India has become one of the most attacked and cyber breached countries in the world. Cyberattacks have more than doubled in 2022 and trend is continuing in 2023. There were 1.4 million cybersecurity incidents reported in India in 2022. With high profile breaches at AIIMS, Indian Railway, Oil India, Tata Power etc., the Indian government is taking notice and building measures to enhance the cybersecurity infrastructure. The average cost of a cyber breach has risen to over 1 million USD according to a recent IBM study. A Cisco study found that over 1/3 of cybersecurity technologies used by Indian companies are outdated. It is more important than ever for organizations in India to build a work force to refresh their cybersecurity strategy, mature their capabilities and build security resilience.
Growing India Cybersecurity Market
According to Mr. Gulshan Rai (Fmr. India Cybersecurity Chief), while the cybersecurity maturity and awareness in India is in nascent stage today, it poised to increase in next 2-3 years to a $16 billion market. According to him there is a need for structured and holistic cybersecurity initiatives versus a piecemeal approach. The upcoming Indian Data Protection Act will provide a clear driver for organizations to increase their investments. Per a PwC study, 82% of business executive in India expect to increase their cybersecurity budgets. This is a result of increased regulatory scrutiny, expected increase in ransomware attacks (high frequency, high impact), threats to embedded software systems with increasing use of Internet of Things (IoT) and cloud computing adoption due to a growing digital economy across all sectors. Software supply chain, cloud security and integrated risk management are the top expected areas of growth in the coming years.
While the cybersecurity risk and opportunities are increasing, Indian companies are suffering from a skills shortage in the cybersecurity domain. There are over 25,000 unfilled positions in cyber security profiles, and this is expected to increase with increased digital transformation initiatives. Profiles like security analyst, incident report analyst, cloud/IoT security expert, compliance assessors, security operations resources are going to see an increase in demand as organizations increase their investments in cybersecurity. The Data Security Council of India has forecasted that the cybersecurity ecosystem will expand up to a point where nearly one million professionals will be required by 2025.
Cybersecurity Careers in India
During my conversations with various cybersecurity professionals, I have observed that there is a perception that hacking, specifically ethical hacking, is a primary cybersecurity career choice. It's important to note, however, that while ethical hacking is a notable career path within cybersecurity, it is one of many specialties within the field. Below roles play a critical role in protecting an organization's information system and assets.
Security Analyst: Security analysts are responsible for monitoring an organization's systems and networks for security breaches, investigating violations when they occur, and implementing protective measures.
Penetration Tester (Ethical Hacker): These professionals simulate cyber attacks on their organization's systems to find vulnerabilities that a malicious hacker could potentially exploit.
Security Engineer: Security engineers design and build secure systems and networks, often working on firewalls, routers, VPNs, or other parts of an organization's network infrastructure.
Security Consultant: Security consultants are experts who advise organizations on their overall security strategy, often suggesting improvements and helping implement new policies or measures.
Incident Responder: Incident responders are on the front lines when a security incident happens. They work to contain the incident and then recover normal operations as quickly as possible.
Security Auditor: These professionals evaluate an organization's security measures, both physical and digital. They identify weaknesses and suggest improvements, often to ensure compliance with laws and regulations.
Security Architect: Security architects design an organization's network and computer security architecture. They develop strategies and plans for implementing robust security systems.
Cryptographer/Cryptanalyst: These roles involve designing algorithms, ciphers, and security systems to encrypt and decrypt data. They also analyze and break codes, and create new encryption methods.
Chief Information Security Officer (CISO): This is a senior-level role that involves overseeing all aspects of an organization's information security. The CISO's responsibilities typically include creating and implementing security strategy and managing a team of IT professionals.
Cybersecurity Director / Manager: This role is often reports to the CISO and plays a critical role overseeing and coordinating all aspects of an organization's cybersecurity efforts. This includes policy development, compliance, training, vendor management etc.
Forensic Computer Analyst: These analysts recover information from computers and storage devices for legal purposes. They often work on cases involving attacks or data breaches.
Security Software Developer: These developers create software that aids in cybersecurity. This can range from creating new security systems to integrating security into existing applications.
What is required to get the above roles?
Each of these roles has different requirements in terms of education and experience. Most roles will require some formal training and certification, but don't let that deter you. I have covered this in more detail in the cybersecurity careers, training and education blog post.
What are Cybersecurity professionals are getting paid in India?
Pretty awesome !! Here are some examples of IT security jobs in India, along with each job’s average wage per annum, according to Payscale.com. Keep in mind that these are average numbers with wide ranges.
Chief information security officer – INR 2,304,711
Security architect – INR 2,199,707
Information security officer – INR 1,068,233
Cybersecurity engineer – INR 644,555
Security engineer – INR 775,504
Information security analyst – INR 592,608
Network security engineer – INR 564,581
Ethical Hacker - INR 516,344
Cybersecurity analyst – INR 591,212
The demand for cybersecurity professional will only increase in the coming year and future for these careers are very bright.