Unleashing National growth through proper Cyber Security control in place post COVID – 19



Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profits for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them. Cybercrimes also include the use of computers or networks to spread malware, illegal information, images or other materials. Some cybercrimes target computers to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks.

A primary objective of cybercrime is financial; cybercrime can include many different types of profit-driven criminal activity, including ransomware attacks, email and internet fraud, identity fraud, as well as attempts to steal financial accounts, credit card or other payment card information. Cybercriminals may also target an individual’s private information, as well as corporate data for theft and resale.

Global Cyber Crime & Attacks at a Glance

The cyber security industry is rapidly growing every day. Although more resources are being deployed to counter cyber-attacks, the industry still has a long way to go before we can, as a whole, catch up with these threats. Cyber-crime or computer crime can be divided into two categories: the first comprises crimes that target computers directly such as viruses, attacks and malware; the second focuses on online crime that uses computer networks or devices as means to perform fraud,which includes but is not limited to identity theft through social engineering, cyber bullying, cyber stalking and cyber warfare.

Data breaches have profound effects on consumers, resulting in personal information and credit details being stolen. The biggest online data breach compromised more than 130 million user accounts. Online brands with the highest chance of being targeted by phishing attacks include online payment providers such asPaypal, online auction houses such as eBay, as well as numerous online service providers that require personal identification.

With the ubiquity of the internet, an increased online usage and the spread of social network usage acrossall age groups, cyber bullying and cyber stalking have become increasingly common, but especially among teenagers. Cyber bullying is defined as the harming or harassing of other people in a deliberate, repeated, and hostile manner.

  • Every 32 seconds, a hacker attacks someone online;
  • 43% of cyber-attacks target small business;
  • The global average cost of a data breach is US$3.9 million across SMBs;
  • Some breaches have been known to cost US$4 billion;
  • The average cost of a ransomware attack on businesses is US$133,000;
  • Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes;
  • More than 93% of healthcare organizations have experienced a data breach over the past three years;
  • Approximately US$6 trillion is expected to be spent globally on cyber security by 2021;
  • Connected IoT devices will reach 75 billion by 2025;
  • Unfilled cybersecurity jobs worldwide will reach over 4 million by 2021;
  • 95% of cybersecurity breaches are due to human error;
  • More than 77% of organizations do not have a Cyber Security Incident Response plan;
  • 92% of malware is delivered by email;

Covid-19 has been rightly dominatingthe global headlines so far in 2020, but while global lockdown may have been good news for online retailers and those able to work from home, this invariably means that it has also been a lucrative period for cyber criminals.

More online transactions mean more opportunities to hack personal data, and people working remotely has opened up new ways for criminals to target both individuals and organizations (including attacks on healthcare companies battling to contain the virus and save lives).

With the world facing a global recession and millions of jobs being lost, these are desperate times that call for serious measures to tackle cybercrime.

Global Cyber Security Market Size

The global cyber security market size was valued at US$ 156.5 billion in 2019 and is expected to expand at a compound annual growth rate (CAGR) of 10.0% from 2020 to 2027. Cyber security and defense against online threats undertake greater significance in today’s ever-evolving digital landscape. Cybersecurityhas become vital toorganization due to rapidly increasing frauds, cybercrimes, risk, threats, and vulnerabilities. Disruptive and emerging technologies in banking, retail, information technology, defense, and manufacturing sectors have offered new capabilities, facilitated automation, and accentuated ease of working. However, these technologies have also emerged as a potent factor in the development of the global “threat landscape” of exploitable vulnerabilities and malware. The emerging threat landscape hasobserved an increased number of cybercrime activities in the global digital era.

The policy times

The growing popularity of digitalization has compelled organizations to extensively rely on digitized information. Sharing of a vast amount of data in an external and internal environment as well as across the globe has created many vulnerable communication channels, and has in turn made organizations fall prey to cybercrime through different forms of attacks. A successful online attack can harm the enterprise as well as its reputation and brand. It can further result in a loss of competitive advantage and cause steep financial damage. In the wake of breaches and high-profile data theft, it becomes vital for an organization to determine future threats and redesign their cyber safety stance. Thus, cyber safety is becoming a strategic imperative for an organization, owing to an increased focus on preventing cybercrime activities which can hamper the momentum of the business.

Technologies such as the Internet of Things (IoT) and new business models extensively rely on global digitization for their growth. As the system becomes more complex, interconnected, and handles more information, the exposure to attack surface becomes much broader while exposing the gaps in the security system of the business. The primary platform for an increase in cybercrime activities is connectivity through the use of Big Data, cloud, social media, and mobile services. For instance, third-party data storage and cloud-based services have opened avenues for an online attack, which previously did not exist. Moreover, IoT products enabled with IP sensors are anticipated to introduce vulnerabilities to user data, if they have not been adequately tested. Such services operate on the backbone of the internet and will become increasingly connected over a period of the next three years, demandingthe need for a robust cyber safety system in the business environment.

The convergence of such events has driven the proliferation of endpoint and wireless safety services in an enterprise improving access to corporate information, both on-premise and outside the corporate network. A robust cybersafety layer in a business environment is aimed to detect, prevent, and react to the network attack or cyber-attack at the time of intrusion. A scalable and flexible strategy prepares an organization to combat unforeseen challenges to their safety infrastructure.

In the wake of the COVID-19 pandemic, several incidences and cases of Cybercrime were observed across industries. Cybercriminals have increasingly targeted every part of the demographic that searched information related to COVID-19 using malicious domain names registered with names as “COVID-19” or “coronavirus”. According to cyber experts, at the end of March 2020, around 40,261 suspicious registered domain names were identified. Additionally, in recent times the use of almost identical business email addresses havebecome apreferable choice for cyber attackers to conduct attacks. Furthermore, with the shift towards the remote working environment, cyber threat risks increase among organizations. The pressing concerns of cyber threats influence organizations to adopt solutions and configure malware protection, detection, and mitigation strategies.

Component Insights

The services segment dominated in 2019 with a 54.7% revenue share of the cyber security market. It is also anticipated to continue its dominance over the forecast period. Cyber security vendors offer both professional and managed services to provide IT support and assistance for troubleshooting software issues and carrying out regular maintenance. Furthermore, the need for continuous event monitoring, vulnerability management, and real-time dedicated security support for timely delivery of products is compelling enterprises to adopt these services. Thus, this need for timely support and professional assistance is expected to aid the growth of the cyber security market subsequently. Moreover, the rising trend of employing third-party vendors by organizations owing to their robust solutions offered at optimum costs hasboosted the growth of Security as a Service (SaaS).

The hardware segment is expected to register the highest CAGR over the forecast period. The hardware comprises of next-generation equipment and devices such as encrypted USB flash drives, firewalls, and Intrusion Prevention System (IPS) equipment that secure the organization’s IT networks by monitoring their networks from malicious incidents. These hardware systems and equipments are deployed by large enterprises, and Internet Service Providers (ISPs) that usemultiple computers control the network activity. The hardware equipment protects the network activity by forming an additional layer of defense from attacks and thwarts attempts to unlawfully enter computing systems. The segment revenue is majorly concentrated around protecting the network stacks.

The growing trend to identify, monitor, and mitigate threats in real-time is influencing enterprises to adopt advanced solutions such as security analytics, advanced SIEM solutions, advanced malware, and threat detection solutions. Furthermore, increasing demand to protect complex IT infrastructures from advanced threats and malware while delivering content across the web and deploying client solutions using cloud also influences enterprises to adopt solutions toenhance their IT safety infrastructure. Digital transformation and digital workplace trends also augment segment growth.

Security Type Insights

The infrastructure protection segment dominated the market in 2019 and accounted for 27.8% revenue share. Due to the increase in the number of online attacks globally, mitigation of the losses arising out of these incidents has become a significant concern across all the sectors. Furthermore, the growing adoption of connected systems across industries that share sensitive data over the internet increases cyber risks. The increasing online attacks on the organization’s critical infrastructures, IT infrastructure space, and industrial processes are anticipated to boost demand for infrastructure protection. Additionally, an increasing number of government regulations worldwide regarding data safety and privacy and compliance areanticipated to be a key factor boosting the segment growth.

The cloud security segment is anticipated to expand at the highest CAGR over the forecast period. The growth can be attributed to the growing adoption of cloud-based deployment solutions and services among enterprises. Moreover, the increasing risk of malware infiltrations, risks of unauthorized access, and the increasing number of threat actors across cloud layers are compellingenterprises to adopt cloud solutions and services. Additionally, the rise in web traffic to access media content is also propelling segment growth.

Solution Insights

The Identity and Access Management (IAM) solution segment dominated the market in 2019 and accounted for 29.6% revenue share. The growth can be attributed to the growing adoption of mobile endpoints across organizations, which increases vulnerability and risk of breaches. Furthermore, the increasing use of cloud computing and shared networks to access critical organizational data is also driving the need for IAM solutions. Rising insider threat attacks and the need to automatically maintain IAM policies such as password management, roles and privilege management, and change in historical policies. Moreover, increased demand for IAM in BFSI aimed to manage and identify risks associated with user access is anticipated to propel the segment growth over the forecast period.

The IDS (Intrusion Detection Systems)-IPS (Intrusion Prevention Systems) segment is anticipated to expand at the highest CAGR of over 11.1% during the forecast period. These solutions improve network security by analyzing and monitoring the events of known threats, thereby mitigating potentially harmful incidents in the networks. Furthermore, the increase in IT security spending and increase in adoption of network security products is expected to drive this market over the forecast period. Additionally, the sophistication of hacking attempts and an increase in cyber threats are expected to fuel the market growth. The need to avoid potential data loss and data leakage due to cyber-attacks is the primary factor driving the segment growth. Both insider and outsider attacks account for equal threats and warrant public disclosure of data, which can negatively impact the organization’s finances.

Service Insights

The professional service segment dominated the services segment with a market share of over 70.0% in 2019. The growth is attributed to the demand for employee training, penetration testing, enterprise risk assessment, cyber security defense, and physical security testing. The vendors assess the overall enterprise risks and business requirements before implementing cyber safety solutions. With the use of extensive knowledge, organizations could minimize the additional costs that come withmonitoring and managing security projects. The operational assistance provided as a professional service also reduces gaps in staffing skilled professionals and improves support efficiency in managing IT infrastructure.

The managed services segment is expected to register the fastest CAGR over the forecast period, owing to increased threats from conventional insurgent activities. Further, the increasing dangers posed by Advanced Persistent Threats (APTs), Managed Security Service Providers (MSSPs) are helping SME and large enterprises to build cyber-capabilities with services such as prevention, detection, and remediation. The IT support extends their support to manage, monitor, and analyze the cyber capabilities of the implanted solution.

Cyber Crime in India at a Glance

Cyberspace is a fast growing area for crime, transcending national boundaries and assuming global proportions. A computer or a mobile telephone with access to the Internet offers a wide array of tools, some of which may be illegal to use, and a bit of technical expertise is what it takes to perpetuate a crime in relative obscurity from remote areas.

Experts have defined cyberspace as a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

As people become more and more socially and economically dependent on Internet-connected computers and e-governance — where a lot of government business and public services are transacted online, including e-banking, e-payments, e-commerce, etc. — there grow, especially in India, prospective targets for cyber-crime assume a mammoth scale. The numbers say it all.

With a projected 730 million in 2020, India ranks third in the number of Internet users after the USA and China, clocking a compound annual growth rate of 44% over the past few years. It also figures among the top five countries to be affected by cyber-crime.

In December last year, the Ministry of Electronics and Information Technology informed Parliament that the number of cyber-related crimes cases registered in the country went up by 77% in two years. National Crime Records Bureau (NCRB) data reveals that 12,317 cyber-crime cases were registered under provisions of the Information Technology Act, 2000 and related sections of the Indian Penal Code as well as other special and local laws in 2016, which spiked to 21,796 in 2017. In 2015, 11,592 cases were registered.

The NCRB data also shows that Uttar Pradesh, Maharashtra and Karnataka were the top three states, respectively, in registering cyber-crimes. The regional states of Punjab, Haryana and Himachal Pradesh were lower in the pecking order.

Tackling Cyber Crime

Several measures such as formulating new policies, setting up security centres, increased surveillance and monitoring, issuing advisories and devising standard operating procedures have been initiated to protect information and information infrastructure, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities, and minimise damage from cyber incidents, but there are shortcomings such as financial constraints, an acute shortage of resource persons and domain experts ,and inadequate research in academia.

Increasing attacks on cyber security systems

The policy times

How cyber security products and services are expected to pan out

The study estimates that the market for cyber securityproducts in India will grow at a higher rate thanthat forservices. The existing portfolio of cyber spending will changewith products becoming dominant,as organisations investmore in products powered by specialised technologies.Artificial intelligence (AI) and machine learning (ML)applications are being embedded into the cyber suite ofofferings—especially in security intelligence, detectionand response (IDR), endpoint security and security testing.

The key use cases stem from the ability to use predictiveanalytics and heuristics in drawing quickstatisticalinferences, thereby helping in detecting and lesseningthreats with optimised number ofresources and savings. Anatural outcome of such developments is the emergence ofproducts and platforms specialising in these areas.

While the products market is estimated to grow at a CAGRof 16.9% over three years and reach USD 1.64 billion by2022, the market for cyber security services will grow toUSD 1.41 billion by 2022, at a CAGR 14.2%.

Gradual shift in favour of cyber security products

As per study estimates, the cyber security market in India isexpected to grow from USD 1.97 billion in2019 to USD 3.05billion by 2022 at a CAGR of 15.6%—almost one and halftimes the global rate.

  • As organisations strive to bring technology and skilled resources together in the most cost-effective way to counter growing cyber security threats, a mix of products and services will contribute to the growing demand within organisations.
  • The products segment slightly dominates the overallportfolio in 2019, and it is expected to remaindominant during the forecast period attributableto improved product innovations and prescriptiveregulations.
  • The study shows an increasing trend amongstorganisations to invest in tailored cyber securitytechnology for their specific needs, besides proactivelyincluding security as an investment in annual budgets.

Products & Services

Steady growth is estimated in both the segments, withcyber security products growing at 16.9% CAGRandservices at 14.2% CAGR. However with technologyinnovation, the scale is slightly tilted in favour of cybersecurity products, which occupy a wider market share ascompared to cyber security services.

The analysis reveals that market contribution of cybersecurity products to the overall demand willincrease from52% of the mix in 2019 to 54% by 2022.

  • Within products, data protection and endpoint security will see relatively higher growth (network security, identity and access management, and security intelligence, detection and response [IDR] make up the rest of the market for this study). The growing popularity of connected devices, bring your own device (BYOD), and IoT technologies is projected to increase impact in the endpoint segment. Regulations and increasing volume of data are driving interest in data security.
  • Within services, incident response and security testing are slated to be the core services fuelling demand (security consulting, security implementation and security operations make up the rest of the services pie for this study). Increasing breaches and the need to integrate testing as a significant part of the development lifecycle are anticipated to propel this segment’s growth.

    Cyber Security Products

    Growth of the Cyber Security products market in India

    The cyber security products market in India is expected to grow at a CAGR of 16.9% by 2022. The cyber security products market has been classified in five categories, viz. datasecurity, endpoint security, network security, identity and access management, and security Intelligencedetection and response (IDR).

    • Data security products are growing at thefastest rate, due to the expected regulatoryevolution andfocus on security and privacyof data.
    • Endpoint security products are alsogrowing faster than the overall marketmix for cyber securityproducts. This islargely driven by concern among enterpriseexecutives to safeguard the starting pointfor most high-profile endpoints.
    • Security IDR will continue to be the mostdominant product category, occupying 32%of the productmix. This is due to the needfor continuous innovation and automationin this space such as, threatintelligencecapabilities, integration of governancerisk compliance (GRC) capabilities, userbehaviour analytics, use of big dataand statistics to facilitate quick incidentresponse.

    Cyber Security Services

    The cyber security services market hasbeen classified in five categories for clearerunderstanding, viz.security consulting,security implementation, security testing,security operations and incident response:

    • Security testing is expected to grow at the fastest rate due to rapid digitisation, increase in the number of connected devices and increased integration between information technology and operational technology.
    • Incident response related services are growing due to increase in number and complexity of security breaches. Organisations proactively resort to cyber forensics to address vulnerabilities in security systems, post a breach.
    • Security operations continue to be the most dominant service category, occupying 38% of the service mix. Organisations are investing in services for visualizing new threats, monitoring them continuously, adhering to compliance guidelines and defusing potential breach incidents in the consistently widening zone of cyberthreats.

    Security operations to remain the largest amongst Cyber Security Services

    It is expected that thesecurity operations marketin India will grow fromUS$367 million in 2019to US$533 million by2022, at a CAGR of 13.3%and occupy 38% of India’scyber security servicesmarket.

    • Cyber-attacks have evolved and increased in volume over the years. Attacks have become sophisticated in nature and types of attacks such as APT, Zero Day, malwares, multi-vector attacks have become common, targeting core infrastructure such as ATM switches, payment interfaces.
    • Increased expectation from security systems to reduce response time, contain and remediate security incidents. For example, ransomware, is a threat that can get exponentially worse with time.
    • 37% of respondents said that they will increase their spend on security operations services to stop loss of intellectual property, frauds, leakage of customer data and other sensitive information.
    • Niche security technologies are looking to automate repeatable tasks, streamline workflows and orchestrate security tasks due to shortage of staff.

    Effective incident response is the key to Effective Cyber Security in the era of Inevitable Cyber Breaches

    The incident response andforensics services space inIndia is expected to growfrom US$48 million in2019 to US$75 million by2022, at a CAGR of 16.3%.

    • Nearly 77% of the respondents were looking toincrease their expenditure in the areas of cyberforensics and incident response.
    • There was a threefold increase in reported cyberincidents last year and cyber-attacktrends suggest further increase in such incidents,fuelling the need for enhanced incidentresponse services.
    • With technology landscape becoming more complexand varied, there is an increased focus oninvestigationof digital breaches and preservation of evidence.
    • There is an increasing need to follow due regulationswhile reporting security breaches – forexample,making it mandatory for data fiduciary in case of personal data breach.
    • Organisations are looking at ensuring they have anactive retainership arrangement for incidentresponseservices.
    • More organisations are expected to engage oncompromise detection to proactively identify breaches.

    Sectoral Analysis

    BFSI, IT/ITeS and Government are the top 3 sectorswith the largest market share in cyber securityexpenditure in India.

    The BFSI sector accountsfor 26% of the totalexpenditure in the cybersecurity market. Thesector is expected toincrease its expenditureto US$810 million fromthe existing US$518 million by 2022, at a CAGRof 16.1%. The growthcan be attributed toseveral factors such astightened directives fromregulators, rapid adoptionof technologies like digitallending, utility payments,e-commerce, onlineinsurance marketplacesand mobile banking—to drive operationalefficiency and customerconvenience.

    Digital disruption has forced companies to take a look at their digital strategies.

    • Digital payments in India will increase from US$64.8 billion in 2019 to US$135.2 billion in 2023, at a CAGR of 2%.
    • Innovation in payments technology using AI, blockchain, IoT and real-time payments, and the introduction of mobile point of sale (POS) devices has also contributed to the growth of potential security risks.

    The nature of services provided by the BFSI sectorhas resulted in the sector being governed by detailedprescriptive guidelines and regulations.

    • Regulations are becoming ‘granular’ and ‘tighter’ and at the same time, more segments of regulations are coming into the ambit.
    • Risks due to usage of legacy systems and applications remain high, but regulators are also considering risks being brought by emerging technologies to the BFSI sector.
    • Increased enforcement of cyber security laws andrules. For example, between January and February2019, the RBI levied stringent fines (USD ~10.16 million)on 36 public, private and foreign banks for noncompliance with cyber security rules.

    Cyber-attacks in the BFSI sector have evolved from merely being about cyber-crime to efforts in crippling the economy.

    • Sophistication of cyber-attacks are increasing as financial institutions (FIs) continue to learn and bounce back from less sophisticated attacks.
    • Hackers are exploring new attack channels and deploying multi-vector attacks.
    • In-order to maximise returns from cyber-attacks, hackers are increasingly targeting ‘core banking systems’.

    Threats and awareness on privacy are driving the demand forcyber security in the IT and ITeS sectorThecyber security spendin the IT/ITeS sector isexpected to grow fromUS$434 million in 2019 toUS$713 million by 2022,at a CAGR of 18% – thehighest among all sectors.

    Cyber threats have become a major challenge in the IT/ITeS sector as:

    • Adversaries are targeting IT and software supply chains to infiltrate into secured corporate perimeters, exploiting vulnerabilities in open source components utilised during system development.
    • Hackers are targeting this sector to get access to the ecosystem of global clients they serve.
    • Besides a dent in their reputation due to exposure of client data, IT and ITeS organisations also stand the risk of facing backlash from multiple global regulations such as General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).

    It is estimated that by 2021,there will be 1.5 networked devices per individual. Withthe IT sector beingone of thelargest employers globally,there is a huge upsurgeexpected in the number ofend points,which have latelybeen identified as the mostvulnerable point of entry forcyber-attacks.

    IT/ITeS organisations store plethora ofvaluable client information and are hencetargeted by cyberhackers. Many of theseare caused by targeted or unintendedsecurity exposure of client informationdue to security risks owning to distributednature of the services supply chain. Thissector grew the fastest at a CAGR of 18%.

    Government’s push for cyber security is largely driven by the Digital India initiatives

    The cyber security marketin the government sectoris estimated to grow fromUS$395 million in 2019toUS$581 million by 2022,at a CAGR of 13.8%. Thisgrowth is primarily drivenby increased focus ondigitisation of governmentsystems and risingcyber-attacks on criticalstate infrastructure.

    Digital delivery of services is transforming the waycitizens interact with the government. Some of themajor digital services provided by the Government ofIndia are:

    • More than 275 government services are leveraging 24 billionAadhaar enrolments to provide benefits to citizens. Digital inclusion has been enhanced with 337 million Jan Dhan accounts and 93 million health insurances already linked to Aadhaar.
    • 12 lakh Common Service Centres (CSCs) have been established to bring e-services (such as Permanent Account Number [PAN], passport services, etc.) to the doorstep.
    • The smart cities project is using technology to improve the ease of living of citizens through smart water management, smart waste management, smart traffic management, smart command and control centre to name a few.

    The threat landscape is now changing fromdefacement of websites to attacks on critical stateinfrastructure from state actors to destabilise thecountry.

    • The threat spectrum in the government sector is verywide, ranging from state actors motivated towagecyber wars to hacktivists pushing their own agenda.
    • The government is highly prone to cyber espionage asadversaries are not just aiming to obtain statesecrets,but also access citizens’ personal data.
    • Cyber-attacks can hurt the economy, derailing Indiafrom its projected growth trajectory and worsenrelations with our neighbours.

    Government’s strong commitment to cyber securityis resulting in prescriptive mandates andguidelines.Some steps taken by the government to addresscyber security issues are:

    • Formulating new regulations related to cyber securitysuch as a new National Cyber Security Policy,theupdated IT Act, the Personal Data Protection Bill, theDigital Information Security in Healthcare Act (DISHA).
    • The Ministry of Electronics and Information Technology(MeitY) asking all ministries to spend 10% oftheirIT budgets on cyber security and suggesting theappointment of Chief Information SecurityOfficers (CISOs) in each ministry.
    • Steps taken by state governments to strengthentheir security setup, including mandates such asCISO appointment, defined security budget, securitymonitoring

    Healthcare and energy are two sectors likely to fuel the growth driven by need for privacy and safety

    The cyber securityspend in other sectorsis expected to growfrom US$630 million in2019 to US$949 millionby 2022, at a CAGR of14.6%. The major sectorsunder this ambit includeenergy, healthcare andautomotive. This growthcan be attributed to rapidadoption of emergingdigital technologies,increased cyberthreatsand upcoming regulations.

    Globally, the healthcare sector is one of the keysectors and second only to BFSI in driving the cybersecurity market. In India, the sector has not beenprimarily targeted by hackers, so far. However,the recent developments with regard to use oftechnology are expected to increase demand of cybersecurity safeguards in the sector.

    • Schemes such as Ayushman Bharat have kick started the digitisation of health records. Under the scheme, more than 5 million e-cards have been issued so far.
    • The government is in the process of formalising the Digital Information Security in Healthcare Act (DISHA) and has already released a draft version for the same. The Act will promote and adopt e- health standards, as well as enforce security and privacy measures for the electronic health data.

    India is on the cusp of digitalhealth transformation, whichin turn will increase the threatlandscape,driving expenditureon cyber security in this sector.

    Energy Sector

    Energy is another key sector (including oil andgas, power and utilities) in which cyber securityexpenditure is expected to increase. Some of theareas in the energy sector where use of technologyand cyberthreats are growing are:

    • Adoption of smart meters, advanced metering infrastructure and decentralised renewable generation (DER) are increasing the attack surface for data theft, fraud, tampering and man-in the middle (MITM) attacks.
    • Use of drones to track vast pipeline networks in order to detect leakages has reduced the clean-up cost, but also opened the sector to newer forms of attacks. Additionally, increased usage of virtual reality and augmented reality is increasing the threat landscape for the energy sector.

    The Ministry of Power has mandated a CISO position for allutilities, released as per Indian Standard IS16335 (SecurityStandard for Power Systems). The Ministry has also notifiedinformation sharing anddirected relevant bodies to setup analysis centres. The Central Electricity Authority (CEA)is developing acyber-security manual for auditing powerutilities.

    Automobile Sector

    The automotive industry is facing an inflectionpoint—as risks for cyber security, privacy and safetywill increase with internet connectivity in the sectorand automotive products becoming commonplace.

    • Developments in automobiles, such as the emergence of connected cars (internet-enabled) and predictive maintenance (using telematics), are only expanding the cyber threat surface.
    • Mobility as a service (rise of shared cabs) is collecting data about drivers, passengers, destinations and routes, thereby leading to increased concerns on privacy.

    The automobile ecosystem has used technology totransform into an integrated supply chain. On onehand,this has helped in reducing cycle time and improving rateof manufacturing; on the other, it hasalso resulted inincreased threat for intellectual property rights (IPR).


    Several essential parts of our critical information infrastructure, whether they be in banking, energy or telecom, are owned by the private sector.Be it a cloud computing architecture or a VPN server, the owners and operators of critical infrastructure need to have a stratified information sharing mechanism with the government given the varying degrees of maturity in security practices among different entities.In India, the remit of public private collaboration has been fairly limited to just the context of education and awareness programs, such as the Cyber Shikshaa project for skilling women engineering graduates. This must be expanded towards creating self-governed coordinating sector councils known as Information Sharing and Analysis Centers (ISACs) that facilitate early warning systems and crisis management, not just within these sectors, but as cross-sectoral coordination.

    The synapse between the COVID-19 pandemic and cybersecurity imperatives can be addressed with a call to action that the new Cyber Security Strategy on the anvil can address. New red lines that have emerged only draws to us the reality that it isn’t possible to hermetically seal our societies or the networks. The new policy must be in sync with these modern realities and look to adapt to future disruptions, thereby reinvigorating trust and boosting our digital immunity.

the policy times

By Mr. Aditya Sekhar

Research Scholar in Smart Cities & Electronic Security System

The policy times

By Mr.Nisarg Bhushan Gagrani

B.Tech IIT, Financial Analyst