top of page
  • Writer's pictureBiz Industry

KPMG in India, DSCI and nasscom report ‘Secure in India 2023’ on GCC empowered global cybersecurity and digital risk management

KPMG in India, DSCI and nasscom report ‘Secure in India 2023’ on GCC empowered global cybersecurity and digital risk management

December 21, 2023: Organisations across industries and geographies are increasingly relying on digital technologies. We are in an era where digital advancements transform the landscape across sectors, especially within global organisations that operate their Global Capability Centers (GCCs) out of India. With this reliance comes the challenge of protecting networks and data from cyber threats, highlighting the critical need for skilled cybersecurity professionals. There is an immediate need to move at a faster pace in this landscape to ensure security considerations are embedded in emerging domains such as, but not limited to, 5G, Artificial Intelligence (AI), Machine Learning (ML), Non-Fungible Tokens (NFT), metaverse, cryptocurrency regulations, blockchain, Internet of Things (IoT), drone technology, Virtual Reality, Augmented Reality, robotics and automation, and 3D printing.

As the need for robust cybersecurity measures become more critical than ever before, Global Capability Centres (GCCs) are poised to take the lead in devising strategic direction, improving governance, and consistently embedding the 'security and safety by design' approach across industries in a cost-effective manner, providing greater comfort to leadership on the management of cybersecurity risks.

The ‘Secure in India 2023’ report emphasizes the empowerment of global organisations by cyber GCCs in addressing cybersecurity and digital risks, incorporating emerging business and digital technology frameworks. The insights also mirror the changes in a post-COVID-19 landscape, offering essential guidance for cyber GCCs to maintain a competitive edge by evolving into global 'centers of expertise' and facilitating global organisations in achieving security excellence, particularly in India.



  • Global organisations continue to invest in cyber GCCs to manage cyber and digital risks - about 89 per cent of cyber GCC CISOs participate in global committees governing cybersecurity

  • About 78 per cent of cyber GCCs are unlocking horizontal value as teams across their three lines of defence (3LOD) actively collaborate for managing cybersecurity and digital risks

  • Cybersecurity talent continues to be the top driver for cyber GCC leverage – about 81 per cent of cyber skill demand is noted for cloud security, which is the maximum increase

  • Cyber GCCs focus on culture of innovation to manage risks effectively - about 39 per cent of the organisations surveyed are leveraging, Artificial Intelligence (AI) and Machine Learning (ML) for cybersecurity

  • Top five drivers to establish cyber GCCs include:

o   Availability of cybersecurity skills

o   Cost arbitrage

o   Round-the-clock delivery

o   Cyber innovation, research, and development

o   Proximity with other business functions

Commenting on the report, Atul Gupta, Partner and Head – Digital Trust, KPMG in India said, “GCCs characterizes the phrase Vasudhaiva Kutumbakam (World is one family) and increased growth rate of GCCs demonstrate that there is significant opportunity for talent and skill that transcends across boundaries. Cyber function in GCCs play an instrumental role to enable trust across digital channels and provide competitive advantage to the global organisation. The third edition of the "Secure in India" report, clearly indicates the importance of cyber GCCs and also highlights that they are pivotal in designing, driving and implementing the cyber strategy for large global enterprises. Amongst various attributes that GCC provides, ability to innovate positions them uniquely. Cyber GCCs will continue to remain a strategic function that will steer global entities through the intricacies of cybersecurity and digital risk management.

At the launch, Vinayak Godse, CEO, DSCI, said, “India is a leading hub of cybersecurity and digital risk management.  Skilled cybersecurity talent pool and the technology innovation ecosystem attract global cyber security work to the country. Around 28% of global organizations have over half of their cybersecurity teams based out of India, 17% of them have more than 75% teams in India. 89% of GCCs participated in the global strategic and governance decision making.  At DSCI, we are seeing an increasing number of GCCs engaged in cyber innovation, working with local start-up ecosystem. They engage with government entities and regulatory bodies in the matters of policies and regulation. The collaboration between cyber GCCs and the broader ecosystem will foster cybersecurity innovation and build global cyber resilience.”


About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.


KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.


About DSCI

Data Security Council of India (DSCI) is a not-for-profit, industry body on data protection in India, setup by nasscom®, committed towards making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI works together with the Government and their agencies, law enforcement agencies, industry sectors including IT-BPM, BFSI, CII, Telecom, industry associations, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives.


26 views0 comments


bottom of page