India has the potential to lead the world in cybersecurity innovation, but achieving this requires more than technological solutions
In the fast-evolving digital landscape of India, a silent battle is being fought—not with traditional weapons but through malicious code, complex algorithms, and increasingly sophisticated cyberattacks. As the country embraces its “Digital India” initiative, the rise of cyber threats demands immediate attention. Protecting the digital future requires strong cybersecurity frameworks, skilled professionals, and widespread public awareness. The call for “Digital Guards” or “Cyber Warriors” has never been more urgent.
The scale of the digital threat is staggering. The Indian Computer Emergency Response Team (CERT-In) recorded 53,117 security incidents in 2017. By October 2023, this number soared to an alarming 1.32 million—a twentyfold increase that exposes critical national vulnerabilities. Globally, the situation is no less concerning. Operations like INTERPOL and AFRIPOL’s 2024 Operation Serengeti, which arrested over 1,000 cybercriminals across 19 African nations, underscore the scale of the problem. These operations identified over 35,000 victims and uncovered financial losses nearing $193 million, demonstrating the global reach and devastating impact of cybercrime.
Phishing remains a primary weapon for cybercriminals, accounting for 22 per cent of all incidents. These attacks manipulate victims into revealing sensitive information or downloading malicious software. Credential theft, responsible for 16 per cent of incidents, further exposes individuals and organisations to system breaches, financial fraud, and corporate espionage. Emerging threats like mobile app malware are amplifying risks. For instance, 15 SpyLoan malware apps on Google Play, downloaded over 8 million times, went beyond data theft to harass and extort victims, underscoring cybercriminals’ growing ingenuity.
The economic toll of these attacks is devastating. About 65 per cent of Indian enterprises have been forced to pay ransoms to recover critical data, with average demands reaching $4.8 million. Recovery costs add another $1.35 million per incident, straining even large corporations. Smaller businesses, lacking resources for robust cybersecurity measures, are particularly vulnerable. This systemic vulnerability has been termed the “cybersecurity poverty line,” where approximately 60 per cent of Indian companies lack the infrastructure and expertise to defend themselves against cyber threats.
High-traffic online shopping periods, such as Black Friday and Cyber Monday, are prime targets for cybercriminals. During these events, fraudsters employ phishing scams, fake e-commerce websites, and malware to exploit consumers and businesses alike. Recent high-profile incidents highlight these vulnerabilities. In November 2024, a ransomware attack on Blue Yonder disrupted Starbucks’ operations, forcing a return to manual processes. Similarly, McLeod Russel’s system compromise sent shockwaves through the corporate sector, emphasising the interconnectedness of digital systems and the widespread disruptions that a single attack can cause.
India’s cybersecurity preparedness is worryingly insufficient. Only 4 per cent of Indian enterprises have robust infrastructure capable of withstanding advanced attacks. This shortfall is a national security concern, as cyberattacks transcend corporate interests, threatening essential services and critical infrastructure.
Initiatives like the Cyber Challenge 2024, a joint effort by the Delhi Police and CyberPeace Foundation, offer hope. This programme engages developers, engineers, and cybersecurity experts to craft innovative solutions using cutting-edge technologies such as AI, blockchain, and quantum computing. Collaboration with institutions like DRDO, MeiTY, and the National Forensic Science University underscores the comprehensive approach needed to address these challenges. Experts emphasise that cybersecurity must move beyond being an IT department’s responsibility to become a core component of every organization’s strategy. This shift involves continuous employee training, regular security audits, investments in advanced technologies, and fostering a culture of vigilance. Drawing inspiration from global models like the European Union’s GDPR, India could implement stringent cybersecurity standards, offering subsidies for small and medium-sized enterprises (SMEs) to invest in security measures and penalising negligence in cyber protection.
As digital transformation accelerates across sectors such as finance, healthcare, education, and government services, robust cybersecurity is no longer optional—it is a fundamental necessity. The path forward demands a collaborative effort. Government agencies, private enterprises, educational institutions, and cybersecurity professionals must unite to build a resilient digital ecosystem.
(The writer is Assistant Professor Indian institute of information technology sonepat Haryana; views are personal)
