Posted By: Uniken | Posted On: February 5, 2020
Big firms are turning to cyber security startups dotting India as they look for niche solutions as against end-to-end management offered by transnationals
Priyanka Sangani | ETtech | January 31, 2020, 07:17 IST
Large enterprises are turning to small, niche startups offering specific cyber security services, rather than depend on multinationals who provide end-to-end solutions. Startups including Lucideus, Uniken, Kratikal, Sequeretek and Sectona, are already creating innovative products for customers, at a time when closed-loop solutions are no longer feasible due to an actively evolving cyber space.
The overall market for cyber security is growing rapidly in India as well as globally.
According to IT consultancy firm Gartner, end-user spending on information security and risk management is expected to touch $2.2 billion in 2020, continuing its double-digit growth from last year.
Currently, there are more than 200 cyber security startups in India, according to industry estimates, all fighting for a share of the pie largely controlled by big firms such as Palo Alto Networks, Symantec and FireEye.
“Companies need a deeper security strategy since there is now a larger attack surface as digital has become so pervasive,” says Prashant Bhat, managing director, cyber security and privacy at consulting firm Protiviti India.
Last year, when Punjab National Bank wanted to adopt a security solution for its mobile banking app, it skipped the established leaders in favour of identity and access management startup Uniken.
“Through Uniken...we got access to a lot of security features that will help our customers make transactions through our PNB Verify app conveniently and quickly,” says Divyang Rastogi, AGM-IT, Punjab National Bank.
No other country offers the kind of complex ecosystem that India does in mobile security. If a product works here, it will work anywhere, says Bimal Gandhi, CEO of Uniken, which also has a significant presence in the United States and Israel.
Most niche cyber security companies such as Uniken were set up six to seven years ago, but the market for their services has matured only now. For instance, Kratikal was set up in 2013 when founder Pavan Kushwaha became a victim of a phishing attack.
“Since formally launching in 2015, we’ve created four solutions which tackle the ‘people’ part of the cybersecurity problem,” Kushwaha says.
Lucideus, one of the largest cybersecurity startups in India which was incubated at IIT-Bombay, has worked with the biggest players in the financial services space, like HDFC Bank and the National Payments Corporation of India.
“Companies have a more refined way of looking at their tech stack. The way healthcare has moved — from going to a general practitioner to a specialist — so also in cyber security,” says Saket Modi, CEO of Lucideus, which claims to be growing at 300% annually.
The company is now eyeing the United States for its cyber risk quantifying product. Kratikal, too, is readying a foray into the same region.
The cyber security market is slowly shifting from a dependence on big companies.
“International vendors do not have sufficient number of regional resources in India, and as a result, clients face poor implementation and technical support issues,” says Rajpreet Kaur, principal analyst, Gartner. “Many executives of large tech firms who were working in the US or in India saw this as an opportunity and started their own cybersecurity startups.”
Within cyber security, some segments are too small a market for larger firms to invest in. So, they focus on bigger growth areas, says Uniken’s Gandhi.
Multinationals also tend to be more rigid in pricing, while Indian companies are flexible and offer customised solutions, says Bhat of Protiviti India.
“Most traditional firms have stayed where they are globally, which is why you have so many startups popping up,” says Mukul Shrivastava, Partner, Forensic and Integrity Services, EY India.
Multinationals were always seen as stable organisations, but recent global mergers and acquisitions have changed that, says Pankit Desai, CEO of Sequretek, which offers products around endpoint security, access governance and threat intelligence.
This has compounded client issues, as the organisations themselves are in the midst of a transition. “The companies that have survived the first five to seven years have shown they have the capabilities, and fundraising has brought in global credibility as well,” he says.
The boutique approach also works for larger enterprises.
“Often companies want their service providers to handhold them through the process,” says Nitish Kumar, CEO of Sectona, which provides privileged access management solutions for cloud-first companies.
These companies may not have the cheapest product, but their running costs tend to be lower once maintenance and service charges are built in.
Initially, most niche cyber security firms focused on offering a single product, or products within the same domain, but they soon realised that was not enough. “We got into consulting this year to grow revenues further,” said Trishneet Arora, CEO of TAC Security, which started out with a product that provided cyber security officers with a risk score on their apps to determine vulnerabilities in their systems.
Changes in government policy, however, have helped small players.
The Public Procurement Order of 2017 has given a boost to ‘Made in India’ products.
“This also did away with the minimum experience and turnover requirement for startups, which has let more companies bid for contracts,” said Karmesh Gupta, co-founder, WiJungle, which offers unified network security solutions.
“The slowdown has helped to an extent, as companies are looking at ways of reducing operating expenses,” Gupta says.
It is not all smooth sailing, though.
Most companies need to meet certain US certification standards that cost Rs 60 lakh-Rs 2 crore. Testing products in a qualified lab is also expensive. Startups say the government needs to step in and offer a testing and certification facility locally.
Cost arbitrage also plays a role when most companies look at savings. “Even as budgets tighten, companies have no choice but to protect themselves. This is critical,” says EY’s Shrivastava.
However, given the fact that some of these firms are starting to provide similar, and often unique, products and services at lower cost, a shift to niche is certainly under way.