New Delhi, Jan 9

National Cyber Security Coordinator Urges Industry to Scale-up Investments in Cybersecurity amid AI-driven Attacks and Skills Shortage.

Focus is now on Derisking Supply Chains from Cyberattacks by Relying on Trusted Sources

India faces unprecedented cybersecurity challenges across its rapidly expanding digital infrastructure, with the country's top cyber official describing the task of protecting 1.2 billion connected devices as a major mission, requiring significant private sector engagement. Speaking at FICCI’s CyberComm 2025 organised in association with MEITY and the Department of Telecom, Lieutenant General M.U. Nair, National Cyber Security Coordinator, mentioned that despite having one of the world's fastest 5G rollouts, with 4.74 million base stations deployed since October 2022, corporate investment in cybersecurity remains "minimal". Urging industry leaders to increase investments in cybersecurity, Nair called for a fundamental shift in corporate governance, urging major industries to include cybersecurity professionals on their boards and include comprehensive security disclosures in their annual reports. 

 

Nair outlined a vision for industry-led collaborative centres that would continuously monitor multiple systems and layers within India's complex digital ecosystem. The proposed framework would establish cybersecurity as a service, with industry bodies taking shared responsibility for protecting sector-specific infrastructure. "What we need is a commercial model where sectoral centres of excellence can protect key industries through continuous monitoring and risk assessment," he told delegates.

 

The government has moved to address these concerns through new policy frameworks, including the clarification of ministerial responsibilities for cybersecurity in September 2024 and the implementation of a National Security Directive restricting telecom infrastructure to trusted sources. Similar conditions of trusted sources in supply chain are being considered for other sectors like power sector etc.

The government is also looking at measures to address the critical shortage of cybersecurity professionals, which include “cyber security capsules given to them as part of their curriculum” and establishing specialised BTech and MTech degrees on cyber security," Nair said. 

 

Further, As part of strengthening India's device ecosystem security, the Quality Council of India (QCI) has been tasked with developing minimum security standards for networked devices.

 

Speaking on occasion, QCI Secretary General Chakravarthy T. Kannan revealed that cyber-attacks are now equally distributed between major urban centres and smaller cities, with 50 per cent of incidents occurring outside the top 10 metropolitan areas. This marks a significant shift from traditional threat patterns where 80 per cent of impacts typically concentrate in 20 per cent of key markets.

 

Mandar Kulkarni, National Security Officer, Microsoft, revealed that his company is currently monitoring approximately 600 million cyber-attacks daily. He highlighted that identity attacks remain the primary threat, though simple measures like multi-factor authentication could prevent 99% of such incidents. The company has also observed a significant shift in DDoS (Distributed Denial of Service) attacks, which have evolved from volume-based to more sophisticated application-level attacks, particularly since March 2024.

 

Suprakash Chaudhuri, Country Head -- Digital Industries, Siemens Ltd, and Co-Chair, FICCI Technology Committee, highlighted the substantial market opportunity in India's cybersecurity sector, projecting growth from USD 5.56 billion in 2025 to USD 12.9 billion by 2030 at a CAGR of 18.33%.

 

"Cyber-attacks are cheap, fast and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating," Chaudhuri warned delegates. He emphasised that cybersecurity has evolved beyond a technological challenge to become "a critical business imperative" that demands proactive threat detection, robust policy frameworks, and continuous workforce development.

 

Chaudhuri further stressed that the increasing sophistication of cyber threats requires businesses to adopt advanced technologies like AI-driven threat intelligence and foster cross-sector collaboration to stay ahead in the rapidly evolving cyber landscape.