GROWING C Y B E R SECURITY INDUSTRYRoadmap for India
Copyright ©2016
Plot No 7 to 10, Sector 126Noida, Uttar Pradesh 201301, India Phone: 91-120-4990111Email: [email protected] [email protected]
First Print: 2016
Published byNASSCOM & DSCI
Designed & Produced byMKM CREATIVESPhone: 91-11-45538567
About NASSCOMNASSCOM is the premier trade body for the IT-BPM sector in India. It is a not-for-profit organisation and has emerged as the authentic voice of this industry in India. It is also the single reference point for all information on IT industry in India. NASSCOM publishes an annual edition of its Strategic Review to disseminate the latest status of the industry performance.
About DSCI
Data Security Council of India (DSCI) is a premier industry body on data protection in India, setup by NASSCOM®, committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI brings together national governments and their agencies, industry sectors including IT-BPM, BFSI, Telecom, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives.www.dsci.in
DisclaimerThe information contained herein has been obtained from sources believed to be reliable. NASSCOM and DSCI disclaim all warranties as to the accuracy, completeness or adequacy of such information. NASSCOM and DSCI shall have no liability for errors, omissions or inadequacies in the information contained herein, or for interpretations thereof.
The material in this publication is copyrighted. No part of this report can be reproduced either on paper or electronic media without permission in writing from NASSCOM and DSCI. Request for permission to reproduce any part of the report may be sent to NASSCOM ([email protected]) or DSCI ([email protected]).
Usage of InformationForwarding/copy/using in publications without approval from NASSCOM or DSCI will be considered as infringement of intellectual property rights.
FOREWORDHon’ble Prime Minister of India Shri Narendra Modi, at NASSCOM’s Silver Jubilee celebrations, urged the Indian IT Industry, to focus on addressing the global challenges of cyber security. On PM’s exhortation, NASSCOM & DSCI constituted the Cyber Security Task Force (CSTF) under the chairmanship of Rajendra S. Pawar, to develop a roadmap for India becoming a global hub in cyber security. CSTF with eminent leaders from Government, Industry and Academia, charted out a vision 2025 to “Grow the Indian Cyber Security Products and Services Industry to US$ 35 Billion, Create one Million Cyber Security jobs and 1000 Cyber Security Startups by 2025”. Recommendations were delineated across four pillars, to realize this vision, namely Industry Development, Technology Development, Skills & Policy.
Cyber Security domain, spanning products and services is a nascent Industry in India and with its current global footprint, can emerge as a key growth opportunity in the decade ahead. In order to develop a Roadmap for Growing the Cyber Security Industry in India, NASSCOM and DSCI partnered with Strategy& and PriceWaterhouseCoopers (PwC). The focus of this Report is on mapping the Global security landscape, exploring the opportunities worldwide, across geographies and various verticals. Global market analysis from both the demand and supply side is a key highlight of this Report. As Indian IT Industry embarks on this growth roadmap, the Report offers several learnings and best practices from key cyber security clusters across the world. We have endeavored to do an opportunity identification for India in both products and services and pivotal role for innovation by startups.
The Report also focuses on what measures can be taken by all key stakeholders – Government, Industry and Academia for India, to become a global hub in Cyber Security. Based on the analysis and the opportunities identified for India, initiatives are grouped across five key pillars: Clusters, Technology Creation, Demand Generation, Capacity Building and Policy & Regulations. Recent initiatives by the Government of India, such as the Make in India and Start up India campaigns, will surely supplement the growth of the Cyber Security industry.
The Report was developed under the guidance of a steering committee led by Rajendra Pawar who also led the Task Force for us. Stakeholder consultations with a wide cross section of enterprises in Banking, Telecom, Government, ICT Industry, Startup & Product entrepreneurs and Academia was a hallmark of this report development. Our research partner also tapped into their global network, to assess current market landscape and future opportunity potential.
We are confident the report will be valuable for members of NASSCOM & DSCI and global enterprises as they chart out their Cyber Security strategies. The Report also presents perspectives for Government of India & State Governments as they embark on policies for making India a preferred global destination for cyber security. India’s growth story as a global powerhouse in the Information Technology services space is exceptional and it has emerged as the epicenter of global IT services. It continues to reinforce its position, as a partner of choice, for customers across the world. With its global reach, skilled IT workforce and growing startup base, India is destined to carve out a niche for itself, in Cyber security industry as well.
R. Chandrashekhar President NASSCOM
Rama Vedashree CEO DSCI
AcknowledgementNASSCOM-DSCI partnered with Strategy& and PricewaterhouseCoopers (PwC) team to work on this report “Growing Cyber Security Industry, Roadmap for India”. Our sincere thanks to core members of Steering Committee who provided their valuable inputs regularly in shaping the roadmap and recommendations - Former CEOs of DSCI: Kamlesh Bajaj and Nandkumar Saravade; Industry Leaders: Atul Kunwar (Tech Mahindra), R Guha (Wipro), Renju Varghese (HCL), Siva Sivasubramanian (Bharti Airtel), Murli Mahalingam (ICICI Bank); Security product entrepreneurs: Hemal Patel (Founder, Cyberoam) and Sanjay Deshpande (Founder, Uniken). We also thank Satish Thiagarajan (TCS) and Sanjay Bahl (CERT-In) for their support in this initiative. We also acknowledge contributions and insights from many members of NASSCOM and DSCI.
All steering committee efforts were led by Rajendra S Pawar, Chairman and Co-Founder NIIT Group, and Chairman of NASSCOM-DSCI Cyber Security Task Force, who guided and steered the group all along. We would like to convey our sincere thanks for his leadership and contributions of all the committee members.
From the Strategy&-PwC team, we would like to thank Ashish Sharma, Partner, Strategy& who led the effort with Sivarama Krishnan, Partner, PwC along with their team Nitin Arora, Vipul Bansal and Abhishek Chhonkar for executing this project.
On behalf of NASSCOM-DSCI, we would like to express our gratitude to all the individuals and firms for their valuable insights without which this report would not have been possible.
A special acknowledgement to the NASSCOM-DSCI team - Vinayak Godse, Rahul Sharma, Aditya Bhatia, Achutya Ghosh and Diksha Nerurkar for their efforts in pulling this report together. Special thanks to Sangeeta Gupta for her insights in developing the report.
Executive Summary
Growing Cyber Security Industry: Roadmap for India10
IntroductionAn increasingly interconnected world is characterised by the proliferation of digital identities, and the adoption of digital technologies and processes (with social, mobile analytics and cloud as key components). While such technologies have changed everyday life and revolutionised the way businesses and governments run, their adoption and continuous evolution have brought a multitude of vulnerabilities to the fore and increased the potential impact of a cyber-attack exponentially.
Executive Summary
Cyber Security Evolution
Figure 1: Evolution of cyber security
Cyber security Evolution
Virus protection focused on ensuring that IT systems and devices performed as expected
IT and network security focused on the protection of the device and the information assets passing through the network
Cyber security & information assurance has taken a more comprehensive system, data and mission assurance role
Evolution of Operational Risks and Types of Security Focus
Virus Protection 9/11 War against terrorism
Start of Internet era
EU – Data Protection Directives
Major damage incidentsthrough intrusions (viruses, worms, denial of service attacks)
Evolvement of Connected economy
Open source technology
Increased awareness forinsider risks, intellectual property
Increasing trendtowards Business Process Outsourcing / IT-OutsourcingY2K
Stuxnet
Organized industrial espionage
Internet and web service attacks
E-commerce boom
Basel II –FinancialServices Worldwide
Increased need for clear governance, COBIT framework
Integration of Business and ITArchitectures
Extended Enterprises
IT & Network Security
Cyber security &Information Assurance
Mobile Business
1995 2000-2003 2003 to date
Evolving business modelIncreasing regulatory requirement Emerging threat
Growing Cyber Security Industry: Roadmap for India 11
Unlike cyber adversaries of yesteryears, attackers today are highly motivated, well-funded and technically advanced. Recent attacks, such as that on a leading media and entertainment company by a nation state, exemplify how cyber-attacks have evolved drastically over the years.
The evolving nature of attacks and motives behind them pose a threat not only to national initiatives such as smart cities, e-governance and digital public identity management, which rely extensively on information and communication technologies, but also to
Figure 2: Growing connectivity and digitisation
enterprises and consumers; e.g., while consumers demand the benefits of connected cars such as connection to the internet, Vehicle-to-Vehicle (V2V) connections and Vehicle-to-IoT (V2IoT), only few are willing to pay to secure connected cars; therefore, the onus of security lies on automobile manufacturers.
Consequently, demand for cyber security solutions stems from a host of audiences, with varying requirements, ranging from warfare, espionage or national defence to the protection of intellectual property and employee, customer, and personal information across all industries (e.g., financial services, telecom, infrastructure, transportation, healthcare, etc.).
Global Market AnalysisThe analysis of the cyber security market encompasses two primary dimensions — demand-side trends that influence future growth, and products and services that constitute the supply side.
The demand side further comprises focus industry verticals and major geographies. The supply side defines the various cyber security products and services in the market, capability requirements for different product and service categories, and types and strengths of different players.
Cyber security comprises a host of products and services tailored to address the specific needs of various industry verticals. Examples of some of the needs across various industry verticals are covered in the chart above. Further, cyber security products are split into six main categories:
1. Identity and access management (IdAM)
2. Endpoint security
3. Web security
4. Messaging security
5. Security and vulnerability management (SVM)
6. Network security
On the other hand, services are divided into four main categories:
1. Implementation
2. Managed security services (MSS)
3. Consulting
4. Education and training
Power Grid
Transport
Housing
Traffic Control
End Users
Financial Institut.
Healthcare Institut.
Power Plant
Ubiquitous Connectivity via Cyberspace
Increased Digitization
Cloud
Growing Cyber Security Industry: Roadmap for India12
Demand-side market analysis
The global cyber security market is expected to reach approximately 190 billion USD by 2025 from 85 billion USD today, and will be driven primarily by increasing digitization wave and smartphone penetration.
Enterprises and the government constitute a major share of the market – e.g., in the UK, they contribute to approximately 80% of the market. While small and medium-sized enterprises (SMEs) currently represent a smaller pool, they are expected to demonstrate the highest growth rates, driven by increased awareness and vulnerability to cyber-attacks, adoption of platforms such as bring your own device (BYoD) and increasing affordability of MSS.
The market is expected to grow at a compounded annual growth rate (CAGR) of 8.2% from 2015–2025. Key demand drivers include increasing IT spend, internet of things (IoT), digitisation and smartphone penetration leading to newer attack surfaces & ever increasing number & sophistication of cyber threats.
Cyber security products constituted a 38-billion USD market in 2015. Network security will emerge as the most attractive product segment by size, while security and vulnerability management has the highest growth prospects across various geographic regions. Messaging security and web security are product groups with low growth prospects. Network security, IdAM and SVM are the top product segments by size and growth prospects, and are expected to contribute around 75% of the overall product market by 2025.
While the overall cyber security market is dominated by North America and Europe, as reflected in the Figure 7, the growth is driven primarily by APAC and Latin America (in that order). In North America, network security is the largest product segment, also registering the highest growth. On the other hand, in the APAC region, security and vulnerability management is the highest growing segment and network security represents the largest segment.
Cyber security services constituted a 41-billion USD market in 2015. MSS is the most attractive segment both by size and growth. It is expected to hold over 55% of the overall cyber security services market by 2025 and is expected to grow at a healthy CAGR of approximately 12%. Increasing complexity of security solutions and lack of in-house expertise and budget constraints are the key growth drivers for demand of MSS.
Figure 6: Global cyber security market projections
Market Growth Drivers R2 correlation
GDP 90%
IT spend 94%
Smartphone Penetration 90%
Internet Penetration 98%
Mobile Phone Penetration 99%
Internet of Things (IoT) 93%
eGov Index Data N/A
Talent Pool Data N/A
55423880
624641
98
+8.2%
2025
18710
2020
5
1247
2016
946
2015
85
ProductsR&D Market Services
Global Cyber Security market (US$ Bn) Correlation with demand drivers
Growing Cyber Security Industry: Roadmap for India 13
Supply side market analysis
Global supply of security products can be broadly categorized into six key segments - identity and access management (IDAM), endpoint security, web security, messaging security, security and vulnerability management (SVM) and network security. Type of security vulnerabilities differ by the layer in the Open Systems Interconnection model (OSI model) and hence requires appropriate control measures that form the basis of different Cyber Security products
The cyber security product value chain is very similar to IT product development; however, there is a higher focus on market insights to ensure competitive advantage and partnerships with large IT companies, original equipment manufacturers (OEMs), etc., as a channel for go-to-market (GTM).
Figure 8: Global cyber security market projections by product segments
13 18286 7
9
14
67
10
18
9
12
7
55
4
5
55
80
2025
+7.5% 3
3
2020
55
2016
42 33
22
2015
38
22
Market Split by Product Segments(US$ Bn)
Others
Web Security
Messaging
End Point IAM
NetworkSVM
8.9%
11.2%
8.8%
CAGR(2015-25)
2.5%
6.2%
Figure 11: Global cyber security market projections by service segments
18 2131
5614
15
18
23
11
16
98
22
62
46
98
+9.0%
202520202016
2
2015
41
2
Integration Managed Serv.ConsultingEducation & Trg.
12.1%
4.6%
7.3%
5.2%
Market Split by Service Segments(US$Bn)
CAGR(2015-25)
Figure 14: Cyber security market projections by verticals
Figure 15: Cyber security market projections by region
30 32 4054
17 1925
35
14
18
27
19
18
12
12
1411
4
44
88
86
5
2015
80
76
2020
117
97
7
2016
+8.3%
2025
177
GovernmentManufacturing
BFSIICT
Retail
Healthcare
Others
6.2%
9.8%
8.2%
7.6%
Market Split by Industry Verticals(US$ Bn)
CAGR(2015-25)
9.0%
9.7%
28 29 3646
24 2736
5417
19
29
54
1112
16
228.3%
2025
177
2020
117
2016
88
2015
80
North AmericaEuropeAPACRoW
4.9%
6.4%
12%
8.1%
Market Split by Region(US$ Bn) CAGR
(2015-25)
Growing Cyber Security Industry: Roadmap for India14
Market insights and R&D are essential for a supplier to keep himself updated on latest security threat landscape and upgrade/modify products accordingly. Apart from common capability requirements such as R&D, GTM, after sales services – differential technical capabilities (e.g., programming skills) are required in product development and engineering area (depending on specific product segment).
Supply-side players can be classified into six broad categories based on capabilities:
1. IT companies: Global IT companies with security as one business segment
2. Pure-play security firms: Firms with cyber security as their primary business and offerings across many product or service segments
3. Niche product players: Firms with focus on a specific security product offering
4. Consulting firms: Management or technical consulting firms with a cyber-security practice
5. Pure-play service firms: Firms which only focus on providing end-to-end security services
6. Telcos: Large telcos with service offerings for cyber security
Companies do not usually straddle across product groups by developing capabilities in-house; consequently, the industry is driven by immense merger and acquisition (M&A) activity (also for faster go to market). Larger cyber security companies acquire newer companies to increase their presence in the market, expand their portfolio, and develop new functionalities in their existing products.
The GDP, government spend, and digitization of a country shows a clear impact on the size of the cyber security market.
Through PwC Strategy&’s digitization index study and GDP per capita data, a clear threshold value segregates ‘developing’ markets from ‘mature’ markets. Almost all markets with a digitization index of above 60% have a much higher cyber security market per capita.
OperationsMaintenance and Support
Implement & System
IntegrationGo-To-Market
Product development &
engineering
Market insightsand R&D
• Provide hosting services for applications
• Provide Software as a Service (SaaS) interface (where applicable)
• Security response and market monitoring: Conduct market research to gather information on new types of threats and evaluate how products need to be upgraded accordingly
• Program software applications and IT services– Design
services and packages
– Create software applications
– Test applications
• Strong partnership element: Working jointly with System integrators, large IT companies, OEMs, telecom operators, etc. for branding, sales and better product development
• Install applications at client site
• Implement, configure and / or customize software solutions and applications
• Integrate newly deployed solutions within client application portfolio environment
• Development of software upgrades
• Release of patches to address specific threats
• Management of service level agreements
Cyber Security – Product development value chain
Varies by product type Key differentiator and barriers to entry
Figure 23: Cyber security product value chain
Growing Cyber Security Industry: Roadmap for India 15
Figure 28: Impact of digitisation and GDP per capita on the cyber security industry
Figure 29: Impact of digitisation and government spending on the cyber security industry
Bubble size depicts the size of the cyber security market per capita
(US$, 2014)
Developing
Mature
Impact of digitization and GDP per capita on cyber security industry
100
80
60
40
70,00060,00050,00040,00010,0000
China
Brazil
India
Japan
GDP per Capita (US$)
UK
Australia
Dig
itis
ati
on
In
de
x1)(%
) Canada
Germany
US
Russia
Bubbles size depicts the size of the cyber security market per capita (US$, 2014)
Recently started investing in Cyber security, budget earmarked for 2015-16
Impact of digitization and government spending on cyber security industry
80
0
40
1,700 1,800600500400300200100
100
60
Australia
Canada
Brazil
India
Germany
USJapanUK
Dig
itis
ati
on
In
dex
1)(%
)
Most of the developed countries form the part of mature grouping while BRIC (Brazil, Russia, India, China) nations are a part of a developing group, reflecting the growth opportunity available to be tapped in.
A closer look at the government spend (excluding defense and public spending on cyber products and services) on cyber security initiatives along with digitization index suggests that the US government clearly spent the highest on various initiatives to promote cyber security, followed by the UK. India is currently pegged lower on both digitization index as well as the current government spend, but could offer growth opportunities. Furthermore, above a digitization threshold, the government spend on cyber security initiatives has a minimal impact on the cyber security market per capita.
Global clusters and capability assessment
In order to assess the country’s capability in cyber security, four key dimensions–ecosystem, infrastructure, enablers and mechanisms need to be looked at.
Figure 30: Capability assessment framework
1
2
3
4
Description and scope of cyber security ecosystem
Analyzes the availability and quality of infrastructure to promote the cyber security industry
Analyzes enablers for promoting robust growth of the cyber security market
Oversight and regulation of the cyber security ecosystem
EnablersEnablersEcosystem1
2
3
4
Infrastructure
Enablers
Mechanisms
Capability Assessment Framework
Growing Cyber Security Industry: Roadmap for India16
Using the above mentioned framework, countries can be divided in three categories – leaders, challengers and aspirants. Availability of capital, incubators/accelerators and specialized infrastructure give leaders an edge. Additionally, leaders have been quick to incentivize companies in the field through numerous tax incentives, employee grant schemes, and R&D credits. Some countries have instituted programmes to identify talent at an early age, and provide them with additional resources to hone their skill – Israel’s ‘Magshimim Leumit’ programme is a leading example. The government’s focus on cyber security emerges as a key element – promoting it as part of the national security agenda has helped ease procurement norms for companies, boosting the industry significantly. Furthermore, incentives have helped in the creation of intellectual property, and development of niche skill sets, contributing to national employment and GDP in the country.
The extent of collaboration between the government, industry and academia, and policy and financing initiatives plays a huge role in the success of clusters. Currently, some leading cyber security clusters across the globe are outlined below:
• Greater Baltimore cluster (the US)
• The Hague Security Delta (HSD, Netherlands)
• Berlin-Brandenburg cluster (Germany)
• Beer Sheva (Israel)
• Ottawa cluster (Canada)
• The UK’s cyber security clusters
Figure 33: Country capability assessment dashboard
1
Overall rank
Country name Ecosystem Infrastructure Enablers Mechanisms Observations
2
3
4
5
6
7
8
9
10
11
• The US leads the industry, being home to both heavy weights and niche startups
– Tax breaks for startups and cyber security companies in regional clusters and large defense expenditure have contributed to its growth
• Specialized cyber security courses in universities and industry-academia collaboration emerge as common traits of leaders
• Government focus on cyber security emerges as a key element – Promoting it as part of the national security agenda as well its contribution to the national employment and GDP
Cyber Security Capability Assessment
Dimension average score
0 4 Scoring scale
United States of America
Canada
United Kingdom
Australia
Netherlands
Brazil
Russia
India
China
Germany
Israel
Challenger AspirantLeader
Growing Cyber Security Industry: Roadmap for India 17
Australia is also in the process of setting up its own cyber security cluster, which is called the Cyber Security Growth Center and is expected to be operational by late 2016.
Clusters formed at different points of time over the last decade and have developed to serve different target markets, have different focus areas (service or product/R&D) and vary in compositions from being dominated by large global players through Global in-house centres (GICs) and/or have numerous SMEs and start-ups. As clusters evolved, they passed through multiple model positions and moved to another as their composition and/ or focus areas changed.
Figure 45: Global cyber security clusters
US• Greater
Baltimore Cluster
• 10,000+ security contractors
Canada• Ottawa Security
Cluster• 180+ companies UK
• 16 Clusters• 600+ companies
The Netherlands• Hague Security
Delta (HSD)• 400+ companies
Germany• Berlin-Brandenburg
Cluster (SIGNUM)• 120+ companies
Australia• Cyber Security
Growth Center
To be operational by mid 2016
Currently operational
Israel• 5 cyber research
centers• 250+ companies
Figure 46: Cluster evolution paths
Israel
Cluster focus
HSD
UK Clusters
Baltimore
Ottawa
Berlin
Clu
ste
r co
mp
osit
ion
Cluster focus
Cluster Model Matrix
Pri
ma
rily
sm
all
p
laye
rs
Pri
ma
rily
la
rge
pla
ye
rs
Highly product oriented
Highly service
oriented
Pri
ma
rily
s
ma
ll p
lay
ers
Pri
ma
rily
la
rge p
laye
rs
Highly product oriented
Highly service oriented
• Dominated by large players, focusing on R&D and product development
• Dominated by large players, focusing on services
• Dominated by smaller players and startups, focusing on R&D and product development
• Dominated by smaller players and startups, focusing on services
• Has a balanced mix of large and small players, focusing on R&D and product development
• Has a balanced mix of large and small players, focusing on services
Hy
bri
d
Hy
bri
d
• Israel evolved from numerous cyber security startups, which were acclaimed globally in due course of time. Today, it is home to R&D centers of cyber security giants e.g., IBM, EMC
• HSD cluster was formed by 11 founding partners, primarily large demand and supply players, such as KPN, FoxIT, Thales, Capgemini
• UK clusters, were formed through informal association between various small companies located in proximity
Cluster Model – Current State
Clu
ste
r co
mp
osit
ion
Growing Cyber Security Industry: Roadmap for India18
An evaluation of the global clusters reveals that policy and financing incentives along with opportunities for skill development emerge as pivotal factors. The Greater Baltimore cluster, HSD and Beer Sheva region (Israel) have seen numerous tax incentives, which has led to the proliferation of numerous start-ups. This has also incentivized large global players to set up operations in the clusters. These clusters also have collaborations with the respective local academic institutions—University of Maryland (Baltimore), TU Delft and the Hague University of Applied Sciences (HSD) and Ben-Gurion University (Beer Sheva), which have not only supplied top-notch security talent but also provided opportunities for professionals to upskill and obtain certifications.
Figure 50: Global clusters evaluation
Policy and Financing
Domestic market
Infra. TalentCost
advantages
Product/ Service focus
Innovation dominance
Focus markets
Greater Baltimore Cluster
Services
Hague Security Delta (HSD)
Products
Beersheva (Israel)Products
Berlin-Brandenburg Cluster (SIGNUM)
Products
Ottawa Security Cluster
Services
UK Cyber Security Clusters
Services
Ecosystem variables Differentiators
1 2 3 4 5 6 7 8
Number of cyber security companies in the cluster
Evaluation of global clusters
While some clusters, such as Greater Baltimore, Berlin-Brandenburg and the UK clusters focus on satisfying local demand to a large extent, others such as The HSD and Beer Sheva are heavily export oriented.
Figure 51 illustrates the market focus of the clusters against the number of companies in the cluster. It is interesting to note that the Greater Baltimore cluster has a large proportion of SMEs (more than 50 employees), as compared to the HSD, which started with a larger proportion of large companies but now provides a host of services to promote start-ups and SMEs.
Bubble size represents cluster revenue (US$ bn., 2013)
Exp
ort
o
rien
ted
Do
m. m
ark
et
ori
en
ted
~600 ~10,000**
4.31.8
1.5
1.8
6.3
Ma
rket
foc
us
Berlin-Brandenburg
Beersheva (Israel)
Hague Security Delta
Greater Baltimore
Ottawa
Number of companies
UK Clusters
Focus markets and size
In Baltimore cluster, a large majority of companies are small in size (<50 people)
Revenue data unavailable
1
Figure 51: Global clusters: Focus markets and size
Growing Cyber Security Industry: Roadmap for India 19
Clusters have contributed immensely to the development of the cyber security industry in the respective countries, and creating successful clusters requires dedicated focus on strengthening prerequisites and differentiators discussed earlier.
Clusters promote the growth of cyber security start-ups, SMEs and large players through numerous funding and financing initiatives, tax breaks, incubators and accelerators and provisions to promote R&D. The growth is supported by the availability of niche cyber security skills in clusters, which are developed through a close collaboration between the industry and academia.
Opportunity areas in the cyber security market
Opportunities in the cyber security market are identified based on the growth of the respective product/service groups, their overall size and their job creation potential.
MSS, SVM and network security emerge as attractive opportunities globally.
MSS emerges as the most attractive opportunity, with highest growth (more than 12%) and largest market size (18 billion USD).
While SVM and IdAM are smaller in size, their potential for future growth makes them attractive.
Network security is another product group with above average industry growth rate and size. Although growth of implementation services is low, its large market size makes it important opportunity to address.
A deeper look at the industry verticals reflects a similar trend wherein the BFSI, government and manufacturing constitutes 80% of the overall market.
Given the key trends through global market analysis, analyzing the capabilities existing in India and the main global growth drivers identified over the next decade, target opportunities for India were identified based on ease of winning. Based on a combination of the ‘attractiveness’ of the opportunity, and the ‘ease of winning’ for India, MSS, implementation services, network security and SVM emerge as opportunities that India should target on priority.
Ease of winning – India
Competitive intensity
Non-R&D Investment required
R&D requiredCapability gapOverall score
Implementation Services
2.8
Managed Security Services (MSS)
2.6
Education & training
2.2
Security & Vul. Mgmt.
2.6
Security Consulting 1.9
Network 2.2
Messaging 1.6
IdAM 1.8
Web 1.7
Endpoint 1.8
Low
High
Lo
west C
om
petitio
n
Incre
asin
g E
ase
of W
inn
ing
Figure 56: Ease of winning for India
Growing Cyber Security Industry: Roadmap for India20
Conclusion
For India to become a global hub in cyber security, a list of 16 initiatives has been formulated as reference in Figure 18 below. These initiatives vary in terms of priority and should be pursued within the next five years. Effective program roll-out and strategic vision realization will require disciplined management of 16 key initiatives. In short, a substantial trajectory change is required by Indian cyber security industry to achieve its growth vision.
Opportunity identification framework
Cyber Security – Opportunity Initiative Framework
Cyber Security Initiatives
Policy & Regulations• Cyber Security
Stewardship• Policy, Regulations,
Incentives & Law• Continuous
Monitoring, Audit& Enforcement
1Human Capital Development• Governance• Skill Development
2Clusters
• Location Selection• Infrastructure
provision• International
collaboration• PPP Partnerships
4Financing
• Start-up funding• Incubators &
Accelerators
5Research, Innovation and Technology Development• Strategic cyber
security R&D• Development of dual
used technology• Mechanisms for
technology transfer
3
Awareness & Brand Building• General public and sector-specific programs and activities to foster awareness
• Global brand building – leverage “Make in India”, “Start-up India” initiatives
National & International Collaboration• Research & threat information sharing, technology expertise exchange6
7
Growing Cyber Security Industry: Roadmap for India76