GROWING C Y B E R SECURITY INDUSTRY - DSCI

GROWING C Y B E R SECURITY INDUSTRYRoadmap for India

Copyright ©2016

Plot No 7 to 10, Sector 126Noida, Uttar Pradesh 201301, India Phone: 91-120-4990111Email: [email protected] [email protected]

First Print: 2016

Published byNASSCOM & DSCI

Designed & Produced byMKM CREATIVESPhone: 91-11-45538567

About NASSCOMNASSCOM is the premier trade body for the IT-BPM sector in India. It is a not-for-profit organisation and has emerged as the authentic voice of this industry in India. It is also the single reference point for all information on IT industry in India. NASSCOM publishes an annual edition of its Strategic Review to disseminate the latest status of the industry performance.

About DSCI

Data Security Council of India (DSCI) is a premier industry body on data protection in India, setup by NASSCOM®, committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI brings together national governments and their agencies, industry sectors including IT-BPM, BFSI, Telecom, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives.www.dsci.in

DisclaimerThe information contained herein has been obtained from sources believed to be reliable. NASSCOM and DSCI disclaim all warranties as to the accuracy, completeness or adequacy of such information. NASSCOM and DSCI shall have no liability for errors, omissions or inadequacies in the information contained herein, or for interpretations thereof.

The material in this publication is copyrighted. No part of this report can be reproduced either on paper or electronic media without permission in writing from NASSCOM and DSCI. Request for permission to reproduce any part of the report may be sent to NASSCOM ([email protected]) or DSCI ([email protected]).

Usage of InformationForwarding/copy/using in publications without approval from NASSCOM or DSCI will be considered as infringement of intellectual property rights.

FOREWORDHon’ble Prime Minister of India Shri Narendra Modi, at NASSCOM’s Silver Jubilee celebrations, urged the Indian IT Industry, to focus on addressing the global challenges of cyber security. On PM’s exhortation, NASSCOM & DSCI constituted the Cyber Security Task Force (CSTF) under the chairmanship of Rajendra S. Pawar, to develop a roadmap for India becoming a global hub in cyber security. CSTF with eminent leaders from Government, Industry and Academia, charted out a vision 2025 to “Grow the Indian Cyber Security Products and Services Industry to US$ 35 Billion, Create one Million Cyber Security jobs and 1000 Cyber Security Startups by 2025”. Recommendations were delineated across four pillars, to realize this vision, namely Industry Development, Technology Development, Skills & Policy.

Cyber Security domain, spanning products and services is a nascent Industry in India and with its current global footprint, can emerge as a key growth opportunity in the decade ahead. In order to develop a Roadmap for Growing the Cyber Security Industry in India, NASSCOM and DSCI partnered with Strategy& and PriceWaterhouseCoopers (PwC). The focus of this Report is on mapping the Global security landscape, exploring the opportunities worldwide, across geographies and various verticals. Global market analysis from both the demand and supply side is a key highlight of this Report. As Indian IT Industry embarks on this growth roadmap, the Report offers several learnings and best practices from key cyber security clusters across the world. We have endeavored to do an opportunity identification for India in both products and services and pivotal role for innovation by startups.

The Report also focuses on what measures can be taken by all key stakeholders – Government, Industry and Academia for India, to become a global hub in Cyber Security. Based on the analysis and the opportunities identified for India, initiatives are grouped across five key pillars: Clusters, Technology Creation, Demand Generation, Capacity Building and Policy & Regulations. Recent initiatives by the Government of India, such as the Make in India and Start up India campaigns, will surely supplement the growth of the Cyber Security industry.

The Report was developed under the guidance of a steering committee led by Rajendra Pawar who also led the Task Force for us. Stakeholder consultations with a wide cross section of enterprises in Banking, Telecom, Government, ICT Industry, Startup & Product entrepreneurs and Academia was a hallmark of this report development. Our research partner also tapped into their global network, to assess current market landscape and future opportunity potential.

We are confident the report will be valuable for members of NASSCOM & DSCI and global enterprises as they chart out their Cyber Security strategies. The Report also presents perspectives for Government of India & State Governments as they embark on policies for making India a preferred global destination for cyber security. India’s growth story as a global powerhouse in the Information Technology services space is exceptional and it has emerged as the epicenter of global IT services. It continues to reinforce its position, as a partner of choice, for customers across the world. With its global reach, skilled IT workforce and growing startup base, India is destined to carve out a niche for itself, in Cyber security industry as well.

R. Chandrashekhar President NASSCOM

Rama Vedashree CEO DSCI

AcknowledgementNASSCOM-DSCI partnered with Strategy& and PricewaterhouseCoopers (PwC) team to work on this report “Growing Cyber Security Industry, Roadmap for India”. Our sincere thanks to core members of Steering Committee who provided their valuable inputs regularly in shaping the roadmap and recommendations - Former CEOs of DSCI: Kamlesh Bajaj and Nandkumar Saravade; Industry Leaders: Atul Kunwar (Tech Mahindra), R Guha (Wipro), Renju Varghese (HCL), Siva Sivasubramanian (Bharti Airtel), Murli Mahalingam (ICICI Bank); Security product entrepreneurs: Hemal Patel (Founder, Cyberoam) and Sanjay Deshpande (Founder, Uniken). We also thank Satish Thiagarajan (TCS) and Sanjay Bahl (CERT-In) for their support in this initiative. We also acknowledge contributions and insights from many members of NASSCOM and DSCI.

All steering committee efforts were led by Rajendra S Pawar, Chairman and Co-Founder NIIT Group, and Chairman of NASSCOM-DSCI Cyber Security Task Force, who guided and steered the group all along. We would like to convey our sincere thanks for his leadership and contributions of all the committee members.

From the Strategy&-PwC team, we would like to thank Ashish Sharma, Partner, Strategy& who led the effort with Sivarama Krishnan, Partner, PwC along with their team Nitin Arora, Vipul Bansal and Abhishek Chhonkar for executing this project.

On behalf of NASSCOM-DSCI, we would like to express our gratitude to all the individuals and firms for their valuable insights without which this report would not have been possible.

A special acknowledgement to the NASSCOM-DSCI team - Vinayak Godse, Rahul Sharma, Aditya Bhatia, Achutya Ghosh and Diksha Nerurkar for their efforts in pulling this report together. Special thanks to Sangeeta Gupta for her insights in developing the report.

Executive Summary

Growing Cyber Security Industry: Roadmap for India10

IntroductionAn increasingly interconnected world is characterised by the proliferation of digital identities, and the adoption of digital technologies and processes (with social, mobile analytics and cloud as key components). While such technologies have changed everyday life and revolutionised the way businesses and governments run, their adoption and continuous evolution have brought a multitude of vulnerabilities to the fore and increased the potential impact of a cyber-attack exponentially.

Executive Summary

Cyber Security Evolution

Figure 1: Evolution of cyber security

Cyber security Evolution

Virus protection focused on ensuring that IT systems and devices performed as expected

IT and network security focused on the protection of the device and the information assets passing through the network

Cyber security & information assurance has taken a more comprehensive system, data and mission assurance role

Evolution of Operational Risks and Types of Security Focus

Virus Protection 9/11 War against terrorism

Start of Internet era

EU – Data Protection Directives

Major damage incidentsthrough intrusions (viruses, worms, denial of service attacks)

Evolvement of Connected economy

Open source technology

Increased awareness forinsider risks, intellectual property

Increasing trendtowards Business Process Outsourcing / IT-OutsourcingY2K

Stuxnet

Organized industrial espionage

Internet and web service attacks

E-commerce boom

Basel II –FinancialServices Worldwide

Increased need for clear governance, COBIT framework

Integration of Business and ITArchitectures

Extended Enterprises

IT & Network Security

Cyber security &Information Assurance

Mobile Business

1995 2000-2003 2003 to date

Evolving business modelIncreasing regulatory requirement Emerging threat

Growing Cyber Security Industry: Roadmap for India 11

Unlike cyber adversaries of yesteryears, attackers today are highly motivated, well-funded and technically advanced. Recent attacks, such as that on a leading media and entertainment company by a nation state, exemplify how cyber-attacks have evolved drastically over the years.

The evolving nature of attacks and motives behind them pose a threat not only to national initiatives such as smart cities, e-governance and digital public identity management, which rely extensively on information and communication technologies, but also to

Figure 2: Growing connectivity and digitisation

enterprises and consumers; e.g., while consumers demand the benefits of connected cars such as connection to the internet, Vehicle-to-Vehicle (V2V) connections and Vehicle-to-IoT (V2IoT), only few are willing to pay to secure connected cars; therefore, the onus of security lies on automobile manufacturers.

Consequently, demand for cyber security solutions stems from a host of audiences, with varying requirements, ranging from warfare, espionage or national defence to the protection of intellectual property and employee, customer, and personal information across all industries (e.g., financial services, telecom, infrastructure, transportation, healthcare, etc.).

Global Market AnalysisThe analysis of the cyber security market encompasses two primary dimensions — demand-side trends that influence future growth, and products and services that constitute the supply side.

The demand side further comprises focus industry verticals and major geographies. The supply side defines the various cyber security products and services in the market, capability requirements for different product and service categories, and types and strengths of different players.

Cyber security comprises a host of products and services tailored to address the specific needs of various industry verticals. Examples of some of the needs across various industry verticals are covered in the chart above. Further, cyber security products are split into six main categories:

1. Identity and access management (IdAM)

2. Endpoint security

3. Web security

4. Messaging security

5. Security and vulnerability management (SVM)

6. Network security

On the other hand, services are divided into four main categories:

1. Implementation

2. Managed security services (MSS)

3. Consulting

4. Education and training

Power Grid

Transport

Housing

Traffic Control

End Users

Financial Institut.

Healthcare Institut.

Power Plant

Ubiquitous Connectivity via Cyberspace

Increased Digitization

Cloud


Demand-side market analysis

The global cyber security market is expected to reach approximately 190 billion USD by 2025 from 85 billion USD today, and will be driven primarily by increasing digitization wave and smartphone penetration.

Enterprises and the government constitute a major share of the market – e.g., in the UK, they contribute to approximately 80% of the market. While small and medium-sized enterprises (SMEs) currently represent a smaller pool, they are expected to demonstrate the highest growth rates, driven by increased awareness and vulnerability to cyber-attacks, adoption of platforms such as bring your own device (BYoD) and increasing affordability of MSS.

The market is expected to grow at a compounded annual growth rate (CAGR) of 8.2% from 2015–2025. Key demand drivers include increasing IT spend, internet of things (IoT), digitisation and smartphone penetration leading to newer attack surfaces & ever increasing number & sophistication of cyber threats.

Cyber security products constituted a 38-billion USD market in 2015. Network security will emerge as the most attractive product segment by size, while security and vulnerability management has the highest growth prospects across various geographic regions. Messaging security and web security are product groups with low growth prospects. Network security, IdAM and SVM are the top product segments by size and growth prospects, and are expected to contribute around 75% of the overall product market by 2025.

While the overall cyber security market is dominated by North America and Europe, as reflected in the Figure 7, the growth is driven primarily by APAC and Latin America (in that order). In North America, network security is the largest product segment, also registering the highest growth. On the other hand, in the APAC region, security and vulnerability management is the highest growing segment and network security represents the largest segment.

Cyber security services constituted a 41-billion USD market in 2015. MSS is the most attractive segment both by size and growth. It is expected to hold over 55% of the overall cyber security services market by 2025 and is expected to grow at a healthy CAGR of approximately 12%. Increasing complexity of security solutions and lack of in-house expertise and budget constraints are the key growth drivers for demand of MSS.

Figure 6: Global cyber security market projections

Market Growth Drivers R2 correlation

GDP 90%

IT spend 94%

Smartphone Penetration 90%

Internet Penetration 98%

Mobile Phone Penetration 99%

Internet of Things (IoT) 93%

eGov Index Data N/A

Talent Pool Data N/A

55423880

624641

98

+8.2%

2025

18710

2020

5

1247

2016

946

2015

85

ProductsR&D Market Services

Global Cyber Security market (US$ Bn) Correlation with demand drivers


Supply side market analysis

Global supply of security products can be broadly categorized into six key segments - identity and access management (IDAM), endpoint security, web security, messaging security, security and vulnerability management (SVM) and network security. Type of security vulnerabilities differ by the layer in the Open Systems Interconnection model (OSI model) and hence requires appropriate control measures that form the basis of different Cyber Security products

The cyber security product value chain is very similar to IT product development; however, there is a higher focus on market insights to ensure competitive advantage and partnerships with large IT companies, original equipment manufacturers (OEMs), etc., as a channel for go-to-market (GTM).

Figure 8: Global cyber security market projections by product segments

13 18286 7

9

14

67

10

18

9

12

7

55

4

5

55

80

2025

+7.5% 3

3

2020

55

2016

42 33

22

2015

38

22

Market Split by Product Segments(US$ Bn)

Others

Web Security

Messaging

End Point IAM

NetworkSVM

8.9%

11.2%

8.8%

CAGR(2015-25)

2.5%

6.2%

Figure 11: Global cyber security market projections by service segments

18 2131

5614

15

18

23

11

16

98

22

62

46

98

+9.0%

202520202016

2

2015

41

2

Integration Managed Serv.ConsultingEducation & Trg.

12.1%

4.6%

7.3%

5.2%

Market Split by Service Segments(US$Bn)

CAGR(2015-25)

Figure 14: Cyber security market projections by verticals

Figure 15: Cyber security market projections by region

30 32 4054

17 1925

35

14

18

27

19

18

12

12

1411

4

44

88

86

5

2015

80

76

2020

117

97

7

2016

+8.3%

2025

177

GovernmentManufacturing

BFSIICT

Retail

Healthcare

Others

6.2%

9.8%

8.2%

7.6%

Market Split by Industry Verticals(US$ Bn)

CAGR(2015-25)

9.0%

9.7%

28 29 3646

24 2736

5417

19

29

54

1112

16

228.3%

2025

177

2020

117

2016

88

2015

80

North AmericaEuropeAPACRoW

4.9%

6.4%

12%

8.1%

Market Split by Region(US$ Bn) CAGR

(2015-25)


Market insights and R&D are essential for a supplier to keep himself updated on latest security threat landscape and upgrade/modify products accordingly. Apart from common capability requirements such as R&D, GTM, after sales services – differential technical capabilities (e.g., programming skills) are required in product development and engineering area (depending on specific product segment).

Supply-side players can be classified into six broad categories based on capabilities:

1. IT companies: Global IT companies with security as one business segment

2. Pure-play security firms: Firms with cyber security as their primary business and offerings across many product or service segments

3. Niche product players: Firms with focus on a specific security product offering

4. Consulting firms: Management or technical consulting firms with a cyber-security practice

5. Pure-play service firms: Firms which only focus on providing end-to-end security services

6. Telcos: Large telcos with service offerings for cyber security

Companies do not usually straddle across product groups by developing capabilities in-house; consequently, the industry is driven by immense merger and acquisition (M&A) activity (also for faster go to market). Larger cyber security companies acquire newer companies to increase their presence in the market, expand their portfolio, and develop new functionalities in their existing products.

The GDP, government spend, and digitization of a country shows a clear impact on the size of the cyber security market.

Through PwC Strategy&’s digitization index study and GDP per capita data, a clear threshold value segregates ‘developing’ markets from ‘mature’ markets. Almost all markets with a digitization index of above 60% have a much higher cyber security market per capita.

OperationsMaintenance and Support

Implement & System

IntegrationGo-To-Market

Product development &

engineering

Market insightsand R&D

• Provide hosting services for applications

• Provide Software as a Service (SaaS) interface (where applicable)

• Security response and market monitoring: Conduct market research to gather information on new types of threats and evaluate how products need to be upgraded accordingly

• Program software applications and IT services– Design

services and packages

– Create software applications

– Test applications

• Strong partnership element: Working jointly with System integrators, large IT companies, OEMs, telecom operators, etc. for branding, sales and better product development

• Install applications at client site

• Implement, configure and / or customize software solutions and applications

• Integrate newly deployed solutions within client application portfolio environment

• Development of software upgrades

• Release of patches to address specific threats

• Management of service level agreements

Cyber Security – Product development value chain

Varies by product type Key differentiator and barriers to entry

Figure 23: Cyber security product value chain


Figure 28: Impact of digitisation and GDP per capita on the cyber security industry

Figure 29: Impact of digitisation and government spending on the cyber security industry

Bubble size depicts the size of the cyber security market per capita

(US$, 2014)

Developing

Mature

Impact of digitization and GDP per capita on cyber security industry

100

80

60

40

70,00060,00050,00040,00010,0000

China

Brazil

India

Japan

GDP per Capita (US$)

UK

Australia

Dig

itis

ati

on

In

de

x1)(%

) Canada

Germany

US

Russia

Bubbles size depicts the size of the cyber security market per capita (US$, 2014)

Recently started investing in Cyber security, budget earmarked for 2015-16

Impact of digitization and government spending on cyber security industry

80

0

40

1,700 1,800600500400300200100

100

60

Australia

Canada

Brazil

India

Germany

USJapanUK

Dig

itis

ati

on

In

dex

1)(%

)

Most of the developed countries form the part of mature grouping while BRIC (Brazil, Russia, India, China) nations are a part of a developing group, reflecting the growth opportunity available to be tapped in.

A closer look at the government spend (excluding defense and public spending on cyber products and services) on cyber security initiatives along with digitization index suggests that the US government clearly spent the highest on various initiatives to promote cyber security, followed by the UK. India is currently pegged lower on both digitization index as well as the current government spend, but could offer growth opportunities. Furthermore, above a digitization threshold, the government spend on cyber security initiatives has a minimal impact on the cyber security market per capita.

Global clusters and capability assessment

In order to assess the country’s capability in cyber security, four key dimensions–ecosystem, infrastructure, enablers and mechanisms need to be looked at.

Figure 30: Capability assessment framework

1

2

3

4

Description and scope of cyber security ecosystem

Analyzes the availability and quality of infrastructure to promote the cyber security industry

Analyzes enablers for promoting robust growth of the cyber security market

Oversight and regulation of the cyber security ecosystem

EnablersEnablersEcosystem1

2

3

4

Infrastructure

Enablers

Mechanisms

Capability Assessment Framework


Using the above mentioned framework, countries can be divided in three categories – leaders, challengers and aspirants. Availability of capital, incubators/accelerators and specialized infrastructure give leaders an edge. Additionally, leaders have been quick to incentivize companies in the field through numerous tax incentives, employee grant schemes, and R&D credits. Some countries have instituted programmes to identify talent at an early age, and provide them with additional resources to hone their skill – Israel’s ‘Magshimim Leumit’ programme is a leading example. The government’s focus on cyber security emerges as a key element – promoting it as part of the national security agenda has helped ease procurement norms for companies, boosting the industry significantly. Furthermore, incentives have helped in the creation of intellectual property, and development of niche skill sets, contributing to national employment and GDP in the country.

The extent of collaboration between the government, industry and academia, and policy and financing initiatives plays a huge role in the success of clusters. Currently, some leading cyber security clusters across the globe are outlined below:

• Greater Baltimore cluster (the US)

• The Hague Security Delta (HSD, Netherlands)

• Berlin-Brandenburg cluster (Germany)

• Beer Sheva (Israel)

• Ottawa cluster (Canada)

• The UK’s cyber security clusters

Figure 33: Country capability assessment dashboard

1

Overall rank

Country name Ecosystem Infrastructure Enablers Mechanisms Observations

2

3

4

5

6

7

8

9

10

11

• The US leads the industry, being home to both heavy weights and niche startups

– Tax breaks for startups and cyber security companies in regional clusters and large defense expenditure have contributed to its growth

• Specialized cyber security courses in universities and industry-academia collaboration emerge as common traits of leaders

• Government focus on cyber security emerges as a key element – Promoting it as part of the national security agenda as well its contribution to the national employment and GDP

Cyber Security Capability Assessment

Dimension average score

0 4 Scoring scale

United States of America

Canada

United Kingdom

Australia

Netherlands

Brazil

Russia

India

China

Germany

Israel

Challenger AspirantLeader


Australia is also in the process of setting up its own cyber security cluster, which is called the Cyber Security Growth Center and is expected to be operational by late 2016.

Clusters formed at different points of time over the last decade and have developed to serve different target markets, have different focus areas (service or product/R&D) and vary in compositions from being dominated by large global players through Global in-house centres (GICs) and/or have numerous SMEs and start-ups. As clusters evolved, they passed through multiple model positions and moved to another as their composition and/ or focus areas changed.

Figure 45: Global cyber security clusters

US• Greater

Baltimore Cluster

• 10,000+ security contractors

Canada• Ottawa Security

Cluster• 180+ companies UK

• 16 Clusters• 600+ companies

The Netherlands• Hague Security

Delta (HSD)• 400+ companies

Germany• Berlin-Brandenburg

Cluster (SIGNUM)• 120+ companies

Australia• Cyber Security

Growth Center

To be operational by mid 2016

Currently operational

Israel• 5 cyber research

centers• 250+ companies

Figure 46: Cluster evolution paths

Israel

Cluster focus

HSD

UK Clusters

Baltimore

Ottawa

Berlin

Clu

ste

r co

mp

osit

ion

Cluster focus

Cluster Model Matrix

Pri

ma

rily

sm

all

p

laye

rs

Pri

ma

rily

la

rge

pla

ye

rs

Highly product oriented

Highly service

oriented

Pri

ma

rily

s

ma

ll p

lay

ers

Pri

ma

rily

la

rge p

laye

rs

Highly product oriented

Highly service oriented

• Dominated by large players, focusing on R&D and product development

• Dominated by large players, focusing on services

• Dominated by smaller players and startups, focusing on R&D and product development

• Dominated by smaller players and startups, focusing on services

• Has a balanced mix of large and small players, focusing on R&D and product development

• Has a balanced mix of large and small players, focusing on services

Hy

bri

d

Hy

bri

d

• Israel evolved from numerous cyber security startups, which were acclaimed globally in due course of time. Today, it is home to R&D centers of cyber security giants e.g., IBM, EMC

• HSD cluster was formed by 11 founding partners, primarily large demand and supply players, such as KPN, FoxIT, Thales, Capgemini

• UK clusters, were formed through informal association between various small companies located in proximity

Cluster Model – Current State

Clu

ste

r co

mp

osit

ion


An evaluation of the global clusters reveals that policy and financing incentives along with opportunities for skill development emerge as pivotal factors. The Greater Baltimore cluster, HSD and Beer Sheva region (Israel) have seen numerous tax incentives, which has led to the proliferation of numerous start-ups. This has also incentivized large global players to set up operations in the clusters. These clusters also have collaborations with the respective local academic institutions—University of Maryland (Baltimore), TU Delft and the Hague University of Applied Sciences (HSD) and Ben-Gurion University (Beer Sheva), which have not only supplied top-notch security talent but also provided opportunities for professionals to upskill and obtain certifications.

Figure 50: Global clusters evaluation

Policy and Financing

Domestic market

Infra. TalentCost

advantages

Product/ Service focus

Innovation dominance

Focus markets

Greater Baltimore Cluster

Services

Hague Security Delta (HSD)

Products

Beersheva (Israel)Products

Berlin-Brandenburg Cluster (SIGNUM)

Products

Ottawa Security Cluster

Services

UK Cyber Security Clusters

Services

Ecosystem variables Differentiators

1 2 3 4 5 6 7 8

Number of cyber security companies in the cluster

Evaluation of global clusters

While some clusters, such as Greater Baltimore, Berlin-Brandenburg and the UK clusters focus on satisfying local demand to a large extent, others such as The HSD and Beer Sheva are heavily export oriented.

Figure 51 illustrates the market focus of the clusters against the number of companies in the cluster. It is interesting to note that the Greater Baltimore cluster has a large proportion of SMEs (more than 50 employees), as compared to the HSD, which started with a larger proportion of large companies but now provides a host of services to promote start-ups and SMEs.

Bubble size represents cluster revenue (US$ bn., 2013)

Exp

ort

o

rien

ted

Do

m. m

ark

et

ori

en

ted

~600 ~10,000**

4.31.8

1.5

1.8

6.3

Ma

rket

foc

us

Berlin-Brandenburg

Beersheva (Israel)

Hague Security Delta

Greater Baltimore

Ottawa

Number of companies

UK Clusters

Focus markets and size

In Baltimore cluster, a large majority of companies are small in size (<50 people)

Revenue data unavailable

1

Figure 51: Global clusters: Focus markets and size


Clusters have contributed immensely to the development of the cyber security industry in the respective countries, and creating successful clusters requires dedicated focus on strengthening prerequisites and differentiators discussed earlier.

Clusters promote the growth of cyber security start-ups, SMEs and large players through numerous funding and financing initiatives, tax breaks, incubators and accelerators and provisions to promote R&D. The growth is supported by the availability of niche cyber security skills in clusters, which are developed through a close collaboration between the industry and academia.

Opportunity areas in the cyber security market

Opportunities in the cyber security market are identified based on the growth of the respective product/service groups, their overall size and their job creation potential.

MSS, SVM and network security emerge as attractive opportunities globally.

MSS emerges as the most attractive opportunity, with highest growth (more than 12%) and largest market size (18 billion USD).

While SVM and IdAM are smaller in size, their potential for future growth makes them attractive.

Network security is another product group with above average industry growth rate and size. Although growth of implementation services is low, its large market size makes it important opportunity to address.

A deeper look at the industry verticals reflects a similar trend wherein the BFSI, government and manufacturing constitutes 80% of the overall market.

Given the key trends through global market analysis, analyzing the capabilities existing in India and the main global growth drivers identified over the next decade, target opportunities for India were identified based on ease of winning. Based on a combination of the ‘attractiveness’ of the opportunity, and the ‘ease of winning’ for India, MSS, implementation services, network security and SVM emerge as opportunities that India should target on priority.

Ease of winning – India

Competitive intensity

Non-R&D Investment required

R&D requiredCapability gapOverall score

Implementation Services

2.8

Managed Security Services (MSS)

2.6

Education & training

2.2

Security & Vul. Mgmt.

2.6

Security Consulting 1.9

Network 2.2

Messaging 1.6

IdAM 1.8

Web 1.7

Endpoint 1.8

Low

High

Lo

west C

om

petitio

n

Incre

asin

g E

ase

of W

inn

ing

Figure 56: Ease of winning for India


Conclusion

For India to become a global hub in cyber security, a list of 16 initiatives has been formulated as reference in Figure 18 below. These initiatives vary in terms of priority and should be pursued within the next five years. Effective program roll-out and strategic vision realization will require disciplined management of 16 key initiatives. In short, a substantial trajectory change is required by Indian cyber security industry to achieve its growth vision.

Opportunity identification framework

Cyber Security – Opportunity Initiative Framework

Cyber Security Initiatives

Policy & Regulations• Cyber Security

Stewardship• Policy, Regulations,

Incentives & Law• Continuous

Monitoring, Audit& Enforcement

1Human Capital Development• Governance• Skill Development

2Clusters

• Location Selection• Infrastructure

provision• International

collaboration• PPP Partnerships

4Financing

• Start-up funding• Incubators &

Accelerators

5Research, Innovation and Technology Development• Strategic cyber

security R&D• Development of dual

used technology• Mechanisms for

technology transfer

3

Awareness & Brand Building• General public and sector-specific programs and activities to foster awareness

• Global brand building – leverage “Make in India”, “Start-up India” initiatives

National & International Collaboration• Research & threat information sharing, technology expertise exchange6

7

GROWING C Y B E R SECURITY INDUSTRY - DSCI

Documents

Transcript of GROWING C Y B E R SECURITY INDUSTRY - DSCI