The scale of cyber attacks targeting India has grown at an alarming rate, placing the country among the most targeted nations globally. As digital adoption accelerates, so too does the sophistication of cyber threat, threatening critical sectors such as finance, government, telecommunications, healthcare, and education. While cybercrime is not unique to India, the frequency and intensity of attacks on the country’s infrastructure indicate systemic vulnerabilities. At a time when India is positioning itself as a global digital powerhouse, a weak cybersecurity framework could derail its progress. Without a comprehensive strategy, India risks becoming an easy target for malicious actors seeking to exploit its rapidly expanding digital ecosystem.
Of the total global cyber attacks in 2024, more than a tenth were targeted at India, according to a recent report. India has emerged as the primary target for “hacktivist” attacks during this period, accounting for nearly 13% of all incidents, as per the latest High Tech Crime Trends Report – 2025 by Group-IB.
Another report by cybersecurity intelligence firm CloudSEK highlighted that India was the second-most targeted nation in the world for cyber attacks in 2021, with 95 Indian entities falling victim to data theft attacks. Additionally, India ranks third globally in reported data leaks in the public domain, trailing only the United States and Russia. The rising frequency and severity of cybercrimes highlight the urgent need for stronger cybersecurity measures in the country.
READ I India’s new IIP series to reflect a changing economy
Understanding the nature of cyber attacks
Cyber attacks fall into two distinct categories. The first involves traditional attacks motivated by financial gains or system disruptions, exploiting technical vulnerabilities. The second category, which is far more worrying, targets citizens directly — manipulating, coercing, or threatening them into engaging in anti-national activities. As India undergoes rapid digitalisation, these threats are becoming increasingly complex and pervasive, necessitating robust preventive measures.
State of cyber security in India (2024)
Hacktivism refers to attacks carried out for social or political activism by individuals or groups known as hacktivists. These attacks employ various hacking techniques to infiltrate personal computers, gain unauthorised access to sensitive information, and, in some cases, take control of critical systems. In India, hacktivist attacks have intensified due to rising regional tensions, with domestic hacker groups fuelling retaliatory attacks. Many of these attacks are politically motivated, coordinated, and aimed at undermining trust in India’s digital infrastructure.
Another contributing factor is India’s expanding digital landscape, including the growing popularity of online entertainment and gaming. This has led many citizens to engage with illegal offshore betting and gambling platforms, making them vulnerable to cyber manipulation and even unwitting participants in cyber attacks against the state.
Most targeted sectors and data at risk
The most sought-after data by cybercriminals includes email addresses, phone numbers, and passwords. The scale of this threat became evident in 2024, when 2.489 billion unique email data points were leaked and subsequently traded on the Dark Web. The finance and banking sectors have seen the highest number of cybercrime victims, while government entities continue to face significant threats due to the sensitive state data they hold.
The telecommunications sector has been targeted for service disruptions and data theft, while the healthcare and pharmaceutical industries remain vulnerable to breaches involving critical patient records. Educational institutions are also under threat, with universities and research organisations frequently experiencing data breaches.
Cyber threat to India is projected to surge to an alarming one trillion annually by 2033, reaching 17 trillion by 2047, according to a study by PRAHAR (Public Response Against Helplessness & Action for Redressal). The report warns that if the Indian government does not take decisive action, these coordinated cyber efforts could destabilise India’s growth both internally and externally. Cyberspace is emerging as a new battlefield, where sensitive information is weaponised. To counter this threat, India needs a well-defined national cybersecurity policy that proactively addresses cyber threats.
Strengthening cybersecurity infrastructure through investments in advanced technologies, firewalls, and robust defence systems is critical. Public awareness initiatives can help reduce vulnerabilities, while international cooperation will be necessary to combat cross-border cyber threats effectively. Stricter regulation of digital platforms will be key to limiting illegitimate activities while promoting safer alternatives.
Lessons from cybersecurity leaders
While no country is immune to cyber threat, some nations have developed strong cybersecurity frameworks that make them relatively safer. Finland, Belgium, and Spain are often cited for their robust cybersecurity infrastructure and legislation. Notably, all Nordic countries have Cyber Safety Scores above 92, making them well-prepared to counter threats. Finland, for example, has implemented a comprehensive cybersecurity strategy that includes public awareness campaigns, making it a global leader in cyber defence. Other countries with strong cybersecurity measures include Poland, Saudi Arabia, and the United Kingdom.
According to the World Economic Forum, geopolitical tensions and trade pressures have weakened global cybersecurity alliances. At a time when greater capital infusion and international cooperation are needed to combat cyber threats, funding for cybersecurity agencies has declined.
These tensions have led to increased state-sponsored attacks, data sovereignty disputes, and hindered international collaboration. Additionally, the rapid adoption of frontier technologies—such as artificial intelligence—has outpaced cybersecurity preparedness, creating new vulnerabilities. As AI evolves at an unprecedented pace, cyber leaders must enhance their strategies to keep up with these emerging threats.
The road ahead for India
The Indian government has a duty to protect its citizens’ data, which is being collected extensively through digital initiatives such as Aadhaar and Digi Yatra. Given the vast amount of sensitive information in its possession, government agencies must ensure strict cybersecurity measures to prevent data leaks and breaches. To strengthen its cyber resilience, India must enact a comprehensive national cybersecurity strategy that prioritises critical infrastructure protection and data privacy.
Investing in advanced cybersecurity technologies and developing a highly skilled workforce through specialised training programs will be crucial. Public-private partnerships should be encouraged to facilitate information sharing and collaborative defence initiatives.
A nationwide cybersecurity awareness campaign, modelled after Finland’s approach, could educate citizens about digital risks, safe online practices, and the importance of reporting suspicious activities. Furthermore, active participation in international cybersecurity forums will be essential for sharing intelligence, best practices, and coordinating responses to transnational cyber threats.
Cyber attacks are evolving at an unprecedented pace, and without a strong cybersecurity framework, India’s rapid digital transformation could become a double-edged sword. A proactive and comprehensive strategy is essential to secure India’s digital future and protect its citizens from the growing menace of cybercrime.