India’s cyber armour: Thin or tough?

Did you know that in 2024, India reported over 2 million cybersecurity incidents, that’s roughly one incident every 15 seconds, a 28% increase from the previous year, highlighting a rapidly escalating cyber threat landscape?

Alongside this surge, India faced more than 593 major cyberattacks within just six months, averaging one significant breach every 7.5 hours. But the reality goes beyond these headline figures: between October 2023 and September 2024, a staggering 369 million malware events were detected, that’s about 702 threats hitting Indian devices every minute, according to Seqrite Labs.

Cyberattacks worldwide have more than tripled in the past five years, and India now accounts for ~13.7% of all global cyber incidents. With these alarming trends, experts warn that cybercrime could cost India up to 0.7% of its GDP in 2025, nearly ₹1.2 lakh crore (around $14.7 billion). Looking further ahead, one study projects there could be 17 trillion cyberattack attempts annually in India by 2047, the country’s centennial year.

Currently, India accounts for ~3% of the global cybersecurity market, with this share expected to rise to 5% by 2028. Let us take a look:

Source: Mordor Intelligence

Multiple forces are fuelling this growth:

• Rising cyber threats targeting digital-first enterprises and critical sectors.
• Cloud adoption boom, driven by IT modernisation and remote/hybrid work models.
• Regulatory compliance requirements, including the Data Protection Act and sector-specific policies.

The technology landscape itself is expanding rapidly with ~27,000 tech startups as of March 2023, further widening the attack surface and necessitating robust security frameworks.

What are the types of cyberattacks?

• Malware: Malicious software that damages or steals data.

• Phishing: Fake emails or messages tricking you into sharing sensitive info.

• Ransomware: Hackers lock your data and demand payment to release it.

• DoS/DDoS: Flooding systems with traffic to shut them down.

• SQL Injection: Breaking into databases to steal confidential data.

• MitM Attacks: Intercepting your communication to steal or alter data.

In 2024, malware remains India’s biggest challenge, impacting millions of devices with everything from trojans to spyware and adware. A closer look at malware types and detection rates reveals which threats are most common:

Source: DSCI *Detection volumes shown in millions for clarity.

So, who’s spending big to fight cyber threats?

As cyber threats grow in sophistication and frequency, certain sectors have been compelled to significantly increase their cybersecurity investments to safeguard critical operations and data. The trend is especially visible in:

• BFSI sector spending grew at a CAGR of 35%, from $518 million in 2019 to U$1.738 billion in 2023, driven by granular policy requirements.
• IT/ITeS spending rose at a CAGR of 36% during 2019-2023 to secure adoption of AI/ML, edge computing, and GenAI technologies.

Real-world breaches and cyber threats

• boAt breach (April 2024): Hacker “ShopifyGUY” leaked 2GB of data from boAt, compromising 7.5 million customers. Their personal information was available on the dark web for as little as Rs 180, exposing serious security gaps.

• BSNL breach (June 2024): India’s state-run telecom giant faced its second major breach in a year, with hacker “kiberphant0m” leaking 278GB of sensitive user data, highlighting systemic vulnerabilities.

• Star Health Insurance breach (September 2024): A breach at Star Health Insurance affected 31 million customers, leaking medical records, PAN details, and policy data that were sold on the dark web for up to $150,000, shaking confidence in healthcare IT security.

• Hacktivist attacks surge: Following the Pahalgam attack on April 22, cyber offensives escalated. Technisanct reported over 1,000 incidents between April 22 and May 10, while FalconFeeds.io noted 2,500+ government and private entities targeted by pro-Pakistani and Bangladeshi hacktivists.

• The fake apps menace: Despite Google purging 36 counterfeit security apps from Play Store in 2018, fake apps continue to threaten user safety today. Scammers have flooded app stores with fake ChatGPT apps, charging users high subscription fees or embedding malware to steal data.

Where does cybersecurity fall short?

To understand the rise in cyberattacks, we need to look at what’s broken beneath the surface:

• SMEs lack a security budget: According to FICCI, 70% of Indian SMEs don’t have a dedicated cybersecurity budget. That’s a major blind spot. These businesses need solutions that are both affordable and scalable, not enterprise-level fixes with enterprise-level costs.

• Talent shortage: By 2025, there could be a global shortfall of 1.5 million cybersecurity professionals, and the impact is already visible. In India, many cybersecurity roles are still lying vacant, even as threats multiply by the day. The risk? Massive. Cyberattack damages are projected to hit $10.5 trillion globally. That’s not all, 59% of companies are struggling to fill cybersecurity positions, and 45% expect supply chain attacks in the next year.

• Low awareness: 95% of cyber breaches are caused by human error, yet security training often takes a backseat. Phishing scams and weak passwords go unchecked, leaving companies exposed from the inside out.

So, what's the government doing about it?

India is stepping up its cybersecurity game with focused initiatives. CERT-In now mandates companies to report cyber incidents within 6 hours and maintain logs for 180 days. The Cyber Swachhta Kendra offers free malware removal tools, especially for SMEs. Cyber Surakshit Bharat trains government officials to tackle digital threats. The Digital Personal Data Protection Act (2023) enforces strict consent rules and allows penalties of up to ₹250 crore.

The National Cyber Coordination Centre (NCCC) monitors real-time threats, and the upcoming National Cybersecurity Strategy aims to unify efforts across sectors. Backing this push, the Union Budget 2025 earmarked over ₹1,900 crore for cybersecurity - up from ₹1,600 crore last year. To build a culture of awareness, the government has also mandated a “Cyber Awareness Day” on the first Wednesday of every month across all ministries and departments.

Emerging cybersecurity trends to look for..

What’s next in India’s cybersecurity? Here are the trends to watch:

• Continuous Threat Exposure Management (CTEM): Continuous Threat Exposure Management (CTEM) is gaining ground. Think of it as a health check-up for your IT systems, constantly scanning for weak spots before attackers find them. By 2026, Gartner says companies with formal CTEM programs will face 50% fewer successful cyberattacks. That’s a serious edge.

• Cyber Insurance: Cyber insurance in India is no longer niche. With threats like phishing and data breaches rising, it’s become a smart backup plan. Deloitte estimates the Indian cyber insurance market was worth $50–60 million in 2023, and it's set to grow 27–30% annually for the next five years.

• Zero trust architecture: India is rapidly adopting Zero Trust Architecture — “never trust, always verify.” It requires continuous checks on users and devices, regardless of location. To reduce risks like insider threats and remote work gaps, firms are investing in identity management, micro-segmentation, and active monitoring.

Final thoughts

Cyber threats aren’t slowing down – and neither should we. As India’s digital footprint expands, cybersecurity must move from being an afterthought to a daily habit. Because in today’s world, it’s not just about protecting data – it’s about protecting trust, business, and your future. Are you ready to stay a step ahead?