India's IT edge eroded by terror and crime
By Sudha Ramachandran
BANGALORE - Are India and its software hub, Bangalore, in danger of losing their competitive edge because of the rising costs of operating here?
India's large pool of technically skilled, English-speaking manpower and low operating costs have made the country an attractive location for multinational companies, especially in the information-technology and IT-enabled-services sectors.
But this might be changing, warn analysts. With the IT sector increasingly figuring on the agenda of terrorists and a range of other threats to employees and data safety emerging, there is a growing concern that the cost of stepping up security could erode India's cost advantage.
Unease over the issue, which has been rising over the past couple of years, has spiked in recent months as evidence of possible terror threats to Bangalore has emerged.
Two weeks ago, a suspected Kashmiri militant was arrested in a Bangalore suburb. According to police, he was carrying arms and ammunition, a satellite phone, SIM (subscriber identity module) cards and a map of the city with markings indicating the locations of the airport and the offices of IT majors Wipro Technologies Ltd and Infosys Technologies.
This is not the first time that Bangalore and its IT sector have appeared on the terrorist radar. Intelligence agencies have been warning of possible attacks on IT companies since 2004. Interrogation of arrested terrorists had revealed that Bangalore was a target. In December 2005, an armed attack on the Indian Institute of Science, a premier scientific-research institution, confirmed that the city was indeed vulnerable to terrorism. Investigations and search operations that followed the attack indicated the existence of sleeper cells and a terror network in several towns in Karnataka state.
Then last July, a software engineer - reportedly a former employee at Oracle India in Mysore, a town 145 kilometers from Bangalore and an emerging software hub - was taken into custody for alleged involvement in the serial bomb blasts on suburban trains in Mumbai. In October, two men with suspected links to the Pakistan-backed al-Badr were arrested in Mysore.
Indian authorities have been saying that the IT sector is vulnerable to attacks as such terrorist outfits as the Lashkar-e-Toiba are keen to undermine India's growing economic might and international profile. Indian IT giants such as Wipro and Infosys have been identified as likely targets. No multinational company has yet been identified as a likely terrorist target.
However, multinational companies seem to be no less vulnerable. The US State Department issued alerts in 2005 and 2006 warning its citizens of possible attacks on US interests in Delhi, Mumbai, Kolkata and Hyderabad.
Indian intelligence agencies have been warning that in the context of growing ties between India and the United States, the possibility of jihadis attacking US interests in India is growing. "The US Embassy and consulates in India are fortresses. It would be far easier to strike a multinational company. Such an attack would accomplish multiple objectives - hit the Americans, the Indian economy and India's ties with the US," an Intelligence Bureau official told Asia Times Online in October.
Besides the threat of terror, data theft is another problem that IT and business process outsourcing (BPO) companies are having to counter. In 2005, present and former employees of Mphasis, an Indian back-office service provider, were found to be defrauding Citibank customers in New York of more than US$350,000. Last June, Nadeem Kashmiri, an employee of HSBC who was alleged to be part of the Lashkar-e-Toiba network, was arrested in Bangalore for alleged Internet fraud.
And then in November, corporate India found itself staring at another problem after the kidnapping of the three-year-old son of Naresh Gupta, chief executive officer of Adobe India. The child's abduction took place just outside his home in Noida's Sector 15, a well-off and "secure" neighborhood.
Tens of thousands of children and adults are abducted for ransom every year in India, many of them in the states of Bihar and Uttar Pradesh, where kidnapping is a flourishing industry. Most of these kidnappings go unreported and unnoticed.
This was not the case with three-year-old Anant Gupta. His kidnapping caught the attention of the media and corporate India.
Noida, which is in Uttar Pradesh, skirts India's capital, New Delhi. It is among the country's most affluent districts, being home to some of the largest software and BPO companies. And it has attracted criminals from Uttar Pradesh's badlands in droves. Last year there were 15 shootings in Noida. While the crime situation in Bangalore is nowhere near as bad as it is in Noida, the crime rate here is rising, with IT and BPO employees increasingly being targeted by criminal elements.
Intelligence sources say the threat of terrorism is scaring multinational companies. But security and risk-management consultants are more cautious in their assessment.
"While the threat is indeed not something that IT or any other industry sector can afford to ignore," the threat is not "scaring them to the point of quitting India", B S Nagaraj, manager of public policy and risk management at Hill & Associates (India) Private Ltd, told Asia Times Online. He said that although there have been major terrorist attacks in Mumbai and Delhi in the past, "to our knowledge, there are no instances of any multinational company quitting India only because of the threat of terrorism".
He said that "typically, multinational companies operating out of emerging markets like India have lower risk tolerance than their home-grown counterparts. But if the threat is specific [as in the case of Infosys], both Indian and foreign companies operating in India would have reason to worry."
While terror threats of a general nature might not be scaring companies, the cost of beefing up security is an issue of concern.
IT and BPO companies are stepping up arrangements to secure themselves. Even the smallest companies have moved beyond relying merely on guards to acquiring electronic surveillance and access-control systems. And companies, especially those operating in such areas as Noida, are said also to be showing some interest in securing kidnap and ransom (K&R) insurance cover for their senior management executives.
Some are calling for monitoring of employees. A senior official at Private Eye (Pvt) Ltd, an agency in Bangalore that provides personnel and equipment to multinational companies such as Hewlett-Packard, Philips and Delphi, said upgrading physical security and controlling access to facilities alone is not enough, as the threat to security could be from within. "Companies screen employees before hiring them. But it has to be an ongoing process," he said.
Obviously, all this will cost more money.
According to Stratfor, "Security costs to companies involve not only cash outlays for physical security upgrades and technology, but also manifest in terms of contingency planning and salaries for in-country security staff. Demand for qualified and well-connected security managers in India has increased dramatically over the past two years. This trend is driven not only by perceptions of growing risks, but also by cannibalization within the corporate sector, with companies poaching security managers from one another. (The poaching trend also has indirect implications for cost structures, as it leads to escalating salary offers and expectations. Of course, that's a good thing for security managers, but bad for the bottom line.)
"Corporate bean-counters will be watching these costs carefully and will factor them into risk/benefit analyses. The tolerance for risk varies from company to company, of course; but should the terror threat necessitate increased security for employees and facilities, or should the kidnapping threat require protective details, armored cars and expensive K&R insurance policies for executives, or should the theft of intellectual property and the personal data of customers require expensive efforts to vet and monitor personnel and IT security safeguards, the cost-efficiency ratio that has favored India for so long eventually could begin to tip in the other direction."
Hill & Associates is less worried, however. "Multinational companies have so far not really invested heavily in securing their assets and personnel specifically against the threat from terrorism. Even if they do, the costs of operating out of India would surely outweigh the benefits," observed Nagaraj.
It is only BPO companies that are handling low-end tasks that need to be worried in the near future, as it is low cost that keeps them in business. This is not the case with high-end outsourcing, which is what many Indian BPOs are doing.
While cost is an important driver of high-end outsourcing, what really matters "is the capability, rigor, resources, rapid turnaround times and the ability of the outsourced partner to adapt to client's requirements and processes and deliver to specifications", Hemendra Aran, chief executive officer of Aranca, an end-to-end provider of custom investment, business and economic research, has argued.
And software professionals in Bangalore are even less worried. They insist that India's advantage is not just about getting work done cheap; it is about high-tech skills that few other countries can match.
Mounting security threats notwithstanding, Indian companies and multinationals are not reaching for the panic button yet.
Sudha Ramachandran is an independent journalist/researcher based in Bangalore.
http://www.atimes.com/atimes/South_Asia/IA18Df02.html
