Increasing incidents of cyber attacks and data protection efforts globally are expected to create $35 billion revenue opportunity and employment opportunities for about a million professionals by 2025 for India, IT industry body Nasscom said on Monday.
“We estimate that cyber security is about $2.5-3 billion or about 2 per cent of the close to USD 150 billion Indian IT sector. With the sector on track to reach $350 billion by 2025, we estimate 10 per cent of this to be cyber security,” Nasscom Chair Cyber Security Task Force Rajendra Pawar said here.
He added that this will create an employment opportunity for about a million people as well.
“Another important aspect will be start ups. We expect to see about 1,000 start ups coming up in this area. This is because these smaller companies are light footed and yet have the best of technologies. Also, there has been a lot of investor interest in this area as enterprises look to stay secured against rising incidents of cyber attacks,” he said.
Last year, Nasscom had set up the task force, aimed at positioning India as a global hub for providing cyber security solutions, developing cyber security R&D plan and developing a skilled workforce of cyber security experts.
It had estimated the IT security market to be about $77 billion in 2015 and growing at over 8 per cent annually. It had estimated demand for security workforce to rise globally to six million by 2019, up from 4 million in 2015, with projected shortfall of 1.5 million.
Nasscom, along with Data Security Council of India (DSCI) and security software firm Symantec, today launched the ‘National Occupational Standards’ for 10 cyber security job roles, aimed at creating a pool of certified cyber security professionals in the country.
Symantec has also instituted scholarships to 1,000 women undertaking the cyber security certification by SSC NASSCOM.
“Building the next generation of cyber professionals is key to securing India’s critical information infrastructure, battling cybercrime and making the Digital India initiative successful,” Nasscom President R Chandrashekhar said.
According to a report by PTI, NASSCOM Chair for Cyber Security Task Force, Rajesh Pawar, said, “We estimate that cyber security is about $2.5-3 billion (roughly Rs. 16,635 crores – Rs. 19,962 crores) or about 2 percent of the close to $150 billion (roughly Rs. 9,981,46 crores) Indian IT sector. With the sector on track to reach $350 billion by 2025, we estimate 10 percent of this to be cyber-security.”
Pawar also expects to see about 1,000 startups coming up in the field of cyber security. He says that this is because the startups will utilize the best technologies. These have already generated a lot of interest from investors as enterprises are looking to stay secure against the rising threat of cyber attacks.
NASSCOM, along with the Data Security Council of India (DSCI) and Symantec, has also launched the National Occupational Standards for 10 cyber security-related jobs. The aim of this is to create a pool of certified cyber security professionals in India. Symantec has also instituted scholarships to 1,000 women undertaking the cyber-security certification by SSC NASSCOM.
Is it a Realistic Plan?
Will Nasscom’s new task force for developing a cyber-security R&D plan, along with a charter to develop a skilled workforce of cyber security experts, achieve the desired result? Many leaders express doubts.
Dr. Ashwini Sharma, director general of the Indian government’s National Institute of Electronics and Information Technology, notes: “India can produce 40,000 or less cyber security professionals per year, whereas the demand is around 500,000 per year”
So, creating 1 million jobs would be a Herculean task, given the ambiguity surrounding who the takers are and how to source trainers.
The challenge I see is that the government, academia and industry are not on the same page regarding skill development. What’s missing is industry participation in closely monitoring academia’s initiatives, their relevance to industry needs and also the effort in defining job roles.
Security critics say it’s important to find the right academic and skill development partner to prescribe relevant curricula and courses. The next challenge? To identify enough qualified security trainers. Where will we source them from? Nasscom’s recent initiative to partner with Symantec to launch National Occupational Standards for 10 cyber security job roles, as part of its initiative to create a pool of professionals, has also been questioned. Critics say the vendor’s role is to create products, not prescribe courses for India’s skill development program.
The key concern: Nasscom is not designing a structured program to grow the number of cyber security professionals in India. Nasscom apparently identified 40 job roles in cyber security, without properly evaluating the career roadmap.
And some critics argue that Nasscom’s cyber security market growth projections lack a true understanding of the cyber security market.
The real question we need to answer is this: Are practitioners able to adopt new technologies and methods for responding to threats and stay one step ahead of cybercriminals by building capabilities to defend digital infrastructure?
A Pragmatic Approach
A piecemeal approach will not work. “The best practice for the government is to constantly feed information to academia on skills required and support developing skills around them; this helps academia return the knowledge in the form of skilled professionals,” says Ponnurangam Kumaraguru, who founded the Cyber Security Education and Research Center, is a Hemant Bharat Ram Faculty research fellow, as well as an associate professor at IIIT Delhi.
Mohan of the CISO Cybersecurity Academy offers a similar point of view: “Nasscom must take a holistic approach, striking a balance between online and on-premises courses, and shortlist roles with great career progression.”
Because cybersecurity is a relatively new domain, there is a huge responsibility for Nasscom and others to help enhance educational opportunities, given that there only eight master trainers in India, according to the Indian government’s Department of Electronics and IT.
The existing courses run by various institutions are presently being pursued by two categories of people: those who are working in an occupation where cybercrime is a real threat, and those who take these courses to supplement their existing skill sets because this increases their employability.
Nasscom should tap all industry verticals and assess the need for cyber security skills and required jobs before working out a skill development program. It must collaborate with other industry bodies and organizations, and understand the nuances of each industry and its cyber security growth potential, before prescribing curriculum for colleges and universities.