India’s Cybersecurity ecosystem reaches a significant milestone valued $20 Billion, Driven by AI and Data Protection Law

By R Anil Kumar

• India’s cybersecurity ecosystem has reached a $20 billion valuation, driven by over 400 startups and more than 650,000 professionals who are developing advanced solutions using AI.

• The Digital Personal Data Protection (DPDP) Act, 2023 provides a legal framework for data protection, while the Indian Computer Emergency Response Team (CERT-In) utilizes AI for real-time threat detection and response

Bengaluru. India’s cybersecurity ecosystem has reached a significant milestone, now valued at $20 billion, according to Dr. Sanjay Bahl, Director General of the Indian Computer Emergency Response Team (CERT-In).

With over 400 active start-ups and a skilled workforce of 6.5 lakh professionals, India is swiftly consolidating its position as a global cybersecurity powerhouse. This growth underscores the country’s commitment to safeguarding its expanding digital economy amid rising cyber threats.

The innovation ecosystem within India’s cybersecurity sector is robust and indigenous. Start-ups are focusing on cutting-edge areas such as AI-powered threat detection, cyber forensics, encryption systems, and real-time monitoring solutions.

These ventures are helping to reduce dependence on foreign technologies while promoting sovereign digital infrastructure development.

A central factor behind this expansion is the growing pool of expert professionals. With over 650,000 specialists, India’s talent base ranks among the world’s largest in cybersecurity.

Programmes initiated by CERT-In and various technical institutions are actively building capacity through certification courses and advanced training in cyber resilience, incident response, and digital forensics.

Artificial Intelligence plays a pivotal dual role in this domain. CERT-In leverages AI-enabled analytics for instant threat detection and automated response mechanisms, significantly reducing the response time to cyber incidents. Such systems helped mitigate the impact of 147 ransomware cases reported in 2024.

However, AI also empowers adversaries to conduct more sophisticated operations, including voice cloning and automated phishing attacks, necessitating continuous investment in counter-AI research.

India’s regulatory progress complements this technological thrust. The Digital Personal Data Protection (DPDP) Act, 2023 forms the legal backbone of the nation’s privacy and data governance regime.

It introduces a rights-based framework focusing on consent, transparency, and accountability in data processing.

The Act mandates entities to ensure strong data protection measures and immediate breach notifications to the Data Protection Board and affected individuals.

Although the DPDP Act has been enacted, its enforcement is unfolding in stages as the Draft Rules are being finalised. Businesses face stringent compliance obligations, with penalties for security lapses reaching up to ₹250 crores.

This framework is expected to significantly elevate adherence to security protocols and promote trust in India’s digital infrastructure.

Collectively, these developments mark a transformative phase in India’s cybersecurity journey. With rapid market expansion, an indigenous innovation base, AI integration, and a strengthening legislative framework, the country is charting a clear course toward becoming a secure digital hub of global significance.

Key drivers of growth

Over 400 startups: A vibrant startup ecosystem is creating innovative solutions for threat detection, cyber forensics, and AI-based monitoring systems.

Skilled workforce: India has a large pool of over 650,000 cybersecurity professionals, supported by training and certification programs.

Artificial Intelligence (AI): AI is used by CERT-In for real-time incident response, threat detection, and automation, which helps mitigate risks like ransomware attacks.

Data Protection Law: The Digital Personal Data Protection (DPDP) Act, 2023, creates a legal framework for data privacy, accountability, and consent, strengthening the overall security and trust in the digital environment.

Impact and future outlook

• India is becoming a major global hub for cybersecurity solutions.
• The ecosystem is fostering advanced technologies like AI-enabled analytics and forensics.
• The combination of technological innovation and robust legal frameworks is expected to continue this growth trajectory.

India’s cybersecurity landscape is defined by a rapidly growing digital economy that is a magnet for cyber threats, with a significant increase in malware and cybercrime incidents. The government is addressing this through initiatives like the National Cyber Security Policy, the National Critical Information Infrastructure Protection Centre (NCIIPC), and the Indian Computer Emergency Response Team (CERT-In), which includes the Cyber Swachhta Kendra for botnet cleaning and the helpline 1930 for assistance. Key challenges include attacks on critical infrastructure, ransomware, phishing, and cyber espionage, prompting the need for strong policies and a multi-stakeholder approach involving government, private sector, and civil society.

The cybersecurity threat landscape

Increased cyber incidents: India has seen a sharp rise in cyber threats, with a 46.7% increase in detected malware events between late 2023 and 2024, and a 500% increase in cybercrimes recently.

Growing attack surface: The country’s digital transformation, with over 86% of households now connected to the internet, has created a larger and more attractive target for cybercriminals.

Critical infrastructure vulnerability: Sectors like power, finance, and transportation are increasingly dependent on digital systems, making them vulnerable to disruptions from cyberattacks, which have already been attempted on places like a nuclear power plant and a port terminal.

Diverse threat types: India faces a wide range of threats, including state-sponsored espionage, ransomware, phishing, data breaches, malware, financial fraud, and the use of social media for radicalization and disinformation.

Transnational threats: A significant portion of cybercrimes, estimated at around 75%, originate from foreign actors, highlighting the need for international cooperation.

Government initiatives and responses

National Cyber Security Policy: Introduced in 2013, this policy aims to create a secure cyber ecosystem and protect citizens, businesses, and the government.

CERT-In: The national agency for cybersecurity incident response, it provides services like vulnerability management, incident response, and awareness initiatives.

NCIIPC: Established under the Information Technology Act 2000, it is responsible for protecting India’s critical information infrastructure by identifying threats and coordinating protective measures.

Cyber Swachhta Kendra: A citizen-centric initiative that provides free tools to detect and remove malware and botnets, and offers cybersecurity tips.

Indian Cybercrime Coordination Centre (I4C): Created by the Ministry of Home Affairs, this centre coordinates the response to cybercrimes.

Dedicated helpline: The helpline 1930 is available for immediate assistance with cybersecurity issues.

Budget allocation: The Union Budget 2025-2026 allocated ₹782 crore for cybersecurity projects.

Key takeaways

India’s cybersecurity is a critical concern due to its rapid digitization and economic goals.

The government has established several agencies and policies to bolster defences against a rising tide of sophisticated threats.

Effective cybersecurity requires a collaborative approach involving both government and the private sector.

While the government has implemented legislative and organizational measures, ongoing threats like ransomware and state-sponsored attacks require continuous innovation and adaptation.