Cyber security in India 2025: attacks rise across sectors

Cyber security in India 2025 is marked by a sharp escalation in attack volumes and growing sophistication of threat techniques, according to a new industry report tracking threat activity across Indian organisations.

The findings point to sustained pressure across both public and private sectors, driven by rapid digital adoption, expanding cloud usage, and the increasing use of AI-assisted attack methods. Weekly attack volumes in India remain well above global averages, placing the country among the most targeted worldwide.

India among the most targeted countries globally

The report shows that Indian organisations faced an average of 2,011 cyberattacks per week during 2025, significantly exceeding global benchmarks across industries.

Education emerged as the most targeted vertical worldwide, with institutions experiencing between 4,248 and 9,817 attacks per week. Telecommunications, healthcare, financial services, and government bodies also recorded consistently high attack volumes, highlighting India’s broad exposure across critical sectors.

Rising incidents and financial losses

India’s cyber threat landscape reflects a steep rise in reported incidents over recent years. Cyber incidents increased from approximately 1.03 million in 2022 to 2.27 million in 2024, with early indicators in 2025 suggesting continued growth.

Financial impact remains substantial. Losses reported on the National Cyber Crime Reporting Portal reached Rs 36,450 crore by February 2025. The majority of these losses were attributed to phishing-led UPI fraud, AI-assisted social engineering, SIM swap attacks, and deepfake-enabled scams.

These trends underline how digital payments, connected infrastructure, and cloud-based systems have expanded the national attack surface.

Cloud misconfigurations emerge as a critical risk

Cloud security misconfigurations were identified as a major driver of breaches in India. The report cites several incidents, including one that exposed 500GB of personal and biometric data due to an unsecured cloud storage bucket.

The exposed data included records linked to law enforcement and military personnel, illustrating the severity of misconfiguration-related risks. Over-permissive access controls, unmanaged identities, and weak visibility into cloud environments continue to amplify breach impact.

Despite rising incidents, less than 9 percent of sensitive cloud data is encrypted. Only a small proportion of organisations are able to detect or remediate breaches within the first hour, significantly increasing potential damage.

Infostealer malware gains ground

Infostealer malware activity expanded rapidly during 2025. Between March and May, 44,197 Windows devices in India were compromised by Lumma Stealer.

Other active malware families included RisePro, Vidar, StealC, and RedLine, many of which now feature modular architectures and advanced credential theft capabilities. In enterprise environments, AgentTesla and FormBook remained dominant, with AgentTesla infections rising 22 percent year over year, largely through targeted phishing campaigns.

Ransomware pressure remains elevated

Ransomware continued to affect between 7 and 10 percent of Indian organisations, with notable spikes in the education sector. Attackers increasingly combined data exfiltration with extortion tactics, rather than relying solely on system encryption.

The report notes greater use of zero-day vulnerabilities, AI-powered reconnaissance, and legitimate system tools to evade detection and maximise operational disruption.

Industry voices highlight strategic shifts

Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India and South Asia, said India’s rapid digital expansion requires security strategies to evolve at a faster pace than emerging threats.

He emphasised securing AI systems against adversarial manipulation while also using AI-powered intelligence to predict and prevent attacks, positioning cyber security as a foundational enabler of trust and resilience.

Aathir Ahad, Chief Information Security Officer, Wipro, pointed to a changing risk environment for India’s IT services industry, shaped by coordinated attacks and geopolitical factors. He highlighted intelligence-driven security, identity-first approaches, and security engineered across global operations as long-term priorities.

A widening attack surface in 2025

Taken together, the findings illustrate how cyber security in India 2025 is being shaped by the convergence of cloud adoption, AI-driven threats, and expanding digital ecosystems. With attack volumes rising across sectors, the report underscores the need for faster detection, stronger cloud governance, and security strategies built for scale and complexity.