workforce-in-india-is-9-higher-than-the-global-average-rv-raghu/78520/. Accessed on 13.03.2022.
DSCI (2020). National Cyber Security Strategy 2020. Data Security Council of India. Retrieved from https://www.dsci.in/sites/default/files/documents/resource_centre/National%20Cyber%20Security%20Strategy%202020%20DSCI%20submission.pdf. Accessed on 13.03.2022.
Gurjar, Sankalp (2021). India’s Cyber Security: A look at the Approach and the Preparedness. Retrieved from https://www.icwa.in/show_content.php?lang=1&level=3&ls_id=6172&lid=4236. Accessed on 13.03.2022.
Jagran (2022). India’s defence sector should tap its strength in IT for national security, says PM Modi. Retrieved from https://english.jagran.com/india/indias-defence-sector-should-tap-its-strength-in-it-for-national-security-says-pm-modi-10039938. Accessed on 13.03.2022.
Mathur, Anmol (2022). Cybersecurity: How is India faring? Retrieved from https://economictimes.indiatimes.com/industry/services/education/cybersecurity-how-is-india-faring/articleshow/90092428.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst. Accessed on 13.03.2022.
McKinsey Global Institute (2019). Digital India: Technology to transform a connected nation. Report. Retrieved from https://www.mckinsey.com/~/media/mckinsey/business%20functions/mckinsey%20digital/our%20insights/digital%20india%20technology%20to%20transform%20a%20connected%20nation/mgi-digital-india-exec-summary-april-2019.pdf. Accessed on 13.03.2022.
Meharchandani, Dhwani (2021). The Current State of Cyber Security in India. Retrieved from https://securityboulevard.com/2021/10/the-current-state-of-cyber-security-in-india/. Accessed on 13.03.2022.
Mohan, Pulkit (2021). Can India Address the Growing Cybersecurity Challenges in the Nuclear Domain? Retrieved from https://www.orfonline.org/research/can-india-address-the-growing-cybersecurity-challenges-in-the-nuclear-domain/#:~:text=Cyber%20attacks%20in%20India%20reportedly,onset%20of%20the%20Ladakh%20standoff. Accessed on 13.03.2022.
Tan, Aaron (2022). India’s cyber security industry doubles in size amid pandemic. Retrieved from https://www.computerweekly.com/news/252512351/Indias-cyber-security-doubles-in-size-amid-pandemic. Accessed on 13.03.2022.
Note: The views expressed in this blog are the author’s own and do not necessarily reflect the Institute’s editorial policy.
Dr. Albina Muratbekova is a research fellow at the Eurasian Research Institute of Akhmet Yassawi Kazakh Turkish International University. Albina holds a PhD degree in Oriental Studies from Al Farabi Kazakh National University. During her studies, Albina received fellowships from institutions in China, India, the USA, the UK, Germany, and Switzerland. Her primary research interests cover Central, East, and South Asian affairs; intraregional and interregional cooperation of Central Asian states; China-India relations; and Central Asian politics.