Two native industry observers share their diagnoses and prognoses about inadequate monitoring, weak data controls, and regulatory delays.
While the government of India remains focused on protecting citizens from multiple online scams, including digital arrest and voice-based fraud, cyberattacks on enterprises continue to rise.
The country has faced significant ransomware challenges, with more than 340 victim organizations reported as targets by multiple ransomware groups, according to data from ransomware.live.
This reflects a growing threat landscape in India, with at least 73 distinct ransomware groups active against Indian entities.
Lack of clear stakeholdership
Recent prominent attacks have reportedly affected organizations such as Star Health, Aditya Birla Capital Digital (ABCD) App, Sant Parmanand Hospital (Delhi), NKS Super Specialty Hospital (Delhi), Kolkata Police Cyber Crime Wing, Nippon Life India Asset Management (NAM India), and the Central Bank of India.
Victims span multiple sectors, though the most-affected have been in banking, financial services, and healthcare — highlighting how cybercriminals exploit vulnerabilities across critical infrastructure and enterprises.
One major reason for the increasing enterprise attacks in India appears to be insufficient ownership of cybersecurity responsibilities. According to Balaji S, Director, Vyapini Tech Services, many organizations still assume that cyberattacks only involve ransomware or infrastructure breaches. He noted: “Weak cybersecurity practices can also contribute to broader real-world crimes. With India’s large, diverse population, healthcare data and analytics can be particularly valuable, underscoring the importance of robust security controls to protect sensitive information.”
Cyber regulation lagging behind digitalization
Financial institutions also remain sought-after targets because they store large amounts of confidential information, including customer details and financial data.
The growing use of digital payment systems, online trading, and even crypto investments after the COVID-19 pandemic has broadened the potential attack surface for cybercriminals.
Systems such as the Unified Payments Interface have accelerated digital transactions, but have also introduced new points of vulnerability.
Rapid digital adoption often forces organizations to integrate legacy systems with new cloud or fintech platforms, creating complex environments with inherent security challenges.
Gaps in monitoring and preparedness
According to Anand V, CEO, Raksha Technologies, many breaches in India can be attributed to inadequate monitoring rather than to any specific sectoral weakness.
While banking and healthcare draw attention, he observed: “All industries in India remain vulnerable. There has been a case involving an automotive company that faced serious disruption following a cyberattack. The cyber incident at Jaguar Land Rover had temporarily halted global production and caused significant financial losses.”
When taking such gaps in monitoring and preparedness amid furious post-pandemic digitalization, experts agree that cybersecurity requires organization-wide awareness rather than being limited to the role of the Chief Information Security Officer.
Are these positive measures enough?
One positive step taken by the government in response is the mandatory security audit for Micro, Small, and Medium Enterprises, introduced by the Indian Computer Emergency Response Team to ensure a basic level of defense across this critical sector. The audits fall under Section 70B of the Information Technology Act, 2000.
The government is also turning its attention to the Digital Personal Data Protection Act, expected to reshape India’s digital landscape. Citizens — referred to as Data Principals — will gain rights to have their data deleted or corrected and to control how their consent is used.
Organizations, defined as Data Fiduciaries, will be required to implement strict, verifiable security measures and publish clear privacy statements to ensure that data is processed solely for its intended purpose.
The country’s Data Protection Board will oversee compliance, reinforcing digital accountability as a core legal and business obligation for all entities operating in India.
Are these measures enough, or will the execution and regulatory vigor be enough to sustain positive results? Time will tell.
