Cyber Security Policy -2024

Operational and Procedural Guidelines

Cybersecurity Policy 2024 - OPG

1 Introduction:

The Department of Electronics, IT & BT, Government of Karnataka has announced the Cyber Security
Policy 2024 vide Government Order no. ITBT 48 ADM 2021, dated:16-03-2024.
There are two parts to the Cyber Security Policy – an outward facing public part and an inward facing
government part.

1.1 Cyber Security Policy - Public

Vision:
To make Karnataka the leading cyber security hub in the country by instilling a culture of cyber security
and data privacy amongst citizens and businesses and promoting a thriving cyber security industry and
start-up ecosystem in the state.
This Cyber Security Policy focuses on five main pillars, representative of the main stakeholders of the
cyber security ecosystem – citizens of the state, technology professionals, researchers, industry, and the
government.
These are:
1. Building awareness
2. Skill building
3. Promoting research and innovation
4. Promotion of Industry and Start-ups
5. Partnerships and Collaborations for Capacity Building

1. Building awareness (Pillar 1)

Cyber-attacks and incidents of cyber-crime are rapidly growing and with the rapid adoption of the digital
technologies by small businesses, thousands of citizens are now adopting unfamiliar technologies without
being adequately equipped to safeguard their interests. The Government of Karnataka has recognized
the need to undertake customised and targeted awareness campaigns that cater to the specific
requirements of the citizens in Karnataka.
1.1. Cyber Security and Data Privacy Awareness Sessions for other government
departments
Objective: Conduct regular awareness sessions to promote cyber security and data privacy best practices
amongst government departments and agencies.
The Department of Electronics, IT, BT & ST along with CeG shall undertake the following activities:
- Schedule regular training sessions for all State Government departments, local bodies, and
panchayats.
- A comprehensive curriculum covering cyber security threats, data privacy laws, and best practices
will be developed and interactive elements such as workshops, simulations, and quizzes will be
deployed to enhance engagement.
- Pre- and post-assessment tests to measure the effectiveness of the training will be undertaken
and regular refresher courses with updates shall be provided.

2|P a g e
Cybersecurity Policy 2024 - OPG

1.2. Public Cyber Security Awareness Campaigns for vulnerable groups such as women,
children, youth, first-time users and the elderly
Objective: Raise public awareness about cyber security through campaigns and promote emergency
contact numbers for cyber-crime incidents.
The Department of Electronics, IT, BT & ST shall undertake the following activities:
- Create a calendar for regular cyber security campaigns targeting the general public.
- Utilize social media platforms, interactive technologies, and public events to disseminate
information.
- Collaborate with industry experts, academic institutions, and influencers to reach a broader
audience.
- Highlight the importance of reporting cyber-crime by promoting the use of Dial 112 and Dial 1930.
- Monitor and analyse the reach and impact of the campaigns to adjust strategies as needed.

1.3 Online Awareness Modules

Objective: Provide accessible online learning resources to educate the public on cyber security.
The Department of Electronics, IT, BT & ST shall undertake the following activities:
- Develop a series of online modules that cover basic to advanced cyber security topics.
- Ensure the modules are user-friendly and accessible to people with varying levels of digital
literacy.
- Implement a system to track progress and issue certificates upon completion of assignments.
- Encourage certified individuals to volunteer in spreading cyber security awareness.
- Publicize the availability of these modules through various channels to maximize participation.

1.4 Tailored Cyber Security workshops for Karnataka based MSME’s and start-ups
Objective: Conduct specialized awareness campaigns for MSME’s and start-ups that are particularly
vulnerable to cyber threats.
The Department of Electronics, IT, BT & ST shall undertake the following activities:
- Identify Karnataka based MSME’s and start-ups, that can benefit from the program.
- Design targeted awareness programs that address the specific needs and risks faced by smaller
organisations such as MSMEs and start-ups.
- Conduct cyber security training sessions, workshops, and camps by partnering with local
incubators, accelerators, industry associations and chambers of commerce.

1.5 Cyber Security Education in Colleges

Objective: Consider integrating a basic cyber security awareness module into college curricula.
The Department of Electronics, IT, BT & ST along with the Department of Higher Education shall undertake
the following activities:
- Constitute a curriculum advisory task force with representatives from government, industry and
educational sectors to develop a cyber security curriculum.
- Collaborate with educational institutions to assess the feasibility of introducing a cyber security
module.
- Pilot the module in select colleges and gather feedback from students and educators.
- Evaluate the pilot program's success and plan for a broader rollout if deemed effective.

3|P a g e
Cybersecurity Policy 2024 - OPG

1.6 Creation of an Online Cyber Security Resource Repository

Objective: Develop a comprehensive and easily accessible online repository of cyber security resources
The Department of Electronics, IT, BT & ST will undertake the following activities:
- Identify and curate a list of credible international and national resources related to cyber security
and data privacy.
- Include resources such as databases of spurious websites, official helplines, reputable fact-
checking websites, educational materials, and guides on cyber security best practices.
- Create comprehensive guides on the grievance redressal mechanisms available for various types
of cyber-crimes and attacks.
- Include step-by-step procedures for reporting cyber-crimes to the appropriate authorities.
- Provide contact information for relevant law enforcement agencies and support organizations.
- Utilize social media, public service announcements, and partnerships with educational
institutions and community organizations to promote the repository.

2. Skill Building (Pillar 2)

There is a growing rise for cyber security experts in India and Karnataka being the IT hub of India is poised
to fulfil a large portion of this demand. Karnataka, which is home to many prestigious technical institutes
can potentially be large source pool of cyber security professionals for the rest of the country. To ensure
the next generation of cyber security professionals are well equipped to handle the growing cyber threats
the Karnataka Government shall implement the following initiatives.

2.1 Promote cyber security as a future career option among school and college
students
Objective: To raise awareness among college and university students about cyber security as a career
option and to inform them about available high-quality training and certifications.
The Electronics, IT, BT & ST Department in association with the Department of Higher Education will
undertake the following activities:
1) Create a specialized cyber security course for students interested in cyber security specialization
within the framework of the New Education Policy, 2020.

a) Department of Electronics, IT, BT along with KITS and KDEM to constitute a working group on
Cyber security to form a course curriculum. The Working group will constitute of the following
members:

Sl. No. Designation Role

1 KITS MD
2 KDEM CEO
3 COE Cyber security expert
4 Department of Higher Representative
Education
5 Industry partner Representative

4|P a g e
Cybersecurity Policy 2024 - OPG

b) Based on the recommendations of this working group course curriculum to be developed and
introduced in higher education institutes (engineering colleges, polytechnics, vocational
courses, etc.).
c) The courses shall be credit based.
d) Faculty to be trained as per the requirements of the new course curriculum.
e) The course can be a mix of online training and in-classroom training.
f) Introduction of an online cyber security module that offers a range of courses from
introductory to advanced levels, targeting various demographics including students,
professionals, and general enthusiasts.

2.2 Internship for undergraduate and graduate students in the field of cyber security
Objective: This incentive aims to create industry-academia linkages by bridging the gap between
academic skills and cyber security industry requirements and developing skilled cyber security talent pool.
The Department of Electronics, IT, BT & ST will provide an internship reimbursement to Companies
(MNCs, MSMEs working in Cyberspace, Start-ups) providing cyber security solutions and hiring students
for cyber security roles.
Please see fiscal incentives section for details.
2.3 Establishment of a Regional Centre of Excellence in Cyber Security
Objectives of the COE:
1) Expertise Development: To develop and consolidate regional expertise in cyber security by
fostering research, education, and training programs.
2) Collaboration Hub: To facilitate collaboration among government entities, industry, academia,
and research institutions to share knowledge, resources, and best practices in cyber security.
3) Innovation and Research: To promote innovation and conduct cutting-edge research in cyber
security to address current and emerging threats and challenges.
4) Education and Training: To provide high-quality education and training programs that build a
skilled cyber security workforce equipped to handle the region's specific needs.
5) Policy and Strategy Development: To assist in the development of regional cyber security policies,
strategies, and frameworks that enhance the security posture of the region.
6) Public Awareness: To raise public awareness about cyber security risks and promote safe cyber
practices among citizens and organizations.

7) Resource Centre: To act as a repository of cyber security knowledge, best practices, and tools that
can be accessed by stakeholders in the region.
8) International Cooperation: To engage in international cooperation and partnerships to enhance
global cyber security efforts and learn from global best practices.
9) Standardization and Certification: To contribute to the development of regional cyber security
standards and certification programs that ensure quality and consistency in cyber security
products and services.
10) Technology Transfer: To facilitate the transfer of cyber security technologies and innovations
from research to market, benefiting regional industries and organizations.
11) Cyber security Ecosystem: To build a robust cyber security ecosystem that supports a resilient
and secure digital infrastructure for the region.

5|P a g e
Cybersecurity Policy 2024 - OPG

3. Promoting Research and Innovation (Pillar 3)

Karnataka is the start-up capital of the country and a global innovation hub with more than 400 global
R&D centers, ranking first in NITI Aayog’s India Innovation Index with Bengaluru alone being the world’s
fourth largest technology and innovation cluster.
The Government of Karnataka will undertake the following measures to promote R&D activities in the
state and ensure that the state continues to lead in cutting-edge research and innovation.
3.1. R&D Funding Incentive
Objective: To enhance the state's cyber security capabilities and foster innovation by providing financial
support to research projects in the cyber security domain.
For R&D projects driven by Karnataka based companies, start-ups, MSME’s( working in cyber space) in
collaboration with Karnataka-based academic institutes, a matching grant of up to a maximum of 50% of
the total project R&D cost, or up to Rs. 50 lakhs, whichever is lower will be provided. The remaining 50%
of the R&D costs can be borne by the company and/or the academic institution working on the project.
Please refer to the fiscal incentives section for further details.

3.2 Setting up a “Use Case Clearing House”

Objective: Act as a platform to identify viable research problems that can be transformed into Proof of
Concept (PoC) by researchers and start-ups, fostering innovation and practical application.
The Government of Karnataka will undertake the following steps to set up a cyber security “Use Case
Clearing House”:
1. Set up “Use Case Clearing House” as a part of the new Cyber security Centre of Excellence.
2.Clearly define the purpose of the Use Case Clearing House, including its role in identifying and
addressing cyber security challenges. Set specific, measurable objectives that align with the broader cyber
security strategy of the state.
3. Identify and engage with key stakeholders, including government agencies, industry experts, academic
institutions, and cyber security professionals. Form an advisory committee with representatives from
these groups to provide guidance and oversight.
4. Establish a legal and regulatory framework that outlines the operations of the clearinghouse, including
data privacy, intellectual property rights, and compliance with cyber security standards.
5. Allocate the necessary budgets and funding needed to establish the entity.
6. Design programs and initiatives to solicit, evaluate, and select cyber security use cases.
7. Create a structured process for researchers and startups to submit use cases.
8. Develop partnerships with academic institutions, industry, and research organizations. Facilitate
collaboration to leverage expertise and resources.
9. Provide mentorship, technical support, and access to cyber security resources. Offer funding or
incentives for selected use cases to develop into PoCs.
10. Implement a clear IP policy to protect the rights of contributors and encourage innovation. Provide
guidance on patenting, licensing, and commercialization.
11. Set up a system to track progress, measure success, and report on the impact of the clearinghouse.

4. Promotion of Industry and Start-Ups (Pillar 4)

Karnataka has emerged as a frontrunner in technological innovations. Its strategic position enables it to
spearhead domestic initiatives aimed at realizing the goal of autonomy in vital technologies and cyber

6|P a g e
Cybersecurity Policy 2024 - OPG

security measures, catering to national needs and expanding its software product exports globally. To
further enhance the reputation of Brand Karnataka, it is crucial to nurture and support the region's cyber
security sector and burgeoning start-ups.
4.1 Start-up mentorship and incubation programs
Objective: The objective of this policy is for the State Government to commit to fostering innovation
within the cyber security domain.
This initiative will identify high-potential start-ups in the cyber security field to benefit from a
comprehensive support system. The selected start-ups will gain access to expert mentorship tailored to
their growth stage, assistance in intellectual property rights management, and opportunities for industry
engagement via strategic partnerships. The program aims to create a conducive environment for these
emerging companies to flourish, contributing to the state's technological advancement and economic
growth. COE to execute.
4.2 Pilot projects for solutions developed by start-ups will be executed with support from the State
Government
Objective: To position the government as a proactive participant in the validation and adoption of
innovative cyber security solutions emerging from start-ups.
The government aims to provide Karnataka based start-ups with a platform to demonstrate the
effectiveness of their products or services through proof of concept or pilot implementations within
suitable government agencies. This initiative is designed to not only empower start-ups but also to
enhance the government's cyber security infrastructure with cutting-edge technologies.
The ultimate goal is to foster a symbiotic relationship where start-ups receive critical market exposure
and feedback, while the government benefits from early access to innovative security solutions, thereby
reinforcing the state's commitment to supporting the local cyber security ecosystem. COE to execute.
4.3 Prioritize procurement of services provided by Karnataka based start-ups
Objective: To prioritize the procurement of cyber security solutions for government departments from
start-ups based in Karnataka.
By offering preferential treatment to Karnataka-based start-ups, the policy aims to encourage innovation
within the region, support the development of a robust cyber security infrastructure, and create a
competitive advantage for local enterprises in the government procurement process. Start-ups to be
empanelled through the preferential market access program.
4.4 Reimbursement to start-ups undertaking regular cybersecurity audits
Objective: The objective of the policy is to create an environment of cyber security awareness and
promote the regular cyber security audits and incident management activities in smaller organizations
such as start-ups.
The Government of Karnataka will reimburse the cost up to a maximum of INR 1 lakh towards engagement
of Karnataka-based, CERT-In empaneled service providers by start-ups registered with Karnataka Start-up
Cell for cyber security audit, incident management and incident response activities. This may be availed
by a start-up once over the policy period.
This benefit will be provided to 100 start-ups each year.
Please refer the fiscal incentive section for details.
4.5 Mentorship opportunities for business innovators in the state in particular start-ups and MSMEs
Objective: To cultivate a widespread awareness of cyber risks among business innovators in Karnataka,
particularly targeting start-ups and Micro, Small, and Medium Enterprises (MSMEs) working on cyber
space.

7|P a g e
Cybersecurity Policy 2024 - OPG

The aim is to mentor these entities in integrating "security by design" and "privacy by design" principles
into their business models and product development processes. This initiative seeks to embed a proactive
approach to cyber security and data privacy from the outset, ensuring that these critical aspects are not
afterthoughts but foundational elements of their business strategies. By doing so, the policy intends to
enhance the overall resilience of the state's digital ecosystem against cyber threats and to foster a culture
of responsible innovation that prioritizes the protection of user data and system integrity.
4.6 Fund and support the building of testing infrastructure and facilities within Regional Centers of
Excellence
Objective: To provide financial backing and support from the State Government for the development of
advanced testing infrastructure and facilities within designated Regional Centres of Excellence.
This initiative aims to create a robust framework for innovation and quality assurance in the field of
technology and cyber security. By investing in such infrastructure, the government intends to equip these
centers with the necessary tools to rigorously test and refine cyber security solutions, fostering a culture
of excellence and reliability. The ultimate goal is to enhance the state's technological capabilities,
encourage research and development, and ensure that products and services developed within the region
meet the highest standards of security and efficiency, thereby reinforcing Karnataka's position as a leader
in the cyber security domain.
5. Partnerships and collaborations for capacity building (Pillar 5)
Increasingly sophisticated cyber-attacks and their widespread impact require coordinated and
synchronised efforts across various segments of society. The expansive IT industry and infrastructure
located in Karnataka necessitates the establishment of appropriate state level institutions to orchestrate
such coordinated efforts.
5.1 Cyber Security Steering Committee Formation and Operation
Objective: To establish a committee that will oversee the implementation of the Cyber Security Policy.
Guidelines:

 Identify and appoint representatives from key State Government departments, industry, and
academia.
 Define the roles and responsibilities of the committee members.
 Establish a regular meeting schedule (e.g., quarterly) and procedures for the committee.
 Develop a charter that outlines the committee's decision-making process, reporting structure,
and communication plan.
 Ensure that the committee has the authority to guide and make recommendations on cyber
security matters.
5.2 Establishment and Functioning of K-CERT
Objective: To create a state-level coordination center for cyber security incident response.
Guidelines:

 Set up the K-CERT with necessary infrastructure and resources.

 Define the scope of K-CERT's advisory, incident response, and auditing roles.
 Develop standard operating procedures (SOPs) for incident reporting, response, and
management.
 Establish communication protocols with CERT-In for guidance and support.
 Create a framework for conducting security audits and red-teaming exercises.

8|P a g e
Cybersecurity Policy 2024 - OPG

5.3 Strengthening K-tech Centre of Excellence in Cyber Security

Objective: To enhance the capabilities of the K-tech Centre of Excellence in Cyber Security.

Guidelines:

 Recruit cyber security experts to support the CoE's functions.

 Develop capacity-building programs for government, industry, and the public.
 Implement secure software development processes with the support of the CoE.
 Facilitate the sharing of cybercrime data with relevant stakeholders for preventive measures.

5.4 Training for State Government Officials

Objective: To provide regular cyber security training to state government officials.

Guidelines:

 Identify key cyber security topics for technical and managerial training.
 Collaborate with industry and academia to develop and deliver training programs.
 Schedule and conduct regular training sessions.
 Monitor and evaluate the effectiveness of the training programs.

5.5 Cyber Security Standards for Suppliers and Vendors

Objective: To establish cyber security standards for suppliers and vendors working with the state.

Guidelines:

 Develop and publish a set of cyber security standards and requirements.

 Incorporate these standards into procurement processes and contracts.
 Provide guidance and support to suppliers and vendors to comply with the standards.
 Conduct regular audits to ensure adherence to the standards.

5.6 Protocols for Online Interactions and Use of Online Resources

Objective: To develop protocols for the safe and secure use of online resources by State Government
officials.
Guidelines:

 Create detailed protocols for online interactions, including email and social media use.
 Mandate the use of official email IDs for all government communications.
 Prohibit the use of personal email IDs for official communications.
 Provide training on the protocols to all State Government officials.

5.7 Training for Adjudicators, Mediators, and Conciliators

Objective: To train select groups in handling cases related to contraventions of the IT Act.
Guidelines:

 Identify and select adjudicators, mediators, and conciliators for specialized training.
 Leverage existing CoEs and cyber ranges for training purposes.
9|P a g e
Cybersecurity Policy 2024 - OPG

 Develop a curriculum focused on the appreciation of evidence and IT Act contraventions.

 Certify participants upon successful completion of the training.

5.8 Empanelment of Cyber Security Professionals

Objective: To maintain a list of qualified cyber security professionals who can advise on specific cases.
Guidelines:

 Establish criteria for the empanelment of cyber security professionals.

 Create an application and review process for empanelment.
 Maintain and update the list regularly.
 Define the roles and responsibilities of empanelled professionals.

5.9 Partnerships with Cyber Security Hubs

Objective: To foster partnerships with national and international cyber security hubs.

Guidelines:

 Identify potential cyber security hubs for partnership.

 Develop a framework for establishing and maintaining partnerships.
 Engage in collaborative projects and information sharing.
 Promote the Global Innovation Alliance program to facilitate global partnerships.

5.10 Compliance with National Cyber Security Policy

Objective: To ensure that all initiatives comply with the National Cyber Security Policy.
Guidelines:

 Regularly review the National Cyber Security Policy for updates.

 Align state-level initiatives with the national policy.
 Implement procedures to adapt to amendments in the national policy.
 Ensure that all stakeholders are informed of the national policy provisions.

These operating guidelines should be reviewed and updated regularly to reflect changes in technology,
threats, and best practices in cyber security. Additionally, they should be communicated effectively to all
relevant stakeholders to ensure smooth implementation and adherence to the policy.
Policy Clause no Category Incentive / Benefit
2.9 Internship A stipend of Rs. 10,000 per month will be provided, for
maximum of 3 months, to Karnataka-based undergraduate
interns who are doing internship related to cyber security.
A stipend of Rs. 15,000 per month will be provided, for
maximum of 3 months, to Karnataka-based postgraduate
interns who are doing internship related to cyber security.
This will be provided to 200 undergraduate interns and 40
postgraduate interns in year 1 and year 2 of the policy
applicability, with 400 undergraduate interns and 80 post
graduate interns from year 3 onwards.

10 | P a g e
Cybersecurity Policy 2024 - OPG

This incentive is available to Companies (MNCs, MSMEs

working in Cyberspace, Start-ups) providing cyber security
solutions and hiring students for cyber security roles. The
incentive can be claimed once per year, with a limit of up to
 Start-ups: Up to 10 interns.
 MSMEs (Micro, Small & Medium): Up to 15
interns.
 MNCs: Up to 20 interns.
3.1 Research and For R&D projects in the domain of cyber security, driven by
Development Karnataka-based start-ups and in collaboration with
Karnataka-based academic institutes, matching grant of up
to a maximum of 50% of the total project R&D cost, or up
to Rs. 50 lakhs, whichever is lower will be provided. These
grants may be availed by an entity once over the policy
period. Five such projects will be funded in each year.
4.4 Start-ups Reimburse the cost up to a maximum of INR 1 lakh towards
engagement of Karnataka-based, CERT-In empaneled
service providers by start-ups registered with Karnataka
Start-up Cell for cyber security audit, incident management
and incident response activities. This may be availed by a
start-up once over the policy period.
This benefit will be provided to 100 start-ups each year.

1. APPROVAL COMMITTEE
An approval Committee will be formed to review applications based on the evaluation criteria and their
decision will be deemed final.
The approval committee will constitute of the following members:
Sl. No. Designation Role
1 Managing Director, KITS Chairman
2 Representative from International Institute of Information Technology Member
(IIIT), Bangalore
3 Representative from Indian Institute of Science (IISc), Bangalore Member
4 Representative from National Association of Software and Service Member
Companies (NASSCOM)
5 Representative from Centre for e-Governance (CeG) Member
6 Representative from Software & Technology Parks(STPI) India Member
In addition to this, an industry expert or a domain expert may be invited as a committee member on a
case-to-case basis.

11 | P a g e
Cybersecurity Policy 2024 - OPG

1. Internship for undergraduate and graduate students in the field of cyber security
(2.9)
Objective: This incentive aims to create industry-academia linkages by bridging the gap between
academic skills and cyber security industry requirements and developing a skilled cyber security talent
pool.
The Department of Electronics, IT, BT & ST will provide an internship reimbursement to Companies
(MNCs, MSMEs, working in cyberspace, Start-ups) providing cyber security solutions and hiring students
for cyber security roles.
KITS will evaluate application and provide recommendations to the Approval Committee. The Approval
Committee will review the recommendations and sanction the incentive.
Terms & Conditions:
1. Reimbursement of internship stipend to companies for hiring students as interns in the industry
will be provided as follows:

Applicant Incentive
GoK will reimburse INR 10,000 per month for a maximum period
Karnataka- based companies of three months, to companies hiring Karnataka based
(MSMEs, SMEs, start-ups, MNCs undergraduate cyber security interns.
etc.) working in Cyberspace and GoK will reimburse INR 15,000 per month for a maximum period
providing cyber security of three months, to companies hiring Karnataka based
solutions. postgraduate cyber security interns.
This will be provided to 200 undergraduate interns and 40
postgraduate interns in year 1 and year 2 of the policy
applicability, with 400 undergraduate interns and 80 post
graduate interns from year 3 onwards.
2. The incentive will be provided for a maximum of up to 30 undergraduate students and 10 post
graduate students to each company under a single application cycle for year 1 and year 2 and 60
undergraduate students & 10 post graduate students to each company year 3 onwards.
3. All applicants should be registered with KITS or in Karnataka under Shops and Establishment Act.
4. KITS shall be the implementation partner for the incentive.
5. Companies can hire students from only Karnataka based academic institutes, universities,
colleges, polytechnics, etc. to be eligible for this incentive.
Application Process
1. The applicant must be a Karnataka-based company i.e. start-ups, company, MNC, MSMEs working
in Cyberspace and providing cyber security solutions. Application will be accepted on a rolling
basis.
2. Applications will no longer be accepted once the upper limit of providing the incentive to 200
undergraduate and 40 postgraduate interns in year 1 & 2 of policy applicability, and 400
undergraduate interns and 80 post graduate interns from year 3 onwards has been reached.
3. Applicants shall apply online and submit their application to KITS.
4. Applicants in their application should details the number of interns to be engaged by them and
the internship stipend and the activities to be conducted during the internship period.
5. The Applicant shall pay a monthly stipend to interns and on completion of the internship shall
award certificate of completion.
6. Post completion of the internship, the applicants are required to submit the application to KITS
along with the CA certified supporting documents for internship stipend paid.

12 | P a g e
Cybersecurity Policy 2024 - OPG

Release of Funds
KITS shall release funds to the applicant, based on the number of interns successfully completing
the internship and the recommendation placed by the approval committee.
List of Documents
1. Application form issued by KITS
2. Internships Claim Form
3. CA certified document detailing the stipend paid to the students
4. Proof of Stipend paid
5. List of the students provided internship by the Applicant as per the incentive criteria
6. Bank Account Information of the company
7. Statutory bonafide declaration from the company stating that the internship was conducted in
the field of cyber security only.

13 | P a g e
Cybersecurity Policy 2024 - OPG

2. R&D Funding Incentive (Pillar 3)

Objective: To enhance the state's cyber security capabilities and foster innovation by providing financial
support to research projects in the cyber security domain.
For R&D projects driven by Karnataka based start-ups in collaboration with Karnataka-based academic
institutes, a matching grant of up to a maximum of 50% of the total project R&D cost, or up to Rs. 50
lakhs, whichever is lower will be provided. The remaining 50% of the R&D costs can be borne by the start-
up and/or the academic institution/industry partner ect., collaborating on the project.
i) R&D Sub- Committee
An R&D Sub-Committee will be constituted to review the merit of the applications received under the
policy. The sub-committee will constitute the following:
Sl. No. Designation Role
1 Industry Expert with over 10 years’ experience in running R&D projects Member
2 Member from Academia working in the cyber security domain Member
3 Representative from Cyber security COE Member
In addition to this, an industry expert or a domain expert may be invited as a committee member on a
case-to-case basis.
Project submissions will first be reviewed by the R&D Sub-committee post which it will be submitted to
the Approval Committee for final decision making.
ii) Roles & Responsibilities
The R&D sub-committee shall perform the following functions for effective implementation of the Policy:
1. Meet as per requirements, to review the R&D applications submitted under the
Karnataka Cyber security Policy 2024.
2. Review the detailed project report (DPR) and the R&D activities to assess and certify its qualification
and merit under the R&D Support matching grant incentive.
3. Undertake virtual or physical inspection, as required, to evaluate the R&D Activities and certify the
same.
4. R&D Subcommittee shall provide its recommendation to the Approval Committee on the merit of the
R&D Project Activities. Start-ups based in Karnataka, K-tech Innovation Hubs, Centers of excellence
and institutions with high National Institutional Ranking Framework (NIRF) and National Assessment
and Accreditation Council (NAAC) ratings will be supported.

iii) Terms & Conditions:

1.The incentive is aimed at providing partial and conditional grant for ‘Approved R&D Projects’
undertaken by start-ups and academic institutions as summarized below:

Applicant Incentive Maximum Limit Applicable Restrictions

Start-ups based in Conditional grant up Rs. 50 lacs The Approved Projects to focus on
Karnataka, K-tech to 50% of the development of innovative products that
Innovation Hubs, approved R&D leverage cutting-edge technologies in the
Centers of expenditures, to the field of cyber security.
excellence and max. limit i.e. Rs. 50
Projects that have received support from
institutions. lacs, or whichever is
another Government source will not be
lower
eligible to receive further assistance
through this Fund.

14 | P a g e
Cybersecurity Policy 2024 - OPG

2. The applicant should be a start-up working jointly in collaboration with an academic institution on
cutting-edge research in the cyber security domain. The start-up has to be registered with KITS, based
in Karnataka & should provide cyber security services, while the preference will be given to all academic
institutions in Karnataka.
3. The project shall be executed within Karnataka.
4. Application can also be submitted for projects in the Beta Site stage (the interim stage between R&D
and marketing).
5. The Applicant should have the required expertise and team capacity to manage the proposed project.

iv) Selection Criteria

When evaluating projects, KITS will take into consideration the following criteria in preparing their
recommendations:
Sl. No. Criteria Evaluation Weightage
1 Excellence What is the extent of technological innovation in the product to 50%
in be developed?
Innovation Is there a Proof of Concept / Maturity of the Concept Proposed
available?
Is the technological approach sound?
What are the technological challenges and assessment of the
technological risks?
What competing technologies exist, and what is their relative
disadvantage?
What is the cost of technology and the acceptability of the
proposed solution?
2 Business Market 30%
Impact
Is the estimate of the market size, market share, and commercial
potential realistic?
Who are or will be the main competitors in this market?
How does the proposed solution answer a need in target
countries?

Benefits
What benefits is the project expected to yield to the applicant
company and the national economies, societies, and
environment?
What are the possibilities of generating Intellectual Property (IP)
and after that Commercialization potential?
3 Quality and Capabilities of the applicants 20%
efficiency The credentials of past projects experience & achievements from
of the projects
implement The qualification of the core project team and their ability to
ation successfully carry out the development objectives.
The Budget

15 | P a g e
Cybersecurity Policy 2024 - OPG

Sl. No. Criteria Evaluation Weightage

Is it realistic? Does it contain unnecessary expenses, or does it lack
others that are crucial?
What is the financial health of project applicants (a clear
indication of the source of funds to be brought in, detailed
project budget with justification, etc.)?
4 Any additional parameter as may be decided by the KITS
v) Project Guidelines
1. Eligible project costs are R&D costs directly related to the applicant company's project during the
R&D phase.
2. If the project is being funded by another domestic or international research grant it may not be
eligible to receive funding under this scheme.
3. R&D costs will be reimbursed once the application has been approved. R&D costs borne before
approval of the application shall not be eligible for reimbursement.
4. Each applicant company is required to complete its respective proposed project budget form. The
proposed project budgets will be qualified for evaluation.
5. R&D fund program recognizes the procurement, usage, and depreciation costs according to the
rules and regulations of KITS.
6. Matching grants are funds provided by an institution (such as a government entity, foundation,
or corporation) to a startup or organization that match the amount of money the recipient has
raised from other sources. The purpose of matching grants is to incentivize the recipient to raise
additional funds by offering to double the impact of their fundraising efforts.
The startup must provide a detailed account of the resources and investments they have made
to date, including:

o Manpower: The number of employees or contractors hired and the associated labour
costs.
o Space: The cost of leasing or owning the physical space used for business operations.
o Equipment: The expenses incurred for purchasing or leasing equipment necessary for the
startup's activities.
o Software: The costs associated with acquiring software licenses or developing custom
software solutions.
o Seed fund raised: Grant raised from industry, institutions, government grants or loans or
any which falls under seed funding.

vi) Application Process

1. Applicants can apply on KITS/Department’s website www.itbtst.karnataka.gov.in
2. Applications will be accepted on a rolling basis.
3. Start-ups to avail this incentive.
4. Upon receiving applications forms, KITS shall constitute R&D review committee based on sector,
technological, commercial, and financial parameters.
5. The projects will be evaluated in a two-phase evaluation mechanism along with the Techno-
Financial and physical onsite due diligence, if required. The applicant may also be requested to make
a Techno-Financial presentation before the committee, if needed.
6. The project proposal review will be conducted by the R&D review committee according to rigorous
standards, based on the priority sector, project criteria and requirements specified.

16 | P a g e
Cybersecurity Policy 2024 - OPG

7. The committee reviews the full project proposal and conducts an on-site evaluation, if required. In
addition, the evaluator can ask the company for supplementary material, if needed. The financial
check of the companies is conducted in parallel.
8. After reviewing the proposal the R&D committee will give its suggestions to the Approval
Committee. Based on the recommendations of the R&D committee the Approval committee will
make the final decision.
9. The final decision will be conveyed in an email to Applicants. If funding has been approved, the
applicants will materialize this approval by signing Project Funding Agreement (PFA). This agreement
must be signed by the CEO of the company and KITS.
10. A Sanction Letter shall be issued for approved project.

vii) Responsibilities After Proposal Has Been Approved

1. After the proposal has been approved, the Project Leads shall observe rules for progress reports
and report adherence to the project plan. This includes technical and financial reporting to KITS.
2. Representatives from the company must adhere to a possible mid-term evaluation to
be conducted by KITS.
3. After completion of the project, the company shall promptly submit a final report to KITS. This
report shall cover technical achievements as well as financial details. Focus should be put on the
impact of the products/services developed, its exploitation plan and go-to-market strategy.

viii) List of Documents

Stage Documents
Application 1. Covering letter
Form 2. Completed Full Project Proposal in Application Form along with all annexures
(signed and stamped by Authorized signatory)
Submission
3. Presentation for Evaluation Committee Meeting
Stage
4. Registration Certificate of company, issued by the competent authority
5. Audited Annual Reports (including Income Tax Return, Balance Sheet, and
Profit & Loss Account & Auditor's Reports) for the last three Financial Years
6. Know Your Customer (KYC) documents. KYC means Identity & Address proof
of the organization, including Company PAN Card, Electricity Bill, etc.)
7. Self-Declaration of Applicant on Company letterhead, signed by MD/ CEO/
Company Secretary, as the applicant compiles all Statutory Norms till date.
8. Share Holding Pattern of the Company
9. KITS Registration certificate or Acknowledgment of copy of KITS
registration submission receipt. (if applicable)
10. Copy of all relevant Certification like CMMI, ISO, etc. if any
This MoU should cover the following points:
• Percentage sharing of IP Rights on new product/technology
being developed/ created/invented during this R&D Project.
• Background IPs of the partnership (If Any) to be used for this
project scope.

17 | P a g e
Cybersecurity Policy 2024 - OPG

• Dispute and arbitration clause

• Exclusivity and non-exclusivity rights, if any
• Duration of this agreement in force
Agreement 1. All successful project applicants will be informed before the
Signing agreement signing stage about the requisite documents to be
Stage submitted during the Agreement Signing stage.
2. KITS Registration certificate or Acknowledgment of copy of KITS
registration submission receipt. (if applicable)

Release of Funds
• KITS will share cost in the joint development by supporting approved applicants through a conditional grant
totaling upto 50% of the Project Budget or Upto INR 50 Lakhs whichever is lower.
• The grant will be released in tranches, with each tranche contingent upon the successful completion of
predefined project milestones.
• The first tranche will be released upon the approval of the project and the provision of proof of secured matching
funds as mentioned in the project guidelines (Matching Grants). Subsequent tranche will be released based on
project progress reports, milestone achievements, and continued compliance to the grant conditions.
• Agreement will be signed with the grant utilization condition and tranche plan.

3. Promotion of Industry and Start-Ups (Pillar 4)

Objective: The objective of the policy is to create an environment of cyber security awareness and
promote the regular cyber security audits and incident management activities in smaller organizations
such as start-ups and MSMES (working in cyber space).

The Government of Karnataka will reimburse the cost up to a maximum of INR 1 lakh towards engagement
of Karnataka-based, CERT-In empaneled service providers by start-ups registered with Karnataka Start-up
Cell for cyber security audit, incident management and incident response activities. This may be availed
by a start-up once a year over the policy period.
This benefit will be provided to 100 start-ups each year.
The approval committee will review the applications and make recommendations to the Governing
Council. The Governing Council will be the final decision-making authority.
Terms and Conditions:
1. The applicant should be a Startup registered with KITS.
2. The start-up can use the services of only CERT-in empaneled service providers for cyber security audit,
incident management and incidence response activities.
3. Certificate issued by the service provider of availment of cyber security audit to be submitted.
4. Eligible Startups shall make payment to the CERT-in empaneled service providers and later claim
reimbursement of the same subject to terms and conditions mentioned herein.
5. Maximum reimbursement amount per start-up is Rs. 1 lac per year for the policy period excluding GST.
6. The reimbursement may be availed by a start-up only once over the policy period.
7. This benefit will be provided to 100 start-ups each year.

18 | P a g e
Cybersecurity Policy 2024 - OPG

8. The reimbursement incentive will only apply to supply of services (cyber security audits, incident
management, incidence response activities, etc.) undertaken during the policy period i.e. 16th March 2024
onwards to 15th March 2029 or till the new policy announced.
Mandatory Documents:
1. Application form as in Annexure
2. Detailed invoice of the services availed by the start-up and provided by the CERT-in empaneled service
provider.
3. Payment details, receipt and confirmation of the payment made by the start-up to the service provider.
4. Bank details of the start-up for funds disbursal.
5. Any other information as required.

19 | P a g e
Cybersecurity Policy 2024 - OPG

Application Forms:

Form 1: Cyber Security Internship Incentive Application:

Company Details

Field Description

Name of the Organization

Name of the Parent Organization

Entity Type

Technology Sector

Industry Sector

Registered Address

Corporate Address

Address in Karnataka

Registration Number

Date of Registration/Year of Establishment

Date of Commencement of Commercial Operations

Annual Sales (INR Crores)

Indian Equity Ownership (%)

Company Logo

Company URL

PAN Number

GST Information

Contact Person Details

Field Description

Contact Person Name

Department

Position/Designation

E-mail Address

Alternate E-mail Address

Office Phone Number

Cell Phone Number

Internship Claim Details

For UG students

Field Description

Number of Students for Internship

20 | P a g e
Cybersecurity Policy 2024 - OPG

Field Description

Number of Female Interns

Percentage of Female Student Interns

Duration of Internship

Total Stipend Provided to Each Intern

Total Stipend paid

Total Stipend to be Reimbursed

For PG students

Field Description

Number of Students for Internship

Number of Female Interns

Percentage of Female Student Interns

Duration of Internship

Total Stipend Provided to Each Intern

Total Stipend paid

Total Stipend to be Reimbursed

Details of Colleges, Students, and Courses

Sl No College Name Number of Students Name of the Course

1 [Enter College Name] … …
... ... ... ...

Bank Details

Information Required Details to be Filled by Applicant

Total Cost and Amount Requested for Reimbursement

Bank Account Details for Reimbursement

- Bank Name
- Branch Name
- Branch Address
- Branch IFSC Code
- Account Number (for NEFT)
- Name of Account Holder

Summary of Roles and Responsibilities for Interns

a. Brief on roles provided to the interns during the internship period:
[Provide a brief description]

b. Brief on responsibilities provided to the interns during the internship period:

21 | P a g e
Cybersecurity Policy 2024 - OPG

[Provide a brief description]

List of Documents
1. Application form issued by KITS
2. Internships Claim Form
3. CA certified document detailing the stipend paid to the students
4. Proof of Stipend paid
5. List of the students provided internship by the Applicant as per the incentive criteria
6. Bank Account Information of the company
7. Statutory bonafide declaration from the company stating that the internship was conducted in the field of
cybersecurity only.
Declaration and Submission
[Include a section for the company to declare the information provided is true and consent for verification]

Submit Application (Digital Signature and Stamp)

22 | P a g e
Cybersecurity Policy 2024 - OPG

Form 2: Cyber Security R&D Project Grant Application

Applicant Information
Information Required Details
Name of the R&D Project
Objective of the R&D Project
Detailed Project Description
Project Duration
Key R&D Activities under the Project
Major Project Milestones with timelines
Expected Outcome
Chief Coordinator/Investigator of the R&D Project (Name, Designation,
Department, Address, E-Mail, Phone No)
No of Industry Partner collaborating for the R&D Project
Agreement Between the Applicant & Industry Partner (MOU/contract)
Justification for Collaboration for the R&D Project
Total Financial Commitment by the Industry Partner for the R&D Project
Milestones for the Financial Commitment

Project Information

Information Required Details

Start-up Name and Registration Number

Academic Institute Name and Contact Information

Collaboration Agreement Details (if available)

Percentage of technical employees employed in Karnataka

Registered Office Address

Address of the Unit to be Considered for the Claim

Zone Classification of the Unit

Name of the Taluk of the Unit

Name of the District of the Unit

Authorized Person Name, Designation, Phone No, Email ID

Contact Details for Communication (Name, Designation, Phone No, Mobile,

Email ID)

Applicant’s Bank Details (Bank Name, Branch Name, Branch Address, Branch
IFSC Code, Account Number, Name of Account Holder)

23 | P a g e
Cybersecurity Policy 2024 - OPG

R&D Project Cost

Information Required Details

Total R&D Project Cost

Total R&D Project Cost Components Eligible Under the Grant

Expenses Incurred on technical Personnel/Manpower on the

R&D Project

Capital Expenses on Equipment/Software Procured/Purpose-

built for R&D Purposes

Capital Expenses on Computers /Servers /Workstations

/Equipment used for R&D

Capitalized value of the Hardware and Software prototype

costs for IT/ITeS products

Compliance and Regulatory testing expenses incurred for

IT/ITeS products

Funding Information
Information Required Details
R&D Grant Amount Claimed by the Applicant
R&D Fund secured from the Industry Partner
Utilization of the R&D Fund secured from the Industry
Partner
Utilization of the R&D Grant received from KITS/Department
Bank Details

Information Required Details to be Filled by Applicant

Itemized list of Costs incurred

Total Cost and Amount Requested for Reimbursement

Bank Account Details for Reimbursement

- Bank Name
- Branch Name
- Branch Address
- Branch IFSC Code
- Account Number (for NEFT)
- Name of Account Holder

Declaration and Submission

Declaration of Truthfulness and Consent for Verification
Date:
Place:
Name:
Signature:
Designation:
Mobile No:

24 | P a g e
Cybersecurity Policy 2024 - OPG

Form 3: Start-up Cyber Security Audit Support Application

Start Up Information
Information Required Details to be Filled by Applicant
KITS Registration Number

Date of Registration with KITS

Start-up Name
Founder(s) Name(s) and Contact Information
Business unit Address
Website and Social Media Links (if applicable)

Cyber Security Service Details

Information Required Details to be Filled by Applicant

Name and Contact Information of the CERT-In empanelled service

provider

Services Availed (Audit, Incident Management, Incident

Response)

Date of Engagement and Duration of Services

Detailed Description of Services Provided

Financial Information

Information Required Details to be Filled by Applicant

Itemized List of Costs Incurred

Total Cost and Amount Requested for Reimbursement (up to INR

1 lakh)

Bank Account Details for Reimbursement

- Bank Name
- Branch Name
- Branch Address
- Branch IFSC Code
- Account Number (for NEFT)
- Name of Account Holder

Supporting Documents

Document Required

Copy of the invoice or receipt from the service provider

Brief report on the outcomes of the cybersecurity service

Certificate issued by the service provider of availment of

cybersecurity audit

Proof of payment made to the service provider

25 | P a g e
Cybersecurity Policy 2024 - OPG

Declaration and Submission:

Declaration of Truthfulness and Consent for Verification
Date:
Place:
Name:
Signature:
Designation:
Mobile No:

26 | P a g e