In an exclusive conversation with BW Businessworld’s Rohit Chintapali, Kaspersky Founder and CEO Eugene Kaspersky discusses the company’s changing business strategies, his views on the Indian market compared to China and the US, and insights on the delicate balance between technology innovation and regulatory frameworks in the age of AI and deep fakes. Excerpts:
Widely-known for antivirus and consumer solutions, how has Kaspersky’s business model changed over the years?
You are right. Evolving from our origins as a consumer company, the business has undergone remarkable changes. We transitioned to B2B solutions, extending from small businesses to enterprises in recent years. Our product line-up transformed from antivirus to comprehensive internet security, safeguarding privacy alongside malware defence. Notably, our Enterprise XDR platform embraces openness, accommodating third-party tools while functioning on-premises and in the cloud.
Our significant pivot has been into industrial security, notably encompassing industrial immunity—a distinct business sphere altogether. This differentiation between security and immunity is pivotal. Under the cybersecurity umbrella, our offerings include software products, supported by partners and integrators for installation and management within enterprise landscapes. In contrast, our cyber immunity domain involves a wholly separate set of partners—primarily production companies and manufacturers—constituting an entirely different business landscape.
Don’t you think that this pivot happened a bit too late?
We did find ourselves lagging behind for a while due to resource constraints. We had to play catch-up. However, what sets us apart from our competitors is our commitment to protection quality. Throughout, we consistently outperformed others in various tests, effectively safeguarding our customers with top-tier security. Admittedly, our product functionality was not as advanced as some of our feature-rich competitors. Nevertheless, our security standards always ranked at the pinnacle. Many companies talk about “security by design,” but often struggle with its execution. Unlike them, we have a well-established operating system for achieving it.
How do you segment Kaspersky’s business?
We maintain two primary lines of business. The first encompasses consumers and the second caters to enterprises. Notably, the enterprise segment accounts for over half of our operations, whereas the consumer sector contributes a smaller portion. Additionally, our industrial security division, while currently modest in size, is experiencing double-digit growth.
Kaspersky APAC head Adrian Hia said that cybersecurity spends are not up to the mark in APAC. But every company we talk to says it has increased investments in security. Your comments?
Today, all companies are spending more on cybersecurity because criminals are getting smarter and targeting not just small businesses but also enterprises and the industrial sector. They are forced to invest. But this is a dead-end-strategy. You cannot really be investing everything into cybersecurity. That is why we are working on the “security by design”.
How does India stand out as a market in APAC for Kaspersky?
All the countries are equal to us because they are all connected to the same internet. However, all countries are unique in their own ways as well. India is unique because of the population and internet penetration. Also, there is huge availability of software skills. Our key focus is on building ecosystem of the production companies (of the vendors which develop the internet of things) based on our operating system.
How do you see India differ from countries like China and the US?
China is very different because it is over-regulated. It has strict government regulations and it is simply not possible to get into the government segment or approach top enterprises if you are not a Chinese company. It is the same in the United States. But the Indian market is more open. We see more opportunities in India.
Kaspersky gets a lot of criticism from the US but you say that your company looks at all countries equally. Is there a rationale behind the heat coming from the US?
We are just the best in detecting state-sponsored cyber espionage. This includes American, Russian, and Chinese espionage. If there is Indian espionage, we will detect it as well. Most countries behave normally because our job is to protect from any kind of malware but US seems to hate us.
India seems to be holding off on AI regulations as it may hinder innovation. Meanwhile, tech leaders across the globe are stressing the need for an AI regulatory framework. What are your thoughts on this?
I believe this issue requires a balanced perspective. In instances where excessive regulations are introduced, they can complicate the innovation process, particularly for non-critical products and services. However, when it comes to safeguarding critical infrastructure, regulations are non-negotiable due to the inherent risks. It is a matter of safety.
Our engagement extends to collaborating with various nations, including Russia, to develop robust regulations. The goal is to create a comprehensive regulatory framework for critical infrastructure. Russia is making strides in this direction, and we are open to sharing our expertise with other nations, such as India, to collectively enhance global cybersecurity measures.
In the era of deep fakes, are things like video KYC safe? It is undertaken by the largest banks in India...
But even the fingerprints are not safe. I said this many years ago that deep fakes and 3D printers are going to be a disaster for criminologists and traditional police investigations. Fingerprints today can be fake, so can be eye scans. Even a face can be fake. DNA still works but other things can be compromised.
In that case, is it fair to say that everyone must be paranoid since technology and internet are pervasive? What should be the approach?
To be too paranoid is wrong. Similarly, being too naïve would be incorrect. We need to find the right balance.