The seven cyber security trends that the Indian market is expected to witness in 2020 are not predictions. They are logical extrapolations that tell stories about how the forces of change from a variety of sources – technology, economics, corporate strategy, government policy, and more, may together create a set of cyber security problems which would be different from those that we have witnessed so far.
In the first decade of the new millennium, India took several steps - like introducing of the Goods and Services Tax (GST), launching of technology-dependent Government programmes like Digital India, the Smart Cities Mission. As a result of heavy digitalisation, the cyberthreat levels have gone up by several notches. This is well-documented in the 2018 CERT-In annual report, which stated that there were 2,08,456 incidents of cyberattacks in India in 2018, compared to 53,081 in 2017 - a huge increase of 292%. The growing number of attacks and the increased risk exposure have been pushing the cyber security spending in India - a fact which emerges quite strongly in the report ‘Cyber Security India Market: What lies beneath’, which is based on a joint study conducted by PwC India and the Data Security Council of India (DSCI). The study says that the cyber security market in India is set to grow from USD 1.97 billion in 2019 to USD 3.05 billion by 2022, at a compound annual growth rate (CAGR) of 15.6.%. The growth rate is nearly 1.5 times the global growth rate of cyber security expenditure. Let us take a look at the seven cyber security trends we can expect to see in India in 2020:
- Privacy and data protection will stay in focus in 2020: The regulatory landscape for privacy and data protection is expected to reach a tipping point in 2020, forcing Indian organisations to comply with not only global regulations (e.g. the European Union’s General Data Protection Regulation) but also with the proposed Indian legislation – the Personal Data Protection Bill, 2019 (which was recently sent to a joint standing committee of the Parliament and is expected to be tabled in the Parliament soon), the Aadhaar Act, 2016, and other such regulations.
The PwC-DSCI report also reveals that data security products will grow at a CAGR of 22.2% in India. The growth will be the fastest in the world. The demand for privacy-related solutions is expected to pick up as organisations will compete to gain business advantage in this technological environment and avoid hefty fines or penalties for non-compliance. Organisations actively serving in other markets will spend to comply with critical regulations like the UK’s Privacy Protection Act, 2018, and the California Consumer Protection Act.
- Artificial intelligence and machine learning will provide extra security against cybercrimes: Advancements in artificial intelligence (AI) and machine learning (ML) will be powering the ‘cyber war rooms’ and helping organisations across sectors to protect themselves from cyberattacks, as well as detect, predict and respond to the same. On the flip side, cyber attackers too would be weaponising AI/ML to initiate attacks with record speeds and precision.
Businesses are expected to adopt tools and solutions embedded with AI/ML capabilities to keep threats and attacks at bay. The PwC-DSCI study also explores in detail the growing use of AI and ML in cyber security products. “Artificial intelligence and machine learning applications are being embedded into the cyber suite of offerings – especially in security intelligence, detection and response (IDR), endpoint security and security testing,” says the study.
- Demand for cloud security will be driven by increased adoption of cloud-based services: Almost all organisations will increase their expenditure on upgrading their security in their cloud environments because of the uniqueness of the threat actors on these systems. Organisations will be concerned to protect their cloud-based infrastructure and invest in people, processes and technology to fortify the layers of cloud-based networks, including insider threats.
Along with this, usage of cloud access security brokers (CASBs) and cloud workload protection platforms (CWPPs), are also expected to be adopted by more organisations in 2020.
- OT-IoT security will grab attention: The growing operational technology (OT) security risk to industrial entities which have recently embraced digitalisation to empower their OT environments by using interconnected systems, industrial control systems (ICS), industrial Internet of things (IIoT) and smart sensors, will put OT-IoT security into focus. Realising the gravity of the security risk, industrial organisations will enhance their investment in security of OT and IoT systems. Risks to OT-IoT security and their impending consequences will also increase regular sharing of cyber security intelligence and insights between organisations in 2020.
Government initiatives like the Smart Cities programme will continue to be the drivers for IoT security in India. IoT security will also percolate into other sectors, as the adoption of IoT systems grows beyond traditional applications and interconnectivity of networks becomes inevitable for greater visibility and efficiency.
- Renewed focus on building breach response capabilities: There will be increased focus on adopting security operations centres (SOCs) to strengthen breach response capabilities. The adoption of SOCs which are modern and boast of integrated incident response, threat intelligence and threat hunting capabilities will increase. Organisations will leverage emerging tools and technologies with built-in AI/ML capabilities and regularly practice and refine their breach response plans. This will be driven primarily by the need to protect the crown jewels, such as intellectual property, brand equity, business systems and data.
- Increased need for endpoint security: Organisations will begin to recognise the fact that most of the breaches today start at the endpoint, allowing threat actors to sneak into the company networks. The number of endpoints (including mobile devices) continues to rise and so does the business data being processed/stored in them. While threats like mobile malware seem to have a low direct impact on businesses, we do see an increase in the number of data breaches related to mobile device use and misuse. Every device used to access company systems is yet another endpoint for the organisation to secure. Organisations need to be careful and avoid deploying tools and solutions to solve an immediate problem or a single case. Rather, they should opt for solutions that can sustain themselves and also evolve with incoming threats.
- Training and upskilling workforce in cyber security skills and focus on cyber awareness of senior leadership will take the centre stage: The biggest cyber security challenge faced by Indian organisations is the shortage of adequately skilled cyber security professionals. A research done by the Information Systems Audit and Control Association (ISACA) in the past year demonstrates that 59% organisations worldwide have vacant cyber security positions. This is a sign of serious lack of professionals who have the adequate skills to work in the domain of cyber security. Realising the growing gap between demand and availability of cyber security professionals, organisations will be proactive with their reskilling and upskilling programmes. Existing employees will be incentivised to imbibe and acquire cyber security skills. Academia and industry will produce more cyber-dexterous professionals so that the growing demand could be met.
Organisations will also invest in cyber security awareness programmes to educate their senior leadership, management and board members, help them to understand and measure the impact of cybersecurity risks on their businesses. The move would enable organisations to set the tone from the top to brace for and fight against cyberattacks. In addition, since executives and board members will be able to realise how far the impact of cyberattacks can go in damaging organisations’ images, business growth and customer trust, they will keep sufficient room in the business strategy for cyber threats and risks, with appropriate budget and oversight, to work towards building strong and sustainable cyber security frameworks.
India’s cyber security landscape is going through an interesting phase and while the country’s cybersecurity needs are not different from that of the rest of the world, some of the issues faced require an unique approach.