India is witnessing a digital revolution, but along with it comes a daunting challenge—securing its massive digital infrastructure. With over 1.2 billion connected devices and one of the fastest 5G rollouts globally, the country faces unprecedented cybersecurity threats.
These challenges were at the forefront of discussions during FICCI’s CyberComm 2025, an event held in collaboration with the Indian Ministry of Electronics and Information Technology (MEITY) and the Department of Telecom.
A Call for Industry Participation
Lieutenant General M.U. Nair, National Cyber Security Coordinator highlighted the urgency of strengthening India’s cybersecurity ecosystem. Despite the rapid pace of digital adoption, corporate investment in cybersecurity remains “minimal.” Nair emphasized that cybersecurity must be a top priority for businesses, calling for major industries to include cybersecurity professionals on their boards and mandate comprehensive security disclosures in annual reports.
He also proposed a collaborative framework led by industry players, envisioning sector-specific cybersecurity centres of excellence. These centres would adopt a shared responsibility model, continuously monitoring and assessing risks in India’s complex digital ecosystem.
“We need a commercial model where industry bodies protect key sectors through continuous risk assessment,” Nair said, urging stakeholders to rethink governance strategies and prioritize cybersecurity as a service.
Policy Frameworks to Address Emerging Threats
The government has taken significant steps to address cybersecurity concerns. In September 2024, it clarified ministerial responsibilities for cybersecurity, and a National Security Directive now restricts telecom infrastructure procurement to trusted sources. Similar trusted-supply-chain protocols are under consideration for other critical sectors, such as power.
Acknowledging the critical shortage of cybersecurity professionals, the government is also investing in education. Initiatives include integrating cybersecurity capsules into academic curriculums and introducing specialized BTech and MTech degrees focused on cybersecurity.
In parallel, the Quality Council of India (QCI) has been tasked with developing minimum security standards for networked devices, a move aimed at strengthening device ecosystem security across the country.
A Shift in Threat Patterns
Chakravarthy T. Kannan, Secretary General of QCI, revealed an emerging trend in cyberattacks: a shift from urban centres to smaller cities. According to Kannan, 50% of cyber incidents now occur outside the top 10 metropolitan areas, compared to earlier patterns where 80% of attacks targeted 20% of key markets.
Mandar Kulkarni, National Security Officer at Microsoft, added that his team monitors 600 million cyberattacks daily, with identity-based threats as the primary challenge. Simple yet effective measures like multi-factor authentication could mitigate 99% of such attacks. He also noted the evolution of Distributed Denial of Service (DDoS) attacks, which have become more sophisticated since March 2024, transitioning from volume-based to application-level threats.
Cybersecurity: A Growing Market Opportunity
The financial implications of cybersecurity were a key topic at CyberComm 2025. Suprakash Chaudhuri, Country Head of Digital Industries at Siemens Ltd and Co-Chair of FICCI’s Technology Committee, highlighted the substantial market opportunity in India’s cybersecurity sector. The market is projected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030, at a compound annual growth rate (CAGR) of 18.33%.
“Cyberattacks are cheap, fast, and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating,” Chaudhuri remarked.
He stressed the importance of proactive threat detection, strong policy frameworks, and workforce development. Businesses must leverage advanced technologies like AI-driven threat intelligence and foster cross-sector collaboration to counter increasingly sophisticated cyber threats.
The Road to Data Protection
India is also making strides in data protection. In January 2025, the government released draft rules under the Digital Personal Data Protection (DPDP) Act, 2023, for public consultation. Open until February 18, these rules aim to provide clear and enforceable guidelines for handling personal data.
This marks a significant milestone in India’s decade-long journey toward comprehensive data protection legislation. The DPDP Act builds on recommendations made by a 2011 expert committee led by former Delhi High Court Chief Justice A.P. Shah.
The draft proposes a phased rollout, with rules governing the Data Protection Board taking immediate effect, while provisions on consent management, notice requirements, and government access to data will be enforced gradually.
Strengthening India’s Cybersecurity Future
The cybersecurity challenges India faces are vast and multifaceted. With millions of connected devices, an expanding digital economy, and an evolving threat landscape, there is no single solution. A strong strategy requires collaboration between government, industry, and academia.
From policy frameworks and trusted supply chains to educational initiatives and industry-driven solutions, India is laying the groundwork for a more secure digital future. However, the success of these efforts hinges on the active participation of all stakeholders.
As Lieutenant General Nair aptly put it, “Cybersecurity is not just a technological challenge; it is a mission-critical priority that demands collective action.”
The time to act is now, as India stands at the crossroads of digital innovation and cyber resilience.
