Budget 2025: Government’s Push for Cybersecurity in the Digital Economy

Cybersecurity is vital for the economic stability, citizen safety, and national security of a developing nation like India. India recognizes the need for channelized investments and budgets in cybersecurity due to its rapidly growing digital economy, complex infrastructures, diverse groups of citizens, added geo-political dynamics and evolving cyber threat actors and landscape.

The Union Budget 2024 demonstrated the Government of India’s recognition of the strategic importance of cybersecurity, with an allocation of over ₹1,600 crore dedicated to this critical area. Key allocations included ₹759 crore for cybersecurity capital projects, up from ₹400 crore in 2023, and ₹238 crore for CERT-In, compared to ₹208 crore in the previous year. Additionally, ₹52.8 crore was allocated for cybersecurity initiatives targeting women and children, while the National Mission on Interdisciplinary Cyber-Physical Systems received ₹564.46 crore, up from ₹435 crore in 2023.

Looking ahead to the Budget 2025, cybersecurity is expected to play an even greater role in India’s journey toward Viksit Bharat and Surakshit Bharat. Achieving this vision will necessitate continued incremental budget allocations, not only this year but in the years to come, to strengthen the nation’s digital infrastructure and resilience.

Let's consider the budget requirements and schemes taking a view through some of the key cybersecurity pillars of our country.

1. Critical Information Infrastructure (CII) Protection - Currently, NCIIPC and CERT-In hold overarching responsibilities for securing critical sectors such as power, banking, telecom, defense, and healthcare. While sector-specific regulations, such as those issued by SEBI and RBI, are comprehensive and well-regulated, some sectors, like energy, are still progressing in a similar direction. The CEA Guidelines 2023 set a strong precedent; however, enforcing compliance effectively will require budgetary provisions that support the full spectrum of compliance needs, particularly through investments tied to the energy transition.

2. Cyber resilience and Incident response - At a national level, there is a Cyber Crisis Management Plan (CCMP) augmented along with Cert-In's operations. We believe it's important to continue the increase in budget allocation to these initiatives, as more and more cybersecurity incidents will continue to affect the country's digital and connected infrastructure.

3. Legal and Policy Framework - The fundamental cyber laws like the sections under the IT Act 2000, Indian Penal Code (IPC), National Cybersecurity Policy (NCSP), and the most recent Digital Personal Data Protection Act (DPDPA) 2023 do set a baseline. We believe this will require continued and increased budget allocation towards enabling the enforcement of these laws and a robust governance mechanism. We believe that India should have increased budget allocation towards responsibilities to cover cyber risks and misinformation from online/digital platforms arising from advanced technologies such as deepfakes, AI-generated frauds, etc.

4. Cybersecurity awareness and Literacy programs - While initiatives like the Information Security Education and Awareness (ISEA) program and academic collaborations are in place, this area requires increased budget allocation due to the rising number of cyber incidents across both urban and rural regions. Highlighting the urgency of this need, data from the Indian Cyber Crime Coordination Centre (I4C) reveals that Indian citizens lost over ₹11,300 crore in 2024 due to stock trading scams, investment frauds, and digital impersonation. Hon'ble Prime Minister Narendra Modi also emphasized the growing threat of digital fraud in the 115th episode of his Mann Ki Baat program.

5. International collaboration - The Indian government actively engages in bilateral programs with countries such as the US, UK, Israel, and Japan to exchange threat intelligence and best practices and participates in the UN's Open-Ended Working Group (OEWG) on cybersecurity. We believe this collaboration should be extended to other nations to enhance the exchange of cyber threat intelligence. Many financial cyber fraud cases involve cross-border elements, with funds being transferred from impacted accounts to overseas accounts. This movement of funds significantly hampers investigations and limits the ability of cybercrime police centers to effectively assist affected citizens.

6. Protection of digital economy - According to former RBI Governor Shaktikanta Das, UPI transactions now account for 80% of all digital payments in India and have grown 90-fold over the past 12 years. Additionally, as per Telecom TV reports, India has 1.15 billion mobile connections and counting. This highlights the anticipated rise in digital payments and services through platforms like DigiLocker, DigiYatra, GSTN, Aadhaar, and others, which continue to play a pivotal role in India’s economic landscape. To safeguard the digital economy, an increased budget allocation will be crucial to secure digital payment systems and protect e-governance platforms from emerging cyber threats.

7. Technological advancements and R&D - With the proliferation of emerging technologies such as AI, quantum computing, and blockchain, it is imperative to allocate an increased and focused budget to combat potential cyber risks and mitigate their economic impact. Investments should focus on promoting the indigenous development of cybersecurity technologies, supporting or establishing cyber research centers to address evolving threats such as ransomware and IoT vulnerabilities, and funding cybersecurity startups through the Startup India initiative. These measures would help build a robust cybersecurity ecosystem capable of addressing emerging challenges effectively.

As cyber threats continue to evolve, we believe sustained investments in key cybersecurity pillars should remain a priority in the 2025 budget and beyond. These pillars are essential for strengthening and safeguarding India's critical infrastructure, ensuring the safety of its citizens, promoting national security, and driving the nation's digital ambitions forward.