Security Setup
Indian SMEs face 265M+ cyber attacks per year (CERT-In 2024 data) — phishing, ransomware, credential theft, and supply-chain attacks. Most SMEs have weak defences not because they cannot afford security, but because they do not know where to start. Below is the practical 9-step cybersecurity setup for Indian SMEs (10-200 employees), in order of impact-per-rupee.
Industry benchmark: 5-10% of IT budget. For a 50-person Indian SME with ₹30 lakh/year IT spend, security spend should be ₹1.5-3 lakh/year. Breakdown: endpoint security ₹1.5 lakh, email security included in M365 Business Premium, MFA free, backup ₹50,000, training ₹30,000, annual VAPT ₹50,000-1 lakh.
MFA across all critical systems — highest impact at near-zero cost. Blocks 99%+ of credential-based attacks. After MFA, endpoint security (EDR) is the next highest-impact spend. Together, these two address ~85% of common cyber threats to Indian SMEs.
Yes, since April 2022 CERT-In directions. All Indian service providers and corporates must: (1) Synchronise system clocks with NPL, (2) Report security incidents to CERT-In within 6 hours, (3) Maintain logs for 180 days. For Indian SMEs handling customer data, compliance is essential — fines start at ₹1 lakh per day for non-compliance with reporting obligations.
For business use, pay for endpoint security (EDR). Free antivirus (Windows Defender, free Avast) provides basic signature-based detection only. EDR products (Trend Micro, Sophos, CrowdStrike) add: behaviour-based detection, ransomware rollback, centralised management, threat hunting. Cost ~₹2,500-5,000/endpoint/year is one of the highest-ROI security spends.
Three options: (1) Hire a part-time vCISO (Virtual CISO) — typically ₹50,000-1.5 lakh/month for 1-2 days/week of senior security oversight. (2) Outsource to a Managed Security Service Provider (MSSP) — ~₹1-3 lakh/month for 24/7 monitoring + incident response. (3) Start with our authorised security partner program — we set up the basics (MFA, EDR, backup, training) for a fixed ₹2-5 lakh project. After basics are in place, you can add a vCISO or MSSP for ongoing operations.
Free cybersecurity assessment for Indian SMEs — actionable 9-step roadmap in 1 day.