Sameer Patil, Director of the Centre for Security, Strategy, and Technology at the Observer Research Foundation; Major Vineet Kumar, Founder and Global President of CyberPeace; and Dr. Sushil Meher, Chief Information Officer at AIIMS Delhi join an insightful discussion with Anannya Saraswat from APAC News Network and CXO News to explore the escalating number of cyberattacks in India. Together, they shed light on the underlying causes, challenges, and proactive measures being taken to tackle this critical concern.
Land, Water, and Air are the three dimensions in which wars were traditionally fought. However, war is changing its face. A new battlefield is emerging. One where the soldiers are being replaced by hackers and weapons take the form of malicious codes. From data breaches impacting millions to sophisticated attacks on critical infrastructure, cyber warfare is no longer a futuristic concept—it’s a present-day challenge facing us right up front! India, as the world’s largest democracy, a rapidly digitizing economy, and an emerging global power, finds itself both a victim and a perpetrator of this conflict. This is the time when the nation must confront an unsettling question about its cyber resilience: Are we prepared for a war without borders, where the enemy is often invisible and the battlegrounds are our networks?!
Notable Cyber Attacks in the Recent Times
There has been a sudden increase in the number of cyberattacks in India, specifically in the past couple of years. Not just the private organizations, but even the government infrastructure has not been able to save itself from these attacks. Some of the notable attacks on the state infrastructure include: 
(Data compiled by the author by referring to relevant sources)
According to a report by the think tank Data Security Council of India (DSCI), India detected an average of 761 cyberattack attempts per minute this year alone, with the healthcare industry being the top target sector. As per a recent study by PRAHAR (Public Response against Helplessness and Action for Redressal), a not-for-profit organization, cyberattacks on India are projected to rise to an alarming rate of 1 trillion per annum by 2033, reaching 17 trillion by 2047, when the country turns 100. The question arises, why now?!
Why is India Witnessing a Surge in Cyber Attacks?
A good attack is the one that catches the target off-guard, leaving little to no time for defence. This is the dual challenge and danger posed by cyberattacks. Much like traditional battlefields, the absence of robust security measures creates an open invitation for adversaries to strike.
The surge in cyberattacks in India can be attributed to several factors, each compounding the nation’s vulnerability in an increasingly digital landscape.
- Physical war space transforming into digital: Looking at the cyber threat landscape for India, it reflects a global trend where digital rivalries, previously pursued on physical battlefields, are now extending into the virtual space.
Patil highlights this case wherein adversaries are now increasingly targeting each other’s computer networks and critical infrastructure, and engaging in cyber espionage. “In India’s context, this shift is evident because of our existing security disputes with nations like China and Pakistan. These geopolitical tensions are now spilling over into cyberspace. For instance, adversaries are launching cyberattacks on critical Indian networks, infrastructure, and sensitive data systems.”
- Easy Access to Technology: Power corrupts and absolute power corrupts absolutely! Rapid digitization is a powerful tool for India to become ‘Viksit Bharat’ by 2047 and the country seems to be doing really well in the adoption of digital technology in almost every facet. However, this power doesn’t come without its costs. With technology penetrating every nook and corner of the nation now, the risks of its misuse have also significantly risen. As digital tools and internet connectivity become ubiquitous, even less-experienced hackers can exploit vulnerabilities in systems using readily available hacking software and techniques. As Dr. Sushil Meher rightly remarks, “With minimal resources—like a laptop, an internet connection, and access to open-source tools—anyone can orchestrate an attack. Technologies like AI also inadvertently aid hackers, providing them with resources to bypass traditional defences. The accessibility and lack of awareness about safeguarding devices, especially mobile phones, have compounded the issue.”
- Lack of Cyber Awareness– As cyberattacks become more advanced, it is becoming increasingly difficult for individuals and organizations to recognize potential threats. “The growing nature of sophisticated and manipulative tactics used by cybercriminals is one of the primary reasons that innocent people fall under the traps and become the targets of cyberattacks”, highlights Major Kumar. Additionally, there is a lack of cyber awareness and digital literacy among the Indian masses to deal with such sophisticated attacks. “The comparatively lower levels of digital maturity mean that the citizenry remains vulnerable while cyber threats become increasingly more sophisticated”, he adds.
Roadblocks to Building a Robust Cyber Infrastructure
Now that the reasons for the growth in cyber-attacks are clear, the need for a multi-pronged approach cannot be overstated. While the government and individual organizations have been taking the necessary steps to enhance resilience to these attacks, several challenges make it difficult to build a robust cyber infrastructure:
- Limited Funding: Patil highlights the lack of funding as the primary challenge. “Cybersecurity, like defence spending, faces resource constraints. While it receives significant funding, it is not proportional to the advanced threats India faces. Modern cybersecurity requires cutting-edge technologies, but limited resources often result in underfunding in this crucial area.” However, the government of India has taken a significant step in this direction. In order to enhance cybersecurity and tackle cybercrimes, the government, in the Union Budget 2024-2025, increased the budget allocation for cybersecurity initiatives by nearly 90%, reaching Rs 759 crore as compared to Rs. 400 crore allocation in the previous budget. This substantial rise is expected to bolster India’s defence against escalating cyber threats. In addition, the Indian Computer Emergency Response Team (CERT-In) has been allocated Rs 238 crore to handle cybersecurity incidents and coordinate response measures effectively.
- Interagency Coordination: Patil also emphasizes how a lack of coordination between the agencies dealing with cybersecurity issues can pose a challenge in building resilient measures. He says, “There is often rivalry among various agencies, including security, intelligence, and technical bodies. This bureaucratic friction can lead to delayed or less effective responses to cybersecurity challenges, undermining efforts to build a unified defence.” The need for greater coordination among the agencies involved in cybersecurity measures has been highlighted in the reports of Parliamentary Standing Committees. Based on the recommendations of the Committee on Finance and Committee on Communications and Information Technology, the Government of India (Allocation of Business) (Three Hundred and Seventy Seventh Amendment) Rules, 2024 were released on September 27, 2024. These rules assigned responsibilities across different government bodies in the cybersecurity domain for greater coordination and management. Accordingly, the following bodies have been made in charge for different purposes:
- The Department of Telecommunications (DoT) shall oversee matters relating to the security of telecom networks,
- The Ministry of Electronics and Information Technology (MEITY) shall address matters relating to cyber security as assigned in the IT Act, 2000 and support other ministries/departments on cyber security,
- The Ministry of Home Affairs (MHA) shall oversee matters relating to cyber-crime, and
- The National Security Council Secretariat (NSCS) shall provide overall coordination and strategic direction for cybersecurity. NSCS as the nodal agency is expected to provide overall coordination and strategic direction for enabling inter-ministerial coordination in the cybersecurity domain.
- Emerging Technologies: According to Major Kumar, “Cybercriminals are constantly developing new ways to exploit vulnerabilities in systems and networks, posing serious challenges for the government.” The Global Cyber Resilience Study 2024-25 by HCLTech claims that about 54% of security leaders across industries and countries identify AI-generated attacks as the biggest security risk. “AI enables sophisticated cybercrime tools and methods for network penetration. Deepfake technology, for instance, is being used for anti-India propaganda, spreading fake news, and cloning voices for extortion.”, says Patil. To address this challenge, the India Cyber Threat Report 2025 by DSCI-Seqriteadvices Chief Information Security Officers (CISOs) to adopt AI-enhanced security operations leveraging Machine Learning for threat detection and response.
- Skill Gap: Another significant challenge faced by India in the cyber security landscape is the shortage of skilled personnel to effectively deal with security breaches. “There’s a significant skill gap in cybersecurity professionals. The Data Security Council of India (DSCI) estimated five to six years ago that India required around 500,000 cybersecurity professionals. That target remains unmet, and the demand has likely grown post-COVID-19 due to the shift to remote work and hybrid models”, highlights Patil. However, initiatives such as the Information Security Education and Awareness (ISEA) project have been started by the government to train professionals such as CISOs and students in the various branches of cyber security. The program is designed to fill the skill gap of the employees on the job market and to give spurs to cybersecurity education at the grassroots level. Consequently, there is collaborative involvement with academic institutions and the private sector for creating a generation of cyber security professionals in India.
India’s Current Position
Every country faces unique cybersecurity challenges shaped by its specific needs, threat landscape, and strategies. Nations like the US, the UK, and Saudi Arabia are making significant strides in pioneering cybersecurity measures. As the world progresses further into the digital era, cyberattacks are becoming increasingly sophisticated and challenging across the globe.
In India, the rapid growth of its internet user base has expanded the surface area vulnerable to cyber threats. Recognizing this, the country has been proactively working to enhance its regulatory framework, adopt advanced cybersecurity technologies, and foster strategic collaborations and initiatives. A noteworthy achievement in India’s cybersecurity journey is its attainment of Tier 1 status in the Global Cybersecurity Index (GCI) 2024, published by the International Telecommunication Union (ITU). This milestone underscores the nation’s strengthened commitment to cybersecurity at a global level.
Initiatives taken by the Government
While several initiatives are put in place by the Indian government for building a robust cybersecurity infrastructure, the conversation with Patil and Major Kumar brought forward some of the notable ones.
As cited by Patil, for critical infrastructure protection, there is a dedicated agency called the National Critical Information Infrastructure Protection Centre (NCIIPC). Its sole focus is safeguarding critical infrastructure.
“Additionally, on the civilian side, the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, addresses cybercrime issues, especially those involving criminal syndicates operating in the virtual sphere”, informed Patil.
He added that India also established the Defence Cyber Agency (DCA) a few years ago on the military front. “This is a tri-service agency responsible for managing India’s cyberspace operations. It has both offensive and defensive capabilities.”
Patil further talked about the Joint Doctrine on Cyberspace Operations introduced in July 2024, detailing the principles governing operations in cyberspace. It has been submitted to the government by the armed forces, marking a significant step in integrating cyberspace strategies across military services.
Major Kumar highlighted the efforts of the Indian Cyber Crime Coordination Centre (I4C) in combating cyber security issues. “The I4C handles the ‘National Cyber Crime Reporting Portal’ and the 1930 Cyber Crime Helpline. In addition, the I4C also issues advisories from time to time to spread awareness of the latest modus operandi used by cybercriminals.”
Furthermore, he shed light on the recently launched initiatives at the Indian Cyber Crime Coordination Centre (I4C) Foundation Day Celebration. “Union Home Minister Amit Shah launched the Cyber Fraud Mitigation Centre (CFMC), the Samanvay platform (Joint Cybercrime Investigation Facilitation System), the ‘Cyber Commandos’ program and the Online Suspect Registry as efforts to combat cybercrimes, establish cyber resilience and awareness and strengthening capabilities of law enforcement agencies. Previously, the Indian government had also enacted the Digital Personal Data Protection Act of 2023 to protect the personal data of individuals.”
Way forward
India finds itself at the forefront of a new-age battlefield, where cybersecurity plays a defining role in national resilience. While the country has made commendable strides in software development, leveraging its IT ecosystem, the focus should now be on developing hardware domestically. In this regard, Patil rightly pointed out that “most hardware used in India—laptops, smartphones, and other devices—is produced by foreign companies, often with proprietary intellectual property (IP) based abroad. For instance, while smartphones may be assembled in India, the technology behind them often originates from Chinese companies like Xiaomi. To build a truly secure infrastructure, India must invest in creating indigenous hardware IP.” This would ensure trusted hardware free from potential vulnerabilities or backdoors that adversaries could exploit.
Moreover, the rapidly evolving nature of cyber threats demands a unified, multi-layered approach that integrates advanced technologies, sector-specific policies, and efficient coordination among agencies. With a focused strategy on innovation, education, and collaboration, India has the opportunity to not only fortify its defences but also emerge as a global leader in cybersecurity.
Discussion about this post