Cybersecurity News in Asia

Amid rapid digitalization and lagging cybersecurity oversight, India buckles up

By Balasubramanian Swaminathan, IMAWS | Monday, December 22, 2025, 4:50 AM Asia/Singapore

Two native industry observers share their diagnoses and prognoses about inadequate monitoring, weak data controls, and regulatory delays.

While the government of India remains focused on protecting citizens from multiple online scams, including digital arrest and voice-based fraud, cyberattacks on enterprises continue to rise.

The country has faced significant ransomware challenges, with more than 340 victim organizations reported as targets by multiple ransomware groups, according to data from ransomware.live.

This reflects a growing threat landscape in India, with at least 73 distinct ransomware groups active against Indian entities.

Lack of clear stakeholdership

Recent prominent attacks have reportedly affected organizations such as Star Health, Aditya Birla Capital Digital (ABCD) App, Sant Parmanand Hospital (Delhi), NKS Super Specialty Hospital (Delhi), Kolkata Police Cyber Crime Wing, Nippon Life India Asset Management (NAM India), and the Central Bank of India.

Victims span multiple sectors, though the most-affected have been in banking, financial services, and healthcare — highlighting how cybercriminals exploit vulnerabilities across critical infrastructure and enterprises.

One major reason for the increasing enterprise attacks in India appears to be insufficient ownership of cybersecurity responsibilities. According to Balaji S, Director, Vyapini Tech Services, many organizations still assume that cyberattacks only involve ransomware or infrastructure breaches. He noted: “Weak cybersecurity practices can also contribute to broader real-world crimes. With India’s large, diverse population, healthcare data and analytics can be particularly valuable, underscoring the importance of robust security controls to protect sensitive information.”

Cyber regulation lagging behind digitalization

Financial institutions also remain sought-after targets because they store large amounts of confidential information, including customer details and financial data.

The growing use of digital payment systems, online trading, and even crypto investments after the COVID-19 pandemic has broadened the potential attack surface for cybercriminals.

Systems such as the Unified Payments Interface have accelerated digital transactions, but have also introduced new points of vulnerability.

Rapid digital adoption often forces organizations to integrate legacy systems with new cloud or fintech platforms, creating complex environments with inherent security challenges.

Gaps in monitoring and preparedness

According to Anand V, CEO, Raksha Technologies, many breaches in India can be attributed to inadequate monitoring rather than to any specific sectoral weakness.

While banking and healthcare draw attention, he observed: “All industries in India remain vulnerable. There has been a case involving an automotive company that faced serious disruption following a cyberattack. The cyber incident at Jaguar Land Rover had temporarily halted global production and caused significant financial losses.”

When taking such gaps in monitoring and preparedness amid furious post-pandemic digitalization, experts agree that cybersecurity requires organization-wide awareness rather than being limited to the role of the Chief Information Security Officer.

Are these positive measures enough?

One positive step taken by the government in response is the mandatory security audit for Micro, Small, and Medium Enterprises, introduced by the Indian Computer Emergency Response Team to ensure a basic level of defense across this critical sector. The audits fall under Section 70B of the Information Technology Act, 2000.

The government is also turning its attention to the Digital Personal Data Protection Act, expected to reshape India’s digital landscape. Citizens — referred to as Data Principals — will gain rights to have their data deleted or corrected and to control how their consent is used.

Organizations, defined as Data Fiduciaries, will be required to implement strict, verifiable security measures and publish clear privacy statements to ensure that data is processed solely for its intended purpose.

The country’s Data Protection Board will oversee compliance, reinforcing digital accountability as a core legal and business obligation for all entities operating in India.

Are these measures enough, or will the execution and regulatory vigor be enough to sustain positive results? Time will tell.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

How a Vietnamese D2C retailer built its own secure digital infrastructure
Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

Digital Identity Co. Modernizes Thailand Immigration Bureau Services with AWS
Friday, May 29, 2026
Mobile app enables travelers to …Read More »
VIVOTEK VORTEX Powers AI Cloud Security in Denmark’s Kongens Ege Mixed-Use Development
Thursday, May 28, 2026
TAIPEI, May 28, 2026 /PRNewswire/ …Read More »
DJI Releases Findings of the Most Comprehensive Independent Security Assessment of Its Drone Systems to Date
Thursday, May 28, 2026
Zero Critical, High, or Medium-Risk …Read More »
AUTOCRYPT Achieves WebTrust Accreditation for V2X PKI Infrastructure
Tuesday, May 26, 2026
SEOUL, South Korea, May 26, …Read More »
CPRO, a Leader in the Physical AI Security Industry, to be Publicly Listed on a U.S. National Securities Exchange Through Business Combination with Lakeshore Acquisition III Corp.
Tuesday, May 26, 2026
CPRO is a fast-growing physical …Read More »

Cybersecurity News in Asia

Featured

Hidden trade-offs behind enterprise AI ambitions

Featured

Is secure issuance a solved problem, or is the debate more complex?

Featured

Cyber risk, fraud, and CX: Why banks can’t treat them separately anymore