Sign in

Indian market must start paying for cybersecurity: IT secretary S Krishnan

India’s “not very friendly neighbourhood” makes strategic cybersecurity all the more urgent, IT secretary S Krishnan said

Published on: Jul 11, 2025, 18:36:36 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

NEW DELHI: India’s internet cybersecurity startups are increasingly looking to merge with overseas firms to scale, a trend that will continue unless the domestic market expands, information technology (IT) department secretary S Krishnan said on Friday.

IT secretary S Krishnan acknowledged that while the idea of mandating the use of India-made cybersecurity products in critical sectors was important, the ecosystem wasn’t ready yet (X/CERT-In)
IT secretary S Krishnan acknowledged that while the idea of mandating the use of India-made cybersecurity products in critical sectors was important, the ecosystem wasn’t ready yet (X/CERT-In)

“This won’t change until Indians start paying for cybersecurity tools and services,” he said, underlining the need for stronger local demand to build homegrown capacity in the sector.

Krishnan pointed to an assessment by CERT-In, the nodal agency for cybersecurity incidents, that recommended 15–20% of all spending on software, IT, and digital infrastructure should go toward cybersecurity, a benchmark India has yet to meet.

The IT secretary’s remarks came at the launch of a white paper, ‘Transitioning to Quantum Cyber Readiness,’ authored by CERT-In and cybersecurity firm SISA.

The senior official acknowledged that while the idea of mandating the use of India-made cybersecurity products in critical sectors was important, the ecosystem wasn’t ready yet and described it as a “chicken-and-egg” situation.

Domestic capacity can’t grow without a strong market, and without that capacity, mandates aren’t feasible, he said.

India’s “not very friendly neighbourhood” makes strategic cybersecurity all the more urgent, he said, adding that the country “must aim for fully homegrown solutions in both hardware and software”.

Tarun Wig, co-founder & chief executive officer of Innefu Labs, which supplies cybersecurity tools to defence and law enforcement, agreed that there should be a stronger domestic market appetite for homegrown cybersecurity products, but underscored that one major challenge the industry still faces was the lack of Indian-made hardware that can support secure-by-design systems.

“On the software front, building end-to-end platforms requires sustained R&D investment and skilled talent, which play a critical role,” said Wig.

The document released on Friday highlights the urgency of preparing for a post-quantum future, where these traditional encryption systems are expected to become obsolete within the next few years.

Quantum computers, while powerful and useful for many things, can also break the encryption systems used today, like RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), to keep data safe.

“This makes all encrypted data immediately vulnerable, jeopardising the digital economy by putting the confidentiality and integrity of data at risk. The type of risks includes data breaches involving financial and health data, internet traffic and instant messaging, digital certificates, digitally signed documents, blockchains, cryptocurrencies and the risk of “harvest now, decrypt later” attacks by malicious cyber actors,” the paper said.

Krishnan said quantum and classical computing are expected to coexist for the foreseeable future, but the shift would demand stronger, quantum-resistant tools such as post-quantum cryptography (PQC), which are designed to withstand attacks from quantum computers. “Work on PQC is a must. Everyone who uses a computer must be aware of the cryptographic tools available to protect themselves,” the Secretary said.

“CERT-In recognises that quantum computing will fundamentally change the threat landscape. We must evolve our security frameworks today to protect India’s expanding digital infrastructure tomorrow,” said CERT-In director general Sanjay Bahl.

,

Check India news real-time updates, latest news on Hindustan Times and more across India.