When Dr Sanjay Bahl, Director General of CERT-In, recently highlighted that India’s cybersecurity ecosystem has evolved into a $20 billion industry powered by over 400 startups and 650,000 professionals, he captured something we’ve witnessed firsthand over our two decades in this field – India’s emergence as a serious global player in cybersecurity.
From our vantage point at eScan, working daily with enterprises, government agencies, and small businesses across India, we see this ecosystem maturing in ways that would have been unimaginable even five years ago.
The Double-Edged Nature of AI
Artificial intelligence has become both our greatest tool and our most significant challenge in cybersecurity. At eScan, we leverage AI extensively for threat detection and response, and we’ve seen how it simultaneously empowers both defenders and adversaries.
The recent Jaguar Land Rover ransomware attack illustrates this reality with stark clarity. Despite JLR investing £800 million in cybersecurity infrastructure, attackers used enhanced techniques to compromise their systems so thoroughly that global production stopped for over three weeks. The total economic damage reached £1.9 billion, with the UK government needing to provide a £1.5 billion loan guarantee to prevent supplier bankruptcies.
What made this attack particularly instructive was how attacks moved faster and adapted more quickly than traditional defense mechanisms could respond. This is the challenge facing every cybersecurity organization today – developing countermeasures that can keep pace with malicious AI-enabled attacks.
Real-Time Intelligence Sharing: Critical and Effective
India documented 147 ransomware incidents in 2024, and coordinated responses through CERT-In’s intelligence sharing framework significantly mitigated their impact. This coordination model has proven invaluable in our work.
When we detect novel attack patterns or indicators of compromise, the ability to quickly share this intelligence through established coordination mechanisms means other organizations can defend themselves before they’re targeted. Similarly, when alerts are issued based on tracked incidents, it gives us crucial head-start time to update our detection systems and advise our clients.
This intelligence-sharing ecosystem is one of India’s genuine cybersecurity strengths, and it’s a model that more effectively blunts large-scale attack campaigns than any individual organization could achieve alone.
Building Indigenous Capability
The focus on empanelling auditors, providing specialized training, and offering policy support for startups developing indigenous cybersecurity solutions addresses something we’ve long advocated – the need for India to build deeper domestic capabilities.
When Angel One suffered a breach exposing 7.9 million customers’ financial details, or when WazirX lost over $230 million, these incidents affected Indian organizations and Indian citizens. The responses required understanding local regulatory frameworks, business practices, and the specific threat landscape targeting infrastructure in India. Indigenous cybersecurity companies bring this contextual understanding that foreign solutions sometimes lack.
The 400-plus startups now operating in this space represent this growing capability. These aren’t just companies selling repackaged foreign technology – many are developing genuinely innovative approaches to problems that are particularly acute in the Indian context.
Supply Chain Security as National Infrastructure
Cybersecurity isn’t just about protecting individual organizations – it’s about securing the entire digital ecosystem that modern economic activity depends on.
The JLR attack endangered 200,000 jobs across its supply chain. When their systems were compromised, suppliers couldn’t deliver, logistics failed, and the economic damage cascaded through interconnected businesses that had no direct relationship to JLR’s cybersecurity posture.
India’s position as a major IT services provider globally means our cybersecurity affects not just Indian organizations but international partners who depend on Indian companies for critical services. Owing to international collaborations, our policies and actions on the cybersecurity front have global implications.
The Reputational Stakes for Indian IT
Recent cyberattacks affecting major clients of Indian IT companies underscore why building a trusted cyber defense architecture matters so urgently.
When Marks & Spencer and Clorox faced significant breaches while being serviced by Indian IT providers, the incidents raised uncomfortable questions about India’s cybersecurity posture in global service delivery.
Industry analysts estimate that for every cyberattack that becomes public, another six remain undisclosed to avoid negative publicity. As HFS Research’s team observed, the pressure has intensified on CIOs who must balance aggressive AI adoption with robust cybersecurity, knowing that a security failure can be career-ending and potentially sink the entire firm. For India’s IT services industry, which depends on being trusted partners in managing critical international client infrastructure, these incidents represent not just technical failures but threats to the competitive positioning that drives our digital economy.
The Path Forward
Building a robust cyber defence architecture through research collaborations, public-private partnerships, and international forums charts the right course. From our perspective as an OEM, the coordination mechanisms that enable rapid information sharing remain critical. When threats are detected, hours matter.
Equally important is maintaining support for indigenous innovation while remaining open to global best practices. India’s cybersecurity solutions should reflect Indian requirements and contexts, but we should also learn from and integrate proven approaches from around the world.
The $20 billion industry and the growth in startups and professionals reflect the strong evolution of India’s cybersecurity ecosystem. Leadership in coordinating rapid response and fostering indigenous capability development through organizations like CERT-In provides the framework that allows companies like eScan to be effective.
The challenges are significant – sophisticated adversaries, rapidly evolving threats, and the complexity of securing digital infrastructure operating at India’s scale. But working in coordination rather than isolation gives us the foundation to meet these challenges. India’s cybersecurity future depends on this ecosystem working together – government coordination, private sector innovation, skilled professionals, and a shared understanding that in cybersecurity, we’re all safer when we work together.
(The author of this article, Govind Rammurthy, CEO & Managing Director, eScan, views expressed in this article are his own.)
Also Read: 58% of retailers hit by ransomware paid the ransom: Report
