By: Sangeeta Khorana, Anil Bhardwaj and Pranay Rao

The E-commerce Growth and Importance of MSMEs in India

The size of the e-commerce sector is projected to reach $200 billion by 2026. India's e-commerce industry has grown significantly due to internet adoption, increasing smartphone penetration, and changing consumer behaviours. While the e-commerce marketplace has generated opportunities, especially for Small and Medium Enterprises (SMEs) and Micro, Small, and Medium Enterprises (MSMEs), this has resulted in growing incidence of cybersecurity risks for small businesses – an area that needs attention.

MSMEs are a crucial part of India's economy and play a key role in several sectors. The MSME contribution to GDP stands at around 30% of India’s total gross domestic product (GDP) and more than 40% of total exports are accounted by the MSMEs is sectors such as textiles, handicrafts, pharmaceuticals, gems and jewellery. The MSME sector employs more than 11 crore individuals.

Rising Cybersecurity Challenges for MSMEs

While the shift to digitalisation and e-commerce has supported MSMEs to access new markets in India and abroad it has also introduced the need to tackle growing cybersecurity risks that these businesses face. These firms are often easy targets for cybercriminals due to their limited resources and often lack of specialised cybersecurity expertise. Furthermore, human errors often result in cybersecurity breaches. Research shows that nearly 95% of cybersecurity incidents happen due to simple mistakes, which for example include employees responding to phishing emails or failing to maintain strong and secure passwords. What makes the problem worse is that a significant proportion of MSMEs continue to depend on outdated and legacy systems which makes these firms vulnerable to cyber criminals.

In India, the cybersecurity threat landscape for SMEs is increasingly an area of concern. Reports suggest that over 62% of all SMEs have experienced cyber-related issues and the financial losses have been as much as ₹3.5 crore. Given the strategic importance of MSMEs to India's economy and the rapid growth trajectory of the e-commerce sector, addressing cybersecurity vulnerabilities is not only urgent but necessary for economic growth given this sector plays a major role in India’s vision of becoming a $5 trillion economy.

Government and MSMEs must Work Jointly to Address Cybersecurity Concerns

The growing importance of cybersecurity has been recognised. The 2025 Union Budget allocated ₹782 crore for strengthening India's cybersecurity infrastructure. The Indian Government is proactively engaging in tackling the growing threat of cyber related crimes. It has launched an online portal for reporting cybercrimes and implemented initiatives, such as the Indian Computer Emergency Response Team (CERT-In) to support national cybersecurity capabilities which provide real-time threat intelligence and incident response mechanisms. Additionally, regular cyber security simulations, drills, and exercises are being conducted for cyber security preparedness. Furthermore, there are programmes to spread cyber awareness as well as capacity building, and regular training programs for network and sysadmins, including Chief Information Security Officers (CISOs), to improve the safeguarding of IT infrastructure. Finally, the government has implemented a framework for the establishment of the Indian Cyber Crime Coordination Centre (I4C), which is tasked with handling cybercrime issues in a “comprehensive and coordinated manner.”

But more can be done - India can follow the example of conducting regular cybersecurity audits. For example, the UK's Cyber Essentials Scheme. Such audits allow SMEs to identify and rectify potential security gaps systematically to reduce vulnerabilities and enhance overall cyber resilience.

Other global practices can be emulated such as encouraging collaboration and information sharing between businesses and cybersecurity experts. For instance, organisations such as the European Union Agency for Cybersecurity (ENISA) advocate for SME participation in collaborative networks which foster collective knowledge-sharing and proactive threat management. Indian SMEs could benefit from similar industry-specific cybersecurity alliances and collaborative forums.

Lastly, in more developed markets around 40% of MSMEs utilise cyber insurance to mitigate financial risks associated with cybersecurity breaches. Indian MSMEs, too, should consider integrating cyber insurance into their risk management strategies to safeguard against potential financial and reputational damages.

However, effective cybersecurity cannot be achieved by government intervention alone. MSMEs must focus on regular employee training and awareness programmes. SMEs must ensure that their workforce is educated about the latest cyber threats, including recognising phishing attacks, maintaining secure passwords, and understanding data protection protocols. Continuous training significantly mitigates the risk of human error, one of the most common causes of cybersecurity breaches.

Securing the Future of India’s Digital Economy

The ongoing expansion of India's e-commerce sector offers massive growth opportunities for MSMEs but at the same time exposes businesses to cyber threats. For Indian MSMEs to benefit from the e-commerce sector, it is important to educate their workforce, engage in collaborative security networks, and get cyber insurance. Failure on part of MSMEs to act could jeopardise not only individual businesses but the broader economic stability and growth trajectory of India. Strengthening cybersecurity is no longer optional; it is a requirement for every MSME that is aiming to succeed in today’s digital marketplace.

Authors:
Sangeeta Khorana, Professor and Endowed Chair of International Trade Policy, Aston University, Birmingham B7 4ET
Anil Bhardwaj, Secretary General, Federation of Indian Micro and Small & Medium Enterprises (FISME)
Pranay Rao, Poole Grammer School, Poole, UK