India is leading the race of digital transformation and currently stands at the crossroads in its cybersecurity journey.

With over 800 million internet users in the country and a rural penetration of 488 million, it would not be incorrect to say that digital transformation is being driven through the remotest villages and towns of the country. Add to this, the reliance on digital transactions through revolutionary tech of UPI payments system, and the stakes for cybersecurity become astronomically high.
The
India is leading the race of digital transformation and currently stands at the crossroads in its cybersecurity journey.

With over 800 million internet users in the country and a rural penetration of 488 million, it would not be incorrect to say that digital transformation is being driven through the remotest villages and towns of the country. Add to this, the reliance on digital transactions through revolutionary tech of UPI payments system, and the stakes for cybersecurity become astronomically high.
The country has made significant strides in establishing a regulatory framework to counter the threats coming to the fore for digital adoptions by launching key initiatives. But the ground reality of an expanding cyber threat landscape continues to pose formidable challenges when compared to the global cybersecurity standards.
India’s ambition of being a leader in the digital realm is clear. But the path is intertwined with a dynamic interplay of vulnerabilities and evolving defences.
India’s digital footprint grew ten-fold especially in the years post pandemic. With an expansive digital footprint, the country has inevitably broadened its attack surface and invariably making it a prime target for cyber adversaries.
According to the Cyble’s Threat Landscape Report, India ranked as the most targeted country in Asia and second most globally. Another report on defining the ransomware threat landscape, also quoted India as the prime target in the APAC region. Qilin, RansomHub and Cl0P were the most active actors with information technology (IT) and manufacturing being the most targeted sectors.
The financial toll is equally alarming. The country lost an astounding ₹22,845.73 crore to cybercriminals in 2024, marking a sharp 206% surge from the previous year. The main cyber threats include ransomware, phishing campaigns, data breaches, and a rising number of Artificial Intelligence (AI)-driven deepfake attacks.
In the underbelly of these alarming numbers are persistent and systemic vulnerabilities that are out in the open yet often ignored. Some of them are:
- Low cybersecurity awareness: A significant portion of the population, like mentioned earlier, is from rural parts where awareness is usually restricted to only checkbox campaigns. But this is not just a rural or urban problem. Many enterprises in tier 1 and 2 cities also lack basic awareness of safer online practices. This makes human error a leading cause of breaches.
- Skill shortage: There is huge gap in the demand and supply for skilled cybersecurity professionals. Of course, universities and education system, in general, is now taking note of this.
- Outdated frameworks and resource constraints: Several organisations, particularly MSMEs, struggle with legacy systems and resource limitations. Some of the core banking functionalities in India also still run on outdated technology which makes the adoption of advanced security solutions difficult.
- Under-reporting: Reputational damage is the biggest fear businesses and organisations face when it comes to breaches and security incidents. This is the prime reason why several incidents often go unreported.
Despite the challenges, India has made significant efforts to match the capabilities of its foreign counterparts. The country is moving towards a multi-layered cybersecurity framework designed to safeguard its digital ecosystem.
The Information Technology (IT) Act, 2000, although a couple of decades old, has undergone significant amendments. It serves as baseline legislation and governs cybercrime, data protection, and electronic transactions. The law requires organisations handling sensitive personal data of Indian to follow reasonable security practices and procedures.
To further strengthen its data governance and give the power of owning the data to its uses, the government has also introduced the Digital Personal Data Protection Act of 2023 (DPDP Act). This act not only strengthens individual data privacy rights but also align India more closely with global data protection standard like the European Union’s GDPR framework.
With a view to help industry specific incident response, the country also established the Indian Computer Emergency Response Team (CERT-In). It aids organisations in providing first-hand incident response by collecting, analysing and disseminating threat intelligence. Additionally, the government has established the Indian Cyber Crime Coordination Centre (I4C), and the National Critical Information Infrastructure Protection Centre (NCIIPC) which provides added expertise with threats related to frauds and critical infrastructure.
Other government Initiatives like Cyber Swachhta Kendra offer free tools for malware analysis and botnet tracking, while the National Centre of Excellence (NCoE) in collaboration with DSCI focuses on cybersecurity technology development and entrepreneurship among the younger generation.
India believes cyber threats transcend borders and thus also actively forging partnerships through Memoranda of Understanding (MoUs), which will help in sharing of threat intelligence with its allies like the UK, Japan, and the US.
On paper, India's legislative and institutional architecture looks robust and promising, the challenge though lies in its consistent and widespread implementation across a diverse and rapidly digitising economy. Regulatory gaps persist and many businesses are striving to achieve full compliance with evolving laws.
India aspires to build its own capabilities, reduce external dependence, and emerge not just as a leading consumer of digital technologies, but also a trusted global provider of tech products, services, and solutions. The recently drafted National Telecom Policy 2025 (NTP-25) is the proof of India’s commitment towards it.
The policy explicitly factors in next-generation technologies like 5G/6G, AI, IoT, and quantum communications, aiming for a 10% global share in 6G-related Intellectual Property Rights (IPR) by 2030. This signals a strategic push towards not just following but setting global standards in critical areas.
The journey from ground reality to global leadership in cybersecurity is complex and continuous. It demands sustained investment in talent development, a proactive approach to emerging threats like AI-powered attacks, the widespread adoption of advanced security paradigms like AI-driven threat intelligence, and a cultural shift towards prioritising cybersecurity at every level. India's digital future and its national security hinges on its ability to effectively bridge this crucial gap.
This article is authored by Ankit Sharma, senior director and head, solutions engineering, Cyble.
One Subscription.
Get 360° coverage—from daily headlines
to 100 year archives.
Archives
HT App & Website