Cybersecurity Conundrum: Balancing India’s Digital Vision and Budget Dilemma

By Uma Pendyala            

Despite India’s ambitious digital goals, there has been an astronomical surge in cyber-attacks and security breaches in recent years, impacting Indians considerably. The alarming frequency of cybersecurity incidents has sparked concerns among corporations, investors, and society. According to the government’s Indian Computer Emergency Response Team (CERT-In), the first half of 2023 saw 1.12 lakh cyber security incidents.

A cyber security report from Cyfirma, a Singapore-based firm, reveals that India is the world’s most vulnerable country to cyber attacks, accounting for 13.7% of all attacks. The United States follows closely with 9.6% of attacks, trailed by Indonesia and China. The report emphasizes that India is witnessing a higher percentage of state-sponsored cyber attacks than the global average, with 72% of attacks being state-sponsored, compared to the global average of 68%.

The report identifies various sectors in India, including services companies, manufacturing, healthcare, education, retail, government agencies, and banking and financial services, as being at higher risk for cyber attacks. As India’s internet population expands and the government embraces digitization, the demand for cybersecurity has increased.

Despite these escalating cybersecurity challenges, there is a significant disparity between the government’s digital aspirations and the budget allocated for cybersecurity. This gap becomes particularly glaring when comparing India’s cyber security spending of its IT budget to that of countries like the United States, the United Kingdom, or China, which have similar levels of digitalization.

The significant disparity can be attributed to the prevailing perception of cyber security as a secondary rather than a strategic priority. Despite substantial investments in digital infrastructure and technology adoption, budgetary allocations often relegate cyber security to a lower priority. This oversight is rooted in a lack of awareness regarding the widespread nature of cyber threats and the potential consequences of cyber attacks on national security, economic stability, and public trust in digital systems.

Escalating Cyber security Risks Prompt Govt to Increase Budget Allocation

In response to the escalating cyber security threats targeting governmental institutions, the Indian government has taken decisive measures to enhance its cyber security defences in the interim budget for 2024. There has been a significant boost in the budget allocation for cyber security projects, increasing from Rs 400 crore in the financial year (FY) 2023-2024 to Rs 750 crore for the fiscal year 2024-2025.

The substantial increase in the cyber security budget for the fiscal year 2024-2025 reflects the seriousness with which the Indian government regards the threat of cyber-attacks. As cyber threats continue to evolve in complexity and scale, these investments play a crucial role in strengthening India’s defences against potential cyber-attacks. However, it is still inadequate in terms of the threat perceptions. The emphasis on cyber security goes beyond safeguarding government institutions, extending to ensure the safety and security of the broader digital ecosystem. Therefore, the private sector must plug the gaps in budgetary allocations for cybersecurity.

Urgent Need for Increased Budget for Cybersecurity

IBM’s Cost of a Data Breach Report 2021 found that the number of cybercrimes has increased six-fold since the pandemic began. This has also caused the average cost of data breaches to rise from USD 3.89 million to USD 4.96 million. With half of the employees working remotely during this time, it took an extra 58 days to detect and contain security breaches. As a result, the cost of properly protecting businesses is expected to reach a total of USD 433 billion by 2030. With 5G becoming commonplace, data privacy could become a major issue. Due to the increase in data transfer, which could leave nodes exposed to more expensive and damaging attacks. As companies strive to enhance accessibility, resilience, and agility, it opens up potentially more damaging opportunities for attackers.

Resource limitations pose serious challenges for small and medium-sized enterprises (SMEs) when it comes to implementing fundamental cybersecurity measures. A synergistic approach involving budgetary incentives and promoting cyber insurance adoption has the dual effect of encouraging businesses to invest in cybersecurity and providing a safety net in the aftermath of a cyber-attack. At the same time, allocating funds to national awareness campaigns and educational initiatives and developing cyber security best practices for individuals and businesses will mitigate the impact of cyber threats and enhance overall preparedness.

To conclude, bridging the gap between India’s digital aspirations and its preparedness for cybersecurity to secure the nation’s digital future is crucial. The government should prioritize cybersecurity in its policy agenda, allocate sufficient resources, and promote collaboration among stakeholders to efficiently address cyber risks and establish a secure and resilient digital ecosystem for everyone. Neglecting to tackle this discrepancy may jeopardize India’s digital goals and expose the nation to considerable cybersecurity threats in an ever-more interconnected world.


(The author is Head Business Ops, SecurEyes, and the views expressed in this article are his own)