Cybersecurity Threats to India: Challenges, Incidents, and Strategic Measures

India's rapid digitalization, with one of the largest internet user bases in the world, has significantly increased the country's vulnerability to cyberattacks. The rise in sophisticated and persistent cyber threats—both from state-sponsored and non-state actors—targets critical infrastructure, financial systems, and sensitive personal data. This detailed note covers India's current cybersecurity landscape, major challenges, notable incidents, and the comprehensive steps taken by the Indian government to strengthen national cyber resilience.

India’s Digital Landscape and Growing Cybersecurity Challenges

  1. Massive Digital Penetration
    • As of December 2023, India had approximately 936 million internet subscribers—making it the second-largest online market globally, after China.
    • More than 52% of the Indian population (around 759 million people) accessed the internet at least once a month in 2022.
    • By 2025, the number of internet users is expected to reach 900 million.
  2. Expanding Digital Economy
    • India’s digital economy is growing rapidly, with increased reliance on online platforms across key sectors:
      • Finance – UPI, mobile banking, online payment platforms.
      • Healthcare – Online patient data, health records, telemedicine.
      • Education – E-learning platforms and remote examination systems.
      • Retail – E-commerce platforms and digital payment systems.
      • Government services – Digital identification (Aadhaar), e-governance platforms.
  3. Increasing Attack Surface
    • The expanding digital footprint has increased the attack surface for cybercriminals and state-sponsored hackers.
    • Weaknesses in India's cybersecurity infrastructure and inconsistent security protocols make it easier for threat actors to exploit vulnerabilities.

Major Cybersecurity Incidents in India

  1. Data Breaches and Leaks
    1. Resecurity Breach (October 2023):
    • Personal data of 815 million Indians (55% of the population) was found on the dark web.
    • The leaked data included:
      • Aadhaar numbers
      • Passport details
      • Phone numbers
      • Residential addresses
    • Data was available for $80,000.
  2. CAT Examination Data Leak (May 2021):
    • Personally identifiable information (PII) of 190,000 CAT candidates was leaked.
    • Data included names, test scores, and contact details—later sold on a cybercrime forum.
  3. CoWin Data Breach (June 2023):
    • Personal details of citizens who registered for COVID-19 vaccination leaked.
    • Data was available on the dark web, including Aadhaar numbers and vaccination status.
  4. Financial Sector Attacks
    1. City Union Bank Hack (March 2020):
      • Hackers accessed the SWIFT system of City Union Bank.
      • Unauthorized international transactions worth $2 million were executed.
    2. Cosmos Bank Attack (August 2018):
      • Malware injected into the bank's ATM infrastructure.
      • Loss of ₹94.42 crore through simultaneous ATM withdrawals in 28 countries.
  5. Critical Infrastructure Attacks
    1. Kudankulam Nuclear Power Plant (October 2019):
      • Malware attack on the power plant’s network infrastructure.
      • Attackers gained access to internal systems, raising serious concerns over national security.
    2. RedEcho Power Sector Attack (February 2021):
      • A China-linked APT group targeted 10 entities in India’s power sector.
      • Attack aimed at injecting malware capable of causing large-scale power outages.
    3. Delhi AIIMS Ransomware Attack (November 2022):
      • Critical medical data of thousands of patients held hostage by ransomware attackers.
      • Disruption of essential hospital services for over two weeks.
  6. Cyber Espionage
    1. Operation SideCopy (2020):
      • Pakistan-based threat actor targeted Indian military and diplomatic personnel.
      • Used malware and phishing emails to steal sensitive information.
    2. Dragonfly 2.0 (2017):
      • Suspected Russian threat actor targeted India's energy sector and government agencies.
      • Attempted to map energy infrastructure vulnerabilities.
  7. Supply Chain Attacks
    1. SolarWinds Attack (December 2020):
      • Affected Indian entities, including:
        • National Informatics Centre (NIC)
        • Ministry of Electronics and Information Technology (MeitY)
        • Bharat Heavy Electricals Limited (BHEL)
      • Attackers injected malicious code into the software's update mechanism.
Cybersecurity Threats to India

Challenges in Securing India’s Cyberspace

Challenge Impact
Lack of Cybersecurity Awareness Weak security practices among businesses and individuals
Outdated IT Act Inadequate coverage of modern cyber threats like ransomware and APTs
Coordination Gaps Lack of real-time threat intelligence sharing between agencies
Shortage of Cyber Experts Estimated shortfall of over 500,000 cybersecurity professionals
Cross-Border Nature of Attacks Difficult to trace and prosecute attackers located overseas

Government Initiatives to Strengthen Cybersecurity

  1. CERT-In (Indian Computer Emergency Response Team)
    • Established under Section 70B of the IT Act, 2000.
    • 24x7 incident response team.
    • Tracks and disables phishing websites.
    • Conducts cybersecurity drills across industries.
    • Issues advisories for financial institutions and government agencies.
  2. Defence Cyber Agency (DCyA)
    • Tri-service command of the Indian Armed Forces.
    • Handles cyber defense and offensive cyber operations.
    • Engages in surveillance and hacking countermeasures.
  3. Digital Personal Data Protection Act, 2023
    • Legal framework for handling personal data.
    • Consent-based data collection and use.
    • Mandates data localization within India.
    • Penalties for data breaches.
  4. Bharat National Cybersecurity Exercise (Bharat NCX)
    • Organized by the National Security Council Secretariat (NSCS).
    • Multi-sector collaboration to simulate real-world cyberattacks.
    • Released the National Cybersecurity Reference Framework (NCRF) in 2024.
  5. Bharat CISO’s Conclave (2024)
    • Strategic dialogue on strengthening cybersecurity.
    • Focused on:
      • Threat intelligence
      • Operational technology (OT) security
      • Incident response
  6. Cyber Swachhta Kendra (Botnet Cleaning Centre)
    • Identifies and neutralizes botnets.
    • Provides security recommendations to citizens and businesses.
  7. Financial Cyber Fraud Helpline (1930)
    • Launched to handle financial fraud complaints.
    • Real-time response to prevent fund transfers by fraudsters.
  8. International Partnerships
    • India actively participates in:
      • United Nations’ cybersecurity initiatives
      • ASEAN Regional Forum
      • Indo-US Cybersecurity Forum
      • BRICS cybersecurity cooperation

Expanded Digital Landscape (2025 Updates)

  1. Internet Penetration and Mobile Growth
    • India’s internet subscriber base reached 975 million in March 2025, accounting for 55% of the population.
    • Over 650 million people are using smartphones, making India the second-largest mobile market in the world.
    • 5G network rollout accelerated in early 2024, increasing download speeds and network capacity.
  2. Digital Financial Transactions Surge
    • Unified Payments Interface (UPI) transactions crossed 12 billion per month in 2025.
    • India processed over $2 trillion in digital transactions through UPI in 2024.
    • The rise of FinTech platforms (such as Paytm, PhonePe, and Google Pay) created new targets for cybercriminals.

New Cybersecurity Threats Emerging in 2024–2025

  1. AI-Driven Cyberattacks
    • Hackers are now using Generative AI to create:
      • Realistic phishing emails
      • Deepfake videos targeting government officials
      • Automated malware capable of adaptive behavior

    2. Example:

    • In February 2025, a deepfake video of a senior RBI official urging customers to update banking details was circulated via WhatsApp, leading to financial frauds worth ₹50 crores.
  2. Quantum Computing Threats
    • Quantum computing’s potential to break encryption is becoming a rising concern.
    • Indian defense agencies reported an attempted breach in early 2025 using quantum-based algorithms.
  3. State-Sponsored Economic Sabotage
    • Suspected Chinese APT (Advanced Persistent Threat) groups have increased attacks on India’s:
      • Stock markets
      • Financial institutions
      • Payment networks

    4. Example:

    • In March 2025, the National Stock Exchange (NSE) was temporarily shut down after a suspected denial-of-service (DoS) attack traced to China.
  4. Satellite and Space-Based Cyberattacks
    • India's growing dependence on satellite communication for:
      • Military operations
      • Weather monitoring
      • Navigation (IRNSS)

    5. Example:

    • In May 2024, ISRO reported that its INSAT-3D meteorological satellite experienced unusual signal interference, linked to a cyber intrusion attempt.
  5. Healthcare Sector Attacks
    • India's transition to digital health records has increased vulnerability.
    • Medical data from over 200 hospitals was exposed on the dark web in 2024.

    6. Example:

    • In August 2024, AIIMS (Delhi) reported a ransomware attack demanding ₹300 million in Bitcoin.
    • Attackers threatened to release patient data, including sensitive treatment records.

New Critical Infrastructure Vulnerabilities (2024–2025)

  1. Energy and Power Sector
    • State-sponsored hackers have been targeting India’s energy infrastructure.
    • Focus on disrupting operations in:
      • Power plants
      • Oil refineries
      • Renewable energy grids

    2. Example:

    • In December 2024, suspected Chinese-backed hackers targeted the software controlling India’s national grid.
    • A shutdown was narrowly avoided through rapid CERT-In intervention.
  2. Smart Cities and IoT Vulnerabilities
    • Over 30 smart cities have been established under the Smart Cities Mission.
    • Increased reliance on Internet of Things (IoT) for:
      • Traffic management
      • Public safety
      • Waste management

    3. Example:

    • In January 2025, hackers compromised the traffic control systems of Mumbai Smart City, causing widespread traffic jams and emergency service disruptions.
  3. Transportation and Railways
    • Indian Railways’ increasing dependence on real-time data for scheduling and tracking makes it vulnerable to cyberattacks.

    4. Example:

    • In April 2025, a cyber intrusion in the passenger reservation system led to:
      • System crash for 48 hours
      • Financial loss of over ₹100 crore
      • Stolen passenger data sold on dark web forums

Government’s Enhanced Response (2024–2025)

  1. New Cybersecurity Policy (2024)
    • Replaces the National Cybersecurity Policy (2013).
    • Focus areas:
      • Protection of critical infrastructure
      • Establishment of a centralized threat intelligence system
      • Development of cyber response units in each state
  2. National Cybersecurity Command (2025)
    • New centralized body under the Prime Minister’s Office (PMO).
    • Direct oversight of:
      • CERT-In
      • Defence Cyber Agency
      • Ministry of Home Affairs Cyber Cell
  3. Cybersecurity Research and Development (2024–2025)
    • Government invested ₹5,000 crores in cybersecurity R&D:
      • Focus on AI-based threat detection
      • Quantum-resistant encryption
      • Threat mitigation strategies
  4. International Partnerships (2024–2025)
    • India strengthened ties with:
      • US Cyber Command
      • Israel’s Unit 8200
      • UK’s National Cyber Security Centre (NCSC)
      • Japan's Cybersecurity Bureau
  5. Health Data Protection Bill (2025)
    • Provides enhanced protection for medical records.
    • Criminal penalties for unauthorized data access and sharing.

Technical Developments in Cybersecurity (2025)

  1. Post-Quantum Cryptography
    • India's Defence Research and Development Organisation (DRDO) developed:
      • A quantum-resistant encryption algorithm.
      • Tested in secure communication between Indian Army units.
  2. Cyber Warfare Simulation Platforms
    • Bharat Cyber Range 1.0 launched in 2024 under Bharat NCX.
    • Simulates real-world cyberattacks for training military and civilian agencies.
  3. Blockchain-Based Identity Management
    • Aadhaar integrated with blockchain to enhance security and prevent forgery.

Strategic Recommendations (2025)

Recommendation Details
Zero-Trust Architecture Require government and private sectors to follow zero-trust protocols.
Sector-Wise Threat Intelligence Create specialized intelligence units for finance, healthcare, and energy.
Cyber Education Include cybersecurity education in school and university curriculums.
Cyber Insurance Provide financial protection against data breaches and ransomware.
Public Awareness Nationwide awareness campaigns on social engineering, phishing, and deepfakes.

Future Recommendations

  1. Update IT Act, 2000 to address modern cyber threats.
  2. Expand Cybersecurity Workforce through specialized training programs.
  3. Develop a Cybersecurity Board with public and private sector stakeholders.
  4. Adopt Zero-Trust Architecture across government and critical sectors.
  5. Enhance Threat Intelligence Sharing at domestic and international levels.

India faces significant cybersecurity threats, but recent policy updates, national exercises, and expanded threat response capabilities reflect the government's commitment to securing its digital infrastructure. Maintaining a proactive and adaptive stance will be essential in safeguarding India's strategic and economic interests.