India’s digital growth has outpaced its cybersecurity preparedness, leading to a surge in ransomware, phishing, data breaches, and cyber espionage that threaten critical infrastructure, financial systems, and citizens. A report by India Narrative highlighted a shortage of skilled cybersecurity professionals and recommended integrating cybersecurity into mainstream education and expanding specialized training programs. Financial fraud related to digital payments is on the rise, with attempts of cyber intrusions targeting government websites, healthcare databases, and power infrastructure.
Strong institutions like the Indian Computer Emergency Response Team (CERT-In) and others have bolstered the country’s response to cyber threats. However, the report emphasized the need for a more comprehensive and coordinated strategy to combat the increasing scale and sophistication of cyber threats. It stressed the importance of enhancing cybersecurity standards in both public and private sectors, as many organizations still rely on outdated software and weak encryption.
The report also called for cybersecurity audits and compliance frameworks, especially for sectors handling critical infrastructure and sensitive user data, to mitigate cybersecurity risks. Large-scale digital literacy campaigns were recommended to promote safe online practices and cyber hygiene, particularly as digital services reach rural and semi-urban populations with many first-time internet users vulnerable to fraud. Strengthening India’s legal and policy framework governing cyberspace was deemed essential, with a focus on faster investigation mechanisms, improved coordination among law enforcement agencies, and enhanced international cooperation.
Credential theft and identity compromise have emerged as key vulnerabilities for Indian IT firms, with over 265.52 million detections across more than 8 million endpoints. The report cautioned that India’s IT sector faces heightened risks due to extensive use of cloud platforms, remote access systems, and third-party integrations. A single compromised credential could potentially grant access to multiple environments, significantly magnifying the impact of cyber attacks.
