Make it in India – Building the nation’s cybersecurity and trust infrastructure
As per an estimate, global cyber security spending will grow more than 12% in 2025. It is projected to reach $377 billion in 2028. In the borderless cyber world, India’s cybersecurity is the second most targeted in the world due to sheer number of users in the country. As per a dark web data, over 95 Indian entities in banking and finance, government, healthcare, pharmaceuticals, and telecommunications have been affected. The extent of unreported cases could be double that figure. In 2023 alone, an alarming 83 per cent of Indian organisations reported experiencing cybersecurity incidents. In recent years, cyber threats enhanced by AI or GenAI are rising and also becoming complex. While major attacks are focused on metros like Mumbai, Delhi, Hyderbad and Bangalore, tier II and tier III cities too are emerging as hotspots for cyber threats. Over 369.01 million distinct malware detections have been recorded across 8.44 million endpoints in the past year. E-Signature-Based Detection accounted for 85.44%, while Behaviour-Based Detection comprised only 14.56%. Apart from individual cyber crimes, India is also a victim of state-sponsored cyber espionage campaigns. India has a deeply unstable neighborhood surrounded by one-party rule of China, anarchy of Bangladesh and Nepal and military rule of Pakistan.
An unruly neighborhood with long-standing geo-political border disputes and terrorist networks along the border districts makes India vulnerable to cyber security threats. Cyber attacks are the low-cost asymmetric way of collecting vital intelligence without risking human agent on the ground. India experienced chinese state-sponsored actors attacking the power grid in 2024 and 2020. In 2022, UIDAI had recorded a theft of data. The premier hospital network at AIIMS had also experienced data theft in 2021. A state-of-the-art cyber defence ecosystem is the need of the hour to tackle the growing threat from state and non-state actors.
Make cyber-security infrastructure in India
As online mode becomes the preferred medium of commerce, cyber security becomes the vital link that can disrupt an economy. The impact of cyber security failure is no longer limited to sensitive sectors like defence and energy. A secure cyber infrastructure is a prerequisite to keep a nation safe economically and militarily. AI has enabled automation of malware attacks and conventional cyber risks by automating the process. An AI powered attack can ceaselessly search for vulnerabilities and pose a greater risk to cyber security than a human cyber criminal. It also enables greater plausible deniability for state actors. The Indian Computer Emergency Response Team (CERT-In) reported over 2.04 million registered cyber incidents in India in 2024, representing a significant increase from 1.39 million in 2022. High-profile malware attacks using Winniti malware have been associated with the Chinese state apparatus. Winnti malware has been used by several Chinese state-sponsored groups, including APT41/Barium and APT17, acting on behalf of China’s Ministry of State Security (MSS). The malware came into focus of Indian security establishment when the Indian media group Bennett Coleman And Co Ltd (BCCL) – “The Times Group”; the Unique Identification Authority of India (UIDAI); and the Madhya Pradesh Police Department were targeted. ChamelGang (also known as Camo Fei), a suspected Chinese APT group had targeted AIIMS.
As the geo-political situation worsens amid tariff wars with US and rising cyber aggression of China, India needs a cybersecurity and trust infrastructure that is self –reliant. Indian reliance on Western technology in cybersecurity is a key vulnerability that can be exploited by our neighbours in the event of a conflict. Currently, more than ninety percent of the cyber safety solutions are provided by non-Indian Big Tech giants headquartered outside India. Currently, there is no Indian company among the top ten cyber security companies in the world. Until Indian cybersecurity infrastructure can replace the western reliance to create domestic companies that protect our digital infrastructure, India will never be truly safe. A digitalized India is an asset for the growth of economy but will become a liability until adequate safeguards to protect the digital landscape is developed within the country.
