Globally, technology and transformation have become almost synonymous. What’s interesting is that digital-led transformations are no longer just serving enterprise process improvements, but are going beyond to reshape business models, enable future of work, enhance customer experience, and drive sustainability goals.
A significant chunk of these transformation initiatives are being supported, shaped, and even led from India. More number of global organisations are eyeing the Indian terrain to establish their new age capability centres, and there is a palpable shift towards rendering innovation and transformation in parent organisations, from these centres.
Looking over a dozen media reports on GCCs planning to establish or expand their operations in India, just in the first few months of 2022, one can clearly see a sharp focus on engineering solutions, emerging tech, and connected enterprise, as well as the growing interest from MNCs beyond BFSI and technology firms – we are now talking about activities from industrials, auto, aerospace, consumer, and retail. An MNC in aerospace is looking to enhance global supply chains with digital capabilities delivered from the GCC. Similarly, an auto MNC is looking at scalable global innovations in vehicle engineering.
In a nutshell, the GCC growth story is now achieving scale, both in depth and breadth.
What is also noteworthy is how some of the GCCs are prioritising cybersecurity as part of their capability development, integrated product development, product research and engineering, and digital transformation. And this will only increase; because in the transformation and growth story of the parent organisation, cybersecurity is getting recognised as an enabler of businesses for which GCCs are expected to play a pivotal role.
This presents a great opportunity for GCCs to scale beyond addressing just enterprise security needs. They have the potential to move up the value chain and embed cybersecurity into transformation initiatives involving functions such as product engineering, development, finance, and R&D.
Here are four ways in which GCCs in India can power these transformation initiatives in their parent organisation, with the help of cybersecurity:
- Transforming as innovation centres and driving new product development – GCCs in India can truly pivot their offerings by absorbing the local cybersecurity developments and learnings. For example, the draft data protection bill gives an insight into the data protection and privacy needs of the country. Similarly, one could look at the cybersecurity guidelines for the power sector released by the Centre or even state-led Cyber policies and priorities. Understanding such regulatory nuances and local needs can help create niche cyber solutions or embed cybersecurity effectively in digital solutions, that can be scaled globally. India’s appetite for a digital connected future is evident from the government’s initiatives and from the rapid proliferation of digital in the country. There is a reason why MNCs are no longer looking at GCCs as their back offices. The surge in the number of capability centres by MNCs in the retail, consumer, and the auto space hints not only on the talent advantage but also that there are a lot of cues and learnings from the Indian markets that can help create smarter solutions and enhance customer and employee experiences. Cyber teams and security capabilities within the GCCs have the opportunity to embed security, privacy, and resilience in such transformational changes and product development activities. Having a cyber innovation cell, that promotes incubation or collaboration with cybersecurity startups, academia, and industry bodies can help source the right innovation. Similarly, ‘Capture The Flag’ cyber challenges can help solve intrinsic cybersecurity issues associated with emerging tech such as Artificial Intelligence, blockchain, AR/VR, and connected products.
- Moving up the governance ladder – Cybersecurity capabilities in GCCs should not remain in silos and must be consolidated to represent a single point of support and leadership, to address security needs both at an operational and strategic level. It is also important that the security leadership in the GCCs get representation in the organisational security governance, to be able to effectively play the role of a catalyst in driving strategic changes.
- Cyber talent creation – Access to the talent currency is the biggest driver for GCCs exploring the India advantage. But one must know that every organisation is after that limited cyber talent pool so GCCs must incorporate a robust talent strategy. Looking beyond the STEM talent pool, bringing in diversity, introducing cyber reskilling programmes to orient sectoral SMEs, and exploring academic collaboration are a must to create a diverse pool of cyber professionals. A big part of talent creation and development must focus on emerging technologies so that the team can not only deliver cutting-edge cyber solutions, powered by automation and AI, but also can help mitigate cyber risks emanating from digital-native, cloud-native, and AI-native platforms. Once you have the right talent, you can think of doing more.
- Exploring alternate operational models – GCCs must engage with service providers to outsource regular and maintenance activities and focus more on high-end deliveries and innovation. For example, by outsourcing some of the security operational activities in a managed service model, GCCs can improve outcomes and build efficiencies. At the same time, it provides an opportunity for in-house resources to focus on areas such as building cloud security automation, risk quantification models and frameworks, cyber crisis management plans, and embedding security and privacy in digital transformation. Further, GCCs can explore the ‘Build-Operate-Transfer’ model to design some of the newer solution deliveries, where the service provider builds processes from scratch, operationalises and enhances them, before handing over to the GCCs. Creating and leveraging the right partner ecosystem is key to scaling both in quality and quantity.
The biggest advantage that India has is the size and the scale that it offers, whether from a talent or customer standpoint. The demography is quite expansive, vivid, and digitally-oriented, and serves as a great hub for learning, experimentation, and timely failure. Everything multiplies in a vast geography like this, and that is why India is also one of the top targets for ransomware attacks. So, if an organisation is building the next big thing in tech (let’s say Metaverse), building it from India can help test the waters, both from a possibility and cyber-risk standpoint.
Gaurav Shukla, Partner and Leader, Cyber, Risk Advisory with Deloitte India.