Growing Cybercrime & The Need For An Indian Cybersecurity Force

As we enter 2026, India's digital transformation has reached unprecedented heights. With over 850 million internet users and a thriving digital economy, the nation has become a global technology powerhouse. However, 2025 brought a harsh reality check—India emerged as one of the most targeted nations for cyberattacks worldwide, with organizations facing an average of 2,011 cyberattacks per week, significantly higher than the global average.

The numbers paint a grim picture. India recorded over 265 million cyberattacks in 2025, with financial losses from cyber fraud reaching ₹36,450 crore by February alone. Projections suggest the total losses for the year exceeded ₹1.2 lakh crore. But behind these staggering statistics lie real stories of disruption, compromised data, and shattered trust that demand our immediate attention.

When 7.9 Million Trading Accounts Were Exposed

February 2025 brought a wake-up call for India's fintech sector. Angel One, one of India's largest retail broking platforms, suffered a massive data breach when hackers accessed an unsecured AWS storage bucket. The breach exposed sensitive data of 7.9 million users, including trading details, customer IDs, and personal information.

For millions of retail investors who had embraced digital trading platforms, this breach was more than just a security incident—it was a betrayal of trust. The exposed data could enable sophisticated social engineering attacks, identity theft, and financial fraud. The incident highlighted a critical vulnerability: even as India's fintech sector boomed, basic security hygiene like properly securing cloud storage remained neglected.

Operation Sindoor: When Cyber Warfare Became Reality

May 2025 marked a turning point in India's cybersecurity history. Following Operation Sindoor, a military strike by India, the nation faced a coordinated cyberattack campaign of unprecedented scale. The President's website was hit by a DDoS attack lasting nearly 19 hours. The national power grid faced over 200,000 attack attempts. Hacktivist groups defaced public service websites and tax portals.

This wasn't just cybercrime—it was cyber warfare. The campaign resulted in over 150 successful intrusions across government, banking, and healthcare sectors. Critical infrastructure that millions of Indians depended on daily became a battleground. The attacks demonstrated how digital vulnerabilities could be weaponized during geopolitical conflicts, exposing the fragility of India's cyber defenses.

The Kolkata Police Data Breach: When Protectors Became Victims

August 2025 brought an ironic twist to India's cybersecurity crisis. The Kolkata Police Cyber Crime Wing, the very organization tasked with investigating cybercrimes, fell victim to a data breach. Weak internal passwords led to the leak of investigation details, exposing officer credentials and sensitive case data.

The breach was particularly damaging because it compromised ongoing investigations and potentially alerted criminals to law enforcement activities. It also revealed a troubling reality: even cybersecurity professionals within law enforcement agencies weren't following basic security protocols. If those responsible for fighting cybercrime couldn't secure their own systems, what hope did ordinary citizens and businesses have?

The Healthcare Sector Under Siege

2025 was a nightmare year for India's healthcare sector, which faced approximately 8,614 cyberattacks per week—more than four times the global industry average. This made healthcare the most targeted industry in India, accounting for 21.82% of all cyberattacks.

Star Health, one of India's largest health insurers, experienced a devastating breach in May 2025. Attackers exfiltrated 7.24 TB of sensitive data, including patient medical records, insurance claims, and personal details. The breach wasn't just about data theft—executives received direct threats, turning a cybersecurity incident into a personal safety crisis.

Nearly 4,288 healthcare-related incidents were detected on the dark web in 2025, involving stolen databases, customer data, and access credentials being sold to the highest bidder. For patients, this meant their most intimate health information—diagnoses, treatments, test results—could be exposed, leading to discrimination, blackmail, or identity theft.

The Rise of AI-Powered Attacks

2025 marked the year AI became a weapon in cybercriminals' arsenals. Over 71% of Indian organizations reported a surge in AI-generated phishing scams and deepfake attempts. Attackers used machine learning to craft personalized phishing emails with unprecedented sophistication, adapting their tactics based on victim responses.

Voice cloning and deepfake technology enabled impersonation attacks where criminals created convincing audio and video of CEOs and government officials to authorize fraudulent transactions. The line between real and fake became dangerously blurred, making traditional security awareness training obsolete.

The Infostealer Malware Epidemic

Between March and May 2025, more than 44,000 Windows devices in India were compromised by Lumma Stealer alone. Other prominent infostealer families like RisePro, Vidar, StealC, and RedLine spread across the country like wildfire.

By October 2025, reports surfaced that 183 million Gmail credentials had been stolen through infostealer malware campaigns, with a significant portion belonging to Indian users. These malware variants silently extracted passwords, browser cookies, cryptocurrency wallets, and authentication tokens, giving attackers the keys to victims' entire digital lives.

The Education Sector: A Prime Target

India's education sector became the most attacked globally in 2025, facing an average of 4,175 to 4,248 attacks per week, with peaks exceeding 9,800 weekly attacks. The rapid digitalization of education, accelerated by the pandemic, created a vast attack surface with often underfunded cybersecurity frameworks.

340 educational institutions were hit by ransomware in 2025, with student data from 12 million records compromised. Online examination systems were disrupted, potentially affecting the academic futures of countless students. Research data from premier institutions was stolen, potentially setting back years of academic work and giving competitors or foreign entities access to valuable intellectual property.

The Banking Sector's Escalating Crisis

The banking, financial services, and insurance (BFSI) sector experienced a 15% year-on-year increase in cyberattacks, averaging 4.1 million attacks monthly from January to June 2025. DDoS attacks during peak banking operations increased by 172%, while employee-targeted attacks rose by 46%.

The Central Bank of India experienced a compromise of its phishing infrastructure, while multiple banks and fintech platforms reported surges in AI-generated phishing scams. The average cost of a data breach in India's financial sector reached an all-time high of INR 220 million in 2025, marking a 13% increase from the previous year.

Government Infrastructure: A Vulnerable Foundation

Government organizations faced 4,731 attacks per week in 2025. The UIDAI (Unique Identification Authority of India) services were targeted in a DDoS attack aimed at disrupting Aadhaar-based authentication. The Defence Research and Development Organisation (DRDO) experienced spear-phishing campaigns, while APT36 carried out cyber espionage against Indian defense and government sectors using Crimson RAT malware.

Multiple state e-governance portals were hacked, leading to leaks of citizen Aadhaar and bank details. Many government platforms lacked basic HTTPS encryption and suffered from outdated plugins and weak admin passwords, making them easy targets for even moderately skilled attackers.

The Cloud Misconfiguration Crisis

Cloud misconfigurations emerged as one of the critical risk areas driving cyberattacks in 2025. Less than 9% of sensitive cloud data remained encrypted, and many organizations struggled to detect breaches within the first hour. The Angel One breach was a textbook example of how a simple misconfiguration—an unsecured AWS bucket—could expose millions of users' data.

As Indian businesses rushed to adopt cloud services, security often became an afterthought. The convenience and scalability of cloud computing came with new responsibilities that many organizations weren't prepared to handle.

The Ransomware Evolution

Ransomware attacks in 2025 affected an estimated 7% to 10% of organizations nationwide. However, the nature of these attacks evolved significantly. Attackers increasingly focused on data theft and extortion rather than just encryption, employing double and triple extortion tactics.

Software supply chains became a significant entry point, with 90% of Indian respondents in a survey reporting ransomware attacks originating from partners. This meant that even organizations with robust security could be compromised through their vendors and service providers.

The Skills Crisis Nobody's Addressing

While cyber threats escalated, India faced a critical shortage of cybersecurity professionals. The country needs 1 million additional cybersecurity professionals by 2026, but currently has only about 200,000 trained professionals—a staggering 80% demand-supply gap.

The average time to fill a cybersecurity position stretched to 6-8 months, during which organizations remained vulnerable. But it wasn't just about numbers—there was a critical lack of expertise in emerging technologies like AI/ML security, cloud security, and IoT security. The workforce that existed often lacked practical experience with real-world threat scenarios and had insufficient focus on offensive security and red teaming.

CERT-In's Response: New Mandates for 2026

Recognizing the escalating threat landscape, CERT-In (Indian Computer Emergency Response Team) introduced significant new guidelines effective July 25, 2025. The CISG-2025-02 guidelines made annual third-party cybersecurity audits mandatory for all public and private entities operating in India's digital ecosystem.

These audits must align with ISO/IEC 27001 standards and focus on business risk. CERT-In also maintained its 6-hour breach reporting requirement and log retention policies. The World Economic Forum's Global Cybersecurity Outlook 2025 report featured a case study commending CERT-In's initiative to enhance cybersecurity resilience in cooperative banks through an eight-month program involving cyber drills.

Why India Needs a Dedicated Cyber Force

The events of 2025 demonstrated beyond doubt that India's current fragmented approach to cybersecurity is inadequate. Multiple agencies—CERT-In, CBI Cyber Crime Cell, State Police—operate in silos, leading to inefficiency and delayed responses. The Kolkata Police breach showed that even specialized cybercrime units lack the resources and expertise to protect themselves, let alone the public.

What India needs is a unified Indian Cyber Defense Force (ICDF) with five specialized tiers:

Cyber Intelligence Wing would handle threat intelligence gathering, dark web monitoring, attribution of cybercriminal groups, and international coordination with agencies like FBI, Interpol, and Europol.

Incident Response Teams would provide rapid response to cyber incidents, conduct digital forensics and evidence collection, perform malware analysis and reverse engineering, and coordinate with affected organizations.

Critical Infrastructure Protection teams would be dedicated to each critical sector—power grids, financial systems, healthcare, transportation—providing continuous monitoring, security audits, and resilience testing.

Cyber Offense Capabilities would enable offensive cyber operations against hostile actors, disruption of cybercriminal infrastructure, counter-intelligence operations, and cyber warfare preparedness.

Training and Capacity Building would establish a National Cyber Security Academy, certification programs for professionals, public awareness campaigns, and collaboration with educational institutions to address the skills gap.

With a proposed annual budget of ₹15,000 crore allocated across personnel (₹5,000 crore for 25,000 professionals), technology and infrastructure (₹6,000 crore), training and development (₹2,000 crore), and research and innovation (₹2,000 crore), the ICDF could transform India's cyber defense posture.

The Path Forward for 2026

The immediate action plan for 2026 must include fast-tracking the establishment of ICDF with initial deployment by Q3 2026, mandatory security audits for all government systems by June 2026, and a ₹5,000 crore emergency fund for critical infrastructure upgrades.

Organizations must implement Zero Trust Architecture across all networks, deploy AI-powered threat detection systems, conduct quarterly security audits and penetration testing, and provide employee cybersecurity training (minimum 40 hours annually). Incident response plans must be tested every quarter, and cyber insurance coverage should be mandatory for all critical operations.

Individuals have a crucial role too. Multi-factor authentication on all accounts, regular software updates, awareness of AI-powered scams and deepfake threats, secure password management, verification protocols for financial transactions, and regular monitoring of financial statements are no longer optional—they're survival skills in the digital age.

Learning from Global Leaders

Israel's Unit 8200 cyber intelligence unit, National Cyber Directorate, and thriving startup ecosystem (representing 20% of global cybersecurity startups) demonstrate the power of integrated military, government, and private sector collaboration.

Singapore's Cybersecurity Act 2018, SingCERT rapid incident response, unified Cyber Security Agency, and effective public-private collaboration provide a model for comprehensive national cybersecurity.

Estonia's X-Road secure data exchange platform, blockchain-based e-Residency digital identity, volunteer Cyber Defense League, and hosting of NATO's Cooperative Cyber Defence Centre showcase how a small nation can become a global leader in digital resilience.

A Call to Action

The cybercrime crisis of 2025 has demonstrated beyond doubt that India can no longer afford a fragmented, reactive approach to cybersecurity. The establishment of a National Cybersecurity Force is not just desirable—it is imperative for national security, economic stability, and the protection of 1.4 billion citizens.

Every day of delay costs India thousands of crores in economic losses, compromises citizen data, and weakens national security. The events of 2025—from the Angel One breach to Operation Sindoor's cyber warfare campaign, from the healthcare sector's siege to the education system's vulnerability—have shown us the cost of inaction.

The window of opportunity is narrow. As cyber threats become more sophisticated with AI, quantum computing, and state-sponsored attacks, India must act decisively. The proposed Indian Cyber Defense Force, backed by adequate resources, skilled personnel, and political will, can transform India from a vulnerable target to a resilient digital nation.

India's digital future depends on the decisions we make today. Let 2026 be the year we take control of our cyber destiny.

---

For more insights on cybersecurity trends and best practices, follow our blog and connect with our team at P.I.V.O.T Security.