In today’s rapidly evolving digital landscape, the importance of cybersecurity cannot be stressed enough. In India alone, a company falls victim to cyberattacks every 11 seconds. By August 2024, nearly 60% of businesses globally had experienced a ransomware attack. On a global scale, we contend with 5.5 billion malware attacks annually and an astounding 6.3 trillion attempted breaches —an average of 6.5 attacks every second.
According to some leading research sites such as CRN India, ransomware poses a significant threat in India, with eight out of 10 enterprises confirming that they have experienced such attacks. Further, almost 40% of large enterprises in India have fallen victim to phishing email-led attacks. A striking 92% of all surveyed enterprises believe that operational disruption would be a significant consequence of a ransomware attack. This data present a compelling portrait of the digital landscape we navigate. While digitalisation brings substantial economic and social benefits, it also introduces unique challenges — much like any powerful tool — that we must be prepared to address effectively.
As cybercrime continues to evolve into a sophisticated enterprise, the need for robust cybersecurity measures becomes imperative. Effective cybersecurity demands not only the integration of cutting-edge technology and innovation but also the ability to navigate the complexities that accompany these advancements. The impact of cyberattacks on enterprises extends far beyond organisational boundaries, affecting individuals and communities. A recent ransomware attack on a company disrupted payment systems for 300 small, especially rural and cooperative banks across the country. As such incidents multiply, their repercussions on the nation’s economy and the financial well-being of its citizens are increasingly evident.
Shortage of skilled professionals
The rising prevalence of these threats also underscores the urgency to address the shortage of skilled professionals in the cybersecurity sector. India’s G-20 Sherpa and former NITI Aayog CEO, Amitabh Kant, recently unveiled a report that highlighted that over 1,16,000 cybersecurity incidents were reported in 2023, a significant increase from previous years. This alarming rise emphasises the pressing need for a larger, trained and skilled professionals to combat the challenges in an ever-evolving cybersecurity landscape.
According to a white paper from the World Economic Forum, India is home to nearly one-third of the world’s graduates in science, technology, engineering, and mathematics (STEM). Yet, 30% of the 40,000 job vacancies for cybersecurity professionals in 2024 remain unfilled due to talent shortages.
The current market for skilled talent offers a valuable opportunity for bolstering national security and enhancing economic growth. As cybercrime becomes more sophisticated, the Indian cybersecurity market is projected to grow at a compound annual growth rate (CAGR) of 18.33% from 2024 to 2029, as PwC India says, reflecting increased investment in cybersecurity measures by financial institutions.
The demand for cybersecurity professionals has surged in the South Asian region and the ‘Five Eyes’ countries (Australia, Canada, New Zealand, the United Kingdom, and the United States), driven primarily by rapid digital transformation. A report from the Data Security Council of India indicates that the country will need 1.5 million cybersecurity professionals by 2025.
Therefore, it is crucial to train future generations in cybersecurity fundamentals to capitalise on India’s demographic dividend. While India produces a wealth of technically skilled professionals known for their strong work ethic, ensuring that they are adequately equipped to tackle future challenges particularly in cybersecurity is essential. As a burgeoning hub for technology and innovation, India holds immense potential for developing its cybersecurity infrastructure.
As educational institutions collaborate with policymakers to expand opportunities in cyberspace, key areas remain where targeted growth can drive more impactful outcomes. The findings of the 2023 Ministry of Education report indicate that fewer than 30% of institutions offer comprehensive cybersecurity courses. And, even though these institutions offer cybersecurity courses in India, many need updated curricula that align with industry needs. Despite facing cyberattack challenges and accounting for 13.7% of all such incidents, India is emerging as a critical player in the global cybersecurity landscape. The PwC India report says that approximately 28% of global organisations have more than half of their cybersecurity teams based in India, with 17% housing over 75% of their teams there.
Models to look at in the world
India can learn lessons from countries such as the U.S. and Israel, which have developed unique curricula and methodologies to equip their youth with essential cyber skills. The U.S. National Initiative for Cybersecurity Education (NICE) framework provides a structured approach to education and skill development. At the same time, Israeli universities emphasise interdisciplinary studies that combine cybersecurity with fields such as Artificial Intelligence and data science. Although some Indian universities offer specialised courses in cybersecurity, there remains a substantial opportunity for hands-on training and exposure to real-world scenarios.
With India reporting at least 40,000 job vacancies in cybersecurity as of May 2024, and at least 30% of these positions requiring trained professionals, the urgency of addressing these gaps and taking positive inspiration from other nations and academic recommendations cannot be overstated.
While India has always focused on balancing and learning from global best practices, it has delved deeper into the realm of developing frameworks and mechanisms for cybersecurity strengthening. The National Cybersecurity Reference Framework aims to provide clear guidelines on roles and responsibilities in cybersecurity based on existing regulations. The Ministry of Electronics and Information Technology collaborates with technology companies to enhance cybersecurity training and skill development among government officials, which is crucial for improving the skills of learners and officials nationwide. Recognising the ever-evolving landscape of cyber threats, India is prioritising skill development initiatives through collaborations with educational institutions, industry certifications, and in-house training programmes. The rise in cybersecurity certification offerings, covering over 400 institutions, demonstrates a unified effort to cultivate local talent and address the increasing demand for qualified cybersecurity professionals.
Additionally, India’s government can draw inspiration from Israel’s heavy investment in research and development for cybersecurity. Increasing funding for research initiatives in this field is essential. Cybersecurity education should also encompass soft skills training, such as critical thinking and teamwork, as U.S. employers report that these skills are necessary for 75% of cybersecurity roles.
To establish a robust cybersecurity framework in India, we can constructively draw from global practices that have yielded positive results. For instance, New Zealand successfully created a cybersecurity infrastructure that provides employment opportunities for its youth while developing a curriculum suited to future challenges. Implementing incentives for educational institutions to expand their cybersecurity offerings is crucial, as is fostering collaboration between government and industry to enhance workforce development programmes that produce skilled professionals.
India can position itself as a regional hub
We must aspire to balance economic growth with national security and social considerations, guided by the Organisation for Economic Co-operation and Development’s recommendations on digital security strategies. Furthermore, India’s active engagement with the U.N. Cybercrime Treaty offers a platform for strengthening its legal framework and enhancing international cooperation. By drawing inspiration from initiatives such as the U.K.’s Cyber Accreditation Program and Singapore’s Cybersecurity Academy, India can strategically position itself as a regional hub, leveraging the projected $345.4 billion global cybersecurity market to export talent and stimulate economic growth. Revitalising historical educational development systems will further support these initiatives, fostering a comprehensive culture of digital security across the economy and society.
Comprehensive educational reforms must be prioritised to empower India’s cybersecurity workforce and unlock global opportunities. With fewer than 30% of institutions offering robust cybersecurity courses, India can expand its talent pool by incentivising course offerings and fostering public-private partnerships. As the global cybersecurity market is projected to reach $345.4 billion by 2026, India has a unique opportunity to balance national security with economic growth. By actively engaging in international cybersecurity initiatives, India can position itself as a leader in this dynamic field.
Harish Krishnan is Managing Director and Chief Policy Officer, Cisco India and SAARC. Aruna Sharma is former Secretary at the Ministry of Electronics and Information Technology (MeITY)
Published – December 14, 2024 04:20 pm IST