"Cyber Security Doesn't Even Come Up In The Agenda During Talks Between Founders And Investors" The what and why of cyber security in India by Cyber expert Saket Modi.

Experts say that if a third world war were to happened it would be bloodless and completely cyber. The online world is more active than the offline one, which means so is the information online.

We are at a critical time in the world today which is characterized by rapid advances in the use of information technology, where the misuse of the facilities results in erosion of public confidence and major financial loss. Talking on these lines, we had a conversation with Saket Modi, Co-founder and CEO of Lucidus and advisor to numerous firms on cyber security, at BIZ Experiences India Annual Convention 2016 and it seems we need more help than we think on cyber security.

What's the problem with cyber security in India?

Let's understand one thing first – we are in an era where digitally things are being transformed. If you look back at ten years, technology was just office automation. You had ERP solutions and the idea was to automate whatever manually can be done so our costs would come down and we can do things faster.

Today technology is beyond office automation. It is about enhancing the customer experience, getting a competitive advantage and providing people a completely new dimension in which they can experience your product or service. This means that digital has a direct impact on your balance sheet, both the top line and the bottom line and that's a big concern for not only the CEOs but also investors and the board as the chances of getting hacked is much more now.

Hence, when something like this happens there is an increased focus and increased spend on cyber security measures. And that is reason why, if you really see, cyber security has really transformed from the spend side also. JP Morgan Chase's, for example, spend for cyber security solutions till last year was around $300 million a year and it is expected to double in the next four to five years. So if you really see, this is a massive amount of money to spend when it comes to security solutions because any large bank is supposed to understand that if they don't go digital, they will perish in the next few years. And if you're becoming a digital bank, security is the most important thing that you need to be worried about, because if somebody hacks you, you are done for life.

Therefore the spend is going up, and even if you see the hacks and the hackers, they've really changed in the last couple years too. They have gone from being scripted kiddy or a prankster to state sponsored terrorism. The Mandiant Reports talks about how China has buildings full of hackers professionally deployed by the government with the only objective of hacking into corporate's and governments' digital infrastructure in order to extract information they could use later.

So where do you see this shift?

So if you see the shift, it's really moving towards the attackers and attacks becoming more sophisticated and even defense getting stronger. However, it's still on that verge where it needs a couple of years more to really become a matured company and say that I am extremely matured and one of the top companies when it comes to cyber security. That is still not the case because even the large companies are unsure of how secured they are. How much is too much when it comes to spending? You can spend millions of dollars but if you are not spending it at the right place, that becomes a big challenge as well. The CEOs and top management of the company are still on an uncharted plane which feel will equalize in the next five to ten years and it has to happen because there's no other way.

Is mindset a major factor in cyber security?

There are two kinds of startups for me – funded startups and non-funded startups. When you're non-funded and say you're bootstrapped, generally your concern is really not cyber security and you don't even have the money to spend on that. Your goal is really to get to the market and to make the product functional and likeable, show it to the investors, get the first customers and other priorities in the initial stages. The moment you get funded, the priority shifts to the term sheet because that is what funding is all about.

Look, somebody is coming and cutting a million dollars cheque but he also says that he needs you to do X by Y amount of times. When you get funded, your entire focus is to acquire that many page views or to get that customer's validation rather than focus on things like cyber security. It doesn't really come up in the agenda in the talks between you and the investors. It doesn't go to dustbin either but it comes only at places where you see a potential hack happening or you see a fraud which has happened.

How do you plan to capture the cyber security market?

The way we work is we segment the entire potential clientele that we have. For instance, the aviation sector, the banking sector, the entire FinTech sector and even healthcare sector, these are of extreme importance because again the maturity and spending on cyber security in these industries are relatively much more. Here it doesn't require us to convince the client that they need our service. They already know that they require such services which is giving them cyber security assurance and doing risk management for them.

On the other side, which risk provider, that is what our energy goes in where we have to show them our client list, our approach note, how we do our assessment and lastly, how our team is different from other national international teams.