Analyzing Cyber Security: An Organization Approach of Implementing Cyber Security Policies and Awareness for Micro, Small & Medium Enterprises in India

Abstract

MSMEs power India’s economy. As they move fast in adapting digital tools for sales, daily payments, and operations, cyberattacks are rising and can wipe out years of work. Surveys suggest more than half of MSMEs have faced a cyber incident, and many struggle to recover.
This study looks at how Indian MSMEs adopt basic cyber safety. We used interviews with owners in manufacturing and services, plus public data (MSME Ministry, DSCI, NITI Aayog). We also consider simple impacts of key rules: CERT-In’s 2022 directions (incident reporting, log keeping) and the DPDP Act 2023 (personal data protection). The study aims to identify possible gaps and challenges an organization faces in the implementation of cybersecurity policies and procedures and provide effective recommendations for improvement.
According to a study conducted by DSCI (2025), 60% of the Indian market’s one-person companies (OPCs) and micro, small, and medium enterprises (MSMEs) have at least faced a cyber incident in the past two years. Whereas, insufficient funding, lack of technical expertise, and a lack of accessibility to cybersecurity resources create difficulties in the protection of assets within an organization. Hence, cyber risk poses a direct business impact and sustainability challenge rather than a purely technical issue.
Three barriers keep coming up: people (low awareness), budget (limited funds), and skills (lack of affordable experts). Many firms lack basic training, clear roles, and cost-effective support.
We suggest a full-phased, practical roadmap starting with security hygiene like MFA (Multi-Factor Authentication), regular backups, patching, and employee awareness; adding light governance (clear owners, simple policies, vendor checks); then moving to ongoing monitoring (alerts, drills). Policy support should focus on training, easy financing via government subsidies provided by SIDBI/CGTMSE, and simpler compliance. The goal: make cyber safety part of business continuity and build digital trust. The research also contributes to the development of employees by adopting various cybersecurity practices, such as security architecture review, penetration testing (PT), DevSecOps, identity access management (IAM), endpoint security, application security (AppSec), etc., for MSMEs operating in India, helping to protect their digital assets and safeguard against cyberattacks.