In addition, foreign cybersecurity firms are opening shop here or expanding their offerings in a market that is poised for growth.
At least nine cybersecurity startups have raised funding since August last year, according to startup data intelligence platform Tracxn. Six were seed rounds and three were Series-A.
Equal, an identity management platform, raised the most at $10 million, followed by Protectt.ai, a mobile app security platform at $8.7 million, and Astra, a cloud-based penetrating testing platform at $2.7 million. The investors included high-profile firms Blume Ventures and Bessemer Venture Partners.
“Till 2023, cybersecurity was considered a cost centre as the AI space was still maturing,” said Munish Vaid, vice president (digital transformation & technology) at Primus Partners India. “It was considered a backroom IT function. It’s not the case any longer. Now it’s a priority for companies.”
Indian companies are expected to spend $3.3 billion this year on network security, security services and security software, a 16.4% uptick from the year prior, according to a Gartner forecast. The highest growth in spending is expected on security services, at $1.6 billion.
Gartner points out that that two trends are likely to play out over the course of the year: generative AI’s impact on data security, and the transition to a focus on cyber resilience, acknowledging that cyber incidents are a matter of “when, not if.”
Beyond firewalls
Cybersecurity is no longer just about setting up countermeasures, firewalls and lines of malware-detecting code. It’s moved into the realm of AI, where cloning voices, creating deepfakes and manipulating text is becoming more common.
Last year, Bharti Enterprises CEO Bharti Mittal narrated at the NDTV World Summit how scammers cloned his voice in an attempt to get his assistant to transfer a large amount of money.
“Newer threats are emerging, newer solutions, and needless to say, new investment opportunities,” said Vikram Ramasubramanian, partner at Inflection Point Ventures, which led the $600,000 pre-seed investment round in Neural Defend, a deepfake detection company.
Some of the pick-up in funding can be attributed to the government’s Digital Personal Data Protection Act. While the law has been passed, the rules are being finalised and are expected to be out this year.
“With the law’s very India-centric thinking where there is a fundamental rethinking of data governance and data privacy, that creates a lot of opportunities for local players,” said Krishna Mehra, AI partner at Elevation Capital.
For these cybersecurity startups, the competitive edge lies in building out technologies that the larger companies aren’t focusing on.
“There are new use-cases like red teaming, model poisoning prevention, agent governance and more that are AI-first use-cases which are emerging and giving Indian founders new categories to play in and not necessarily compete with existing vendors,” said Prayank Swaroop, a partner at Accel.
The bottom line is that companies are now looking at enhancing security for their AI-led operations primarily because user data hangs in the balance. For organisations, the primary concern is staying ahead of malicious actors using generative AI for phishing attacks and injecting malware into systems.
That’s why, at least in India, machine learning, generative AI security, and cloud security top the list of priorities for cybersecurity companies, according to a joint Nasscom-Data Security Council of India report. It’s why Protectt.ai is building its own AI security platform, which is slated for an August-September launch, as Mint previously reported.
Enter the foreigners
While Indian companies are working to enhance their capabilities and enter the growing market, foreign firms too have sniffed out the opportunity.
Arctic Wolf, Rubrik, ESET, Operant AI and Check Point Software have either announced expansion into India or are deepening their partnerships within the country.
“What drew us to India was, initially, conversations with security leaders working for US companies out of India. But we soon realised Indian enterprises themselves, especially in fintech and banking, face the same challenges around secure AI deployment,” said US-based Operant AI’s co-founder and chief executive Vrajesh Bhavsar.
The company recently announced it will expand operations into India.
US-Israeli cybersecurity firm Check Point Software, which has been in India since 2003, opened its second-largest global office in Bengaluru last year which will focus on R&D, it’s first in the Asia-Pacific region.
“With the increasing demand for advanced cybersecurity solutions, India will continue to be a significant growth driver,” said managing director for India and South Asia Sundar Balasubramanian.
US cybersecurity firm Arctic Wolf also set up its global capability centre in Bengaluru last year. At the time, the India GCC was meant to “accelerate the development of advanced ML models and AI-driven cybersecurity detections within its platform,” a company executive told Hindu Businessline. Arctic Wolf has now expanded its GCC operations in the country to tap the talent pool here.
What is common for cybersecurity startups and larger companies is their market. Both operate primarily in the banking, financial services, and insurance (BFSI) sector, where attacks have the most direct and fastest impact on money.
“Our primary targets are sectors where AI adoption is critical to business performance but must comply with data privacy mandates—like banking, fintech, insurance, and enterprise SaaS,” said Bhavsar of Operant AI.
