Domestic uptake vital for growth of home-grown cyber solutions, signals shift in policy priorities
India’s cybersecurity future hinges not just on technological innovation, but on local demand—and the economic commitment that underpins it. That was the clear message delivered by S. Krishnan, Secretary at the Ministry of Electronics and Information Technology (MeitY), during the launch of a white paper on post-quantum cyber readiness by CERT-In and cybersecurity firm SISA.
Domestic demand: missing link in India’s cybersecurity ambition
Krishnan warned that India’s cybersecurity ecosystem will struggle to mature unless businesses and institutions begin paying for cybersecurity services and tools. “This won’t change until Indians start paying for cybersecurity tools and services,” he said, highlighting a persistent gap between the availability of solutions and their actual adoption in the market.
He noted that Cert-In recommends allocating around 15 to 20 per cent of total spending on software, IT, and digital infrastructure to cybersecurity. However, few domestic organisations meet this benchmark, resulting in an underfunded and underprepared sector.
Challenge of market & capacity
The government is considering policies to mandate the use of Indian-made cybersecurity products in strategic sectors. However, Krishnan cautioned against premature implementation of such mandates without first ensuring a mature domestic market. “It’s a chicken-and-egg situation,” he explained. “Domestic capacity can’t grow without a strong market, and without that capacity, mandates aren’t feasible.”
He also stressed that India’s reliance on foreign technology—particularly in sensitive areas such as AI, quantum cryptography, and deep-tech—poses a national security risk. “India’s not very friendly neighbourhood makes cybersecurity even more urgent,” Krishnan said, underlining the need for hardware and software that is designed and manufactured in India.
Post-quantum urgency & policy readiness
The white paper released by CERT-In and SISA highlights growing global concern over the impact of quantum computing on current encryption standards. It warns that if encrypted data collected today needs to remain confidential after 2030, it is already at risk.
Krishnan urged organisations to start adopting post-quantum cryptographic standards even if they are not currently using quantum systems. The shift, he said, is essential to protect data against emerging threats, emphasising that early action is the only viable defence.
Financing deep-tech startups is strategic imperative
The IT Secretary also addressed structural funding issues facing India’s deep-tech startups, many of which are active in cybersecurity. He pointed out that gaps in late-stage financing risk pushing these firms towards mergers or acquisitions abroad—undermining domestic innovation and strategic autonomy.
Currently, various ministries operate overlapping programmes for startup support, leading to inefficiencies. Krishnan called for a streamlined, unified approach to funding, better aligned with national priorities. Doing so, he suggested, would help secure India’s long-term technological independence in critical areas of cybersecurity.
India’s cyber future will be determined not only by its technical capabilities but by its willingness to pay for and prioritise digital resilience. As policymakers push for deeper alignment between market demand, domestic innovation, and strategic goals, the country faces a pivotal moment. Without a robust internal market and clear investment in home-grown tools, India may remain reliant on foreign resources in a domain where independence is increasingly critical.
