Actual spending on cybersecurity has always remained lower than budgeted estimates
The central government will for the first time in 2021-22 outspend its budgeted estimates on cyber security in the last eight years. In its recent Budget, the government announced that it would spend Rs 515 crore on cyber security in 2022-23, of which Rs 215 crore would go to CERT-In, the nodal agency that deals with cyber security threats. Compared to 2014-15, this is an increase of nearly 10 times.
But it also represents a reduction from Rs 552.3 crore spent on cybersecurity, as per the revised estimates of 2021-22, while the government had budgeted to spend Rs 416 crore.
Actual spending on cybersecurity has always remained lower than budgeted estimates. In 2016-17, the government had spent 88.2 per cent of its budgeted amount on cybersecurity, but in 2020-21 it could only spend 53 per cent of the budgeted amount.
For CERT-In, the last time the government crossed its budgeted estimates was in 2015-16, when instead of the budgeted expenditure of Rs 55 crore, the government spent Rs 56 crore on the agency. As per the revised estimates of 2021-22, the government will miss this year’s budget expenditure target of Rs 216 by a little less than Rs 3.
Even though spending on CERT-In has gone up four times since 2014-15, cumulative expenditure on cybersecurity in eight years (Rs 1,275 crore) is dwarfed by other countries.
The UK, as part of its National Cyber Strategy, announced a cyber and legacy IT spend of $3.5 billion over the next three years, with $152 million for cybersecurity. France in 2021 announced a new cybersecurity strategy. The US president had also signed an executive order to improve the nation’s cybersecurity.
India, in contrast, has been delaying the National Cybersecurity Strategy, which was to be announced in 2020.