Cybersecurity products, services double growth between 2019-21

The Indian cybersecurity services industry almost doubled from $4.3 billion in 2019 to $8.5 billion in 2021. The growth in Indian cybersecurity products was also substantial and grew from $740 million in 2019 to reach $1.37 billion in 2021.

These were the findings of a report by Indian IT industry body NASSCOM. It is a study of more than 100 cybersecurity product and services companies.

Of the analysed firms, 74% of the product and services companies leverage artificial intelligence and machine learning (AI/ML), while cloud and automation are driving innovation, the report said.

“The convergence of network security and cloud workloads is driving demand for cybersecurity. Customers are looking for secure functionality of business applications and are focusing on cost optimisation,” said Rajesh Dhuddu, VP and practice leader – blockchain and cybersecurity, at Tech Mahindra.

A lot of this business comes from overseas: services companies made 80-85% of their revenue from the global market. But the product companies’ revenues predominantly come from the Indian market, said 60-65% of those surveyed.

“India is growing its global footprint and enabling secure digital transformation of enterprises across the globe. Investing in a skilled employable workforce in India will pave the way for a robust cybersecurity talent and technology value proposition,” posed Santha Subramoni, who heads the cybersecurity unit at Tata Consultancy Services.

Managed security services was the leading segment at 63%, followed by cloud services at 58%. Data security was offered by 62% of the respondents, followed by cloud at 57%. In 2021, services companies have a cybersecurity workforce of 2.18 lakh.

The respondents’ key investment priorities are services, skilling talent and expanding the existing customer base. Products companies, on the other hand, would like to invest in R&D and marketing initiatives.

A great proportion of Indian cybersecurity services companies at 78% of those analysed offered platform-based services and nearly 76% product companies offer platform-based products.

Key trend driving the global cybersecurity spend was data privacy, which has taken a larger role in the security of organisations across all industries due to global data compliance laws.

Diverse factors are raising demand so dramatically in the sector. Regulatory frameworks by the government to adhere to industry standards is another prominent growth factor. The need to secure vendors, third-parties and sub-contractors in order to have a strong cyber and privacy posture is also driving demand.

The Covid-19 pandemic pushed the trend towards remote working as enterprise networks become borderless. This change is ramping up infrastructure, end point and cloud security spend. Tech research firm Gartner forecasted that 51% of global knowledge workers will be remote by the end of 2021.

“The pandemic had organisations focusing on remote working models and business continuity in the short term, which quickly transitioned into business resilience. We saw a shift in protection strategies from securing the perimeter to securing data,” said Samir Khare, vice president – APAC Cybersecurity at Capegemini.

Cybersecurity staffing and company-wide security training is a top priority. Well-trained cybersecurity professionals are in high demand and dependence on a more distributed workforce is creating a more critical need for them in 2021. Organisations are investing in cross-skilling employees and training fresh employees to specific cyber domains.

As per a report published by IBM, data breach costs increased from $3.86 million to $4.24 million, which is the highest average total cost in the last 17 years. The growth in edge devices without proper security and policy safeguards are increasing the attack surface and in turn increasing vulnerabilities.

Information technology, operational technology and industrial control systems (IT/OT/ICS) in the supply chain or critical infrastructures are particularly vulnerable if not secured properly. Legacy OT systems converging with IT infrastructure requires protection against cyber-attacks.

International Data Corporation (IDC), a market research company, predicts that there will be 55.7 billion internet of things (IoT) devices by 2025 that will generate 73.1 zettabytes of data.

With increasing regulatory attention and consumer awareness towards security breaches and attacks, large and medium enterprises are mitigating risk by security adoption. IDC expects worldwide security spending to reach $174.7 billion in 2024 with a CAGR of 8.1% over the 2020-2024 period.