India Is an Emerging Hotbed of Cybersecurity Startups
There are now 124 Indian cybersecurity startups
My interest in the Indian cybersecurity industry was piqued the first time I took a briefing from an Indian startup. I was still at Gartner so this was twenty years ago. The founders described how they were going to create an outsourced pentesting firm. It made sense that a country which had become a major player in the world of software development and outsourced services would show signs of getting into cybersecurity.
Years later I got a chance to visit the offices of Cyberoam in Ahmedebad. They seemed late to the market with their UTM appliances, but India has a lot of businesses that needed network security. Cyberoam thrived and became one of the first successful exits. It was acquired by Sophos in 2014. The founder, Hamel Patel, actually lived in the US but the company was based in India and sold mostly locally but was expanding into Africa and Europe.
Then there was Smokescreen, a small startup in the deception space that was acquired by Zscaler in 2021. The founders had been consultants at one of the Big Four so knew the enterprise space.
As I have written in Security Yearbook 2022, a city or country’s cybersecurity industry starts to percolate when there are successful exits. I argue that Israel became a powerhouse after Check Point Software went public 28 years ago. Investors get a taste of the returns on cybersecurity investments, and other founders are motivated to follow suit. I see that starting to happen in India.
Pulling up the Explore tool in IT-Harvest’s platform for researching the cybersecurity industry I find that there are 70 vendors headquartered in India.
That makes India number six in the world. The US still leads by a wide margin with 1,704 and Israel number two with 273.
Leaving out the giant consulting firms like Tata, Wipro, Infosys, and HCL (all have MSSP offerings) the total investment in the startups is only $115 million and total employment is 8,901.
But wait, these are the vendors that list India as their headquarters. What about the vendors that have established their headquarters in the US but are essentially Indian companies? How to count them?
When evaluating a company’s claim for residency in the US I apply two litmus tests:
Do they have a real address in the US? Often Google Street View reveals a FedEx office. Or even a vacant lot in Florida.
Do the founders live in the US?
India is following the play book of Israel which has proved so successful. Establish a beachhead in the US as soon as possible. How can I account for companies that would be considered “Indian” even if our platform counts them as US?
I asked my team (in India!) to capture where each vendor’s employees live. That shows up in the pie chart on each vendor’s page.
Cyble, for instance, maintains an office is Georgia but only has 6 employees in the US.
Ninety our of 117 employees live in India.
If I arbitrarily choose 60% as the percent of employees at a company that makes it “Indian” (Qualys has 59%) I uncover 54 additional vendors. That makes 124 total Indian cybersecurity vendors. Forty seven in the US. Four have Singapore headquarters. Three in the UK. One in Israel and one in Ireland.
Here is the list of additional vendors.
There is no questions that India is starting to have a dramatic impact on the overall cybersecurity industry. I fully expect to see a unicorn come out of India in the next three years and investments to accelerate.
If you spend a lot of time researching the cybersecurity industry you should get access to dashboard.it-harvest.com right away. The 4,000 hours I have put into curating this data will save you, at the very least, hundreds of hours.