Cybersecurity News in Asia

Amid rapid digitalization and lagging cybersecurity oversight, India buckles up

By Balasubramanian Swaminathan, IMAWS | Monday, December 22, 2025, 4:50 AM Asia/Singapore

Two native industry observers share their diagnoses and prognoses about inadequate monitoring, weak data controls, and regulatory delays.

While the government of India remains focused on protecting citizens from multiple online scams, including digital arrest and voice-based fraud, cyberattacks on enterprises continue to rise.

The country has faced significant ransomware challenges, with more than 340 victim organizations reported as targets by multiple ransomware groups, according to data from ransomware.live.

This reflects a growing threat landscape in India, with at least 73 distinct ransomware groups active against Indian entities.

Lack of clear stakeholdership

Recent prominent attacks have reportedly affected organizations such as Star Health, Aditya Birla Capital Digital (ABCD) App, Sant Parmanand Hospital (Delhi), NKS Super Specialty Hospital (Delhi), Kolkata Police Cyber Crime Wing, Nippon Life India Asset Management (NAM India), and the Central Bank of India.

Victims span multiple sectors, though the most-affected have been in banking, financial services, and healthcare — highlighting how cybercriminals exploit vulnerabilities across critical infrastructure and enterprises.

One major reason for the increasing enterprise attacks in India appears to be insufficient ownership of cybersecurity responsibilities. According to Balaji S, Director, Vyapini Tech Services, many organizations still assume that cyberattacks only involve ransomware or infrastructure breaches. He noted: “Weak cybersecurity practices can also contribute to broader real-world crimes. With India’s large, diverse population, healthcare data and analytics can be particularly valuable, underscoring the importance of robust security controls to protect sensitive information.”

Cyber regulation lagging behind digitalization

Financial institutions also remain sought-after targets because they store large amounts of confidential information, including customer details and financial data.

The growing use of digital payment systems, online trading, and even crypto investments after the COVID-19 pandemic has broadened the potential attack surface for cybercriminals.

Systems such as the Unified Payments Interface have accelerated digital transactions, but have also introduced new points of vulnerability.

Rapid digital adoption often forces organizations to integrate legacy systems with new cloud or fintech platforms, creating complex environments with inherent security challenges.

Gaps in monitoring and preparedness

According to Anand V, CEO, Raksha Technologies, many breaches in India can be attributed to inadequate monitoring rather than to any specific sectoral weakness.

While banking and healthcare draw attention, he observed: “All industries in India remain vulnerable. There has been a case involving an automotive company that faced serious disruption following a cyberattack. The cyber incident at Jaguar Land Rover had temporarily halted global production and caused significant financial losses.”

When taking such gaps in monitoring and preparedness amid furious post-pandemic digitalization, experts agree that cybersecurity requires organization-wide awareness rather than being limited to the role of the Chief Information Security Officer.

Are these positive measures enough?

One positive step taken by the government in response is the mandatory security audit for Micro, Small, and Medium Enterprises, introduced by the Indian Computer Emergency Response Team to ensure a basic level of defense across this critical sector. The audits fall under Section 70B of the Information Technology Act, 2000.

The government is also turning its attention to the Digital Personal Data Protection Act, expected to reshape India’s digital landscape. Citizens — referred to as Data Principals — will gain rights to have their data deleted or corrected and to control how their consent is used.

Organizations, defined as Data Fiduciaries, will be required to implement strict, verifiable security measures and publish clear privacy statements to ensure that data is processed solely for its intended purpose.

The country’s Data Protection Board will oversee compliance, reinforcing digital accountability as a core legal and business obligation for all entities operating in India.

Are these measures enough, or will the execution and regulatory vigor be enough to sustain positive results? Time will tell.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach
Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
Zero Trust Made Simple: Why it matters and how to get started
Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
Cloud Secure Edge: Remote access, better security
SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

How a Vietnamese D2C retailer built its own secure digital infrastructure
Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations
Saturday, June 27, 2026
PETALING JAYA, Malaysia, June 26, …Read More »
DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments
Thursday, June 25, 2026
New White Paper Outlines Best …Read More »
At VivaTech 2026, Taiwan-Based MaiAgent Says Enterprises Should Stop Building RAG and AI Agent Systems From Scratch
Friday, June 19, 2026
TAIPEI and PARIS, June 19, …Read More »
How large-scale AI drives the evolution of video encoding to intelligent understanding
Thursday, June 18, 2026
HANGZHOU, China, June 18, 2026 …Read More »
Crisis24 Opens Global Maritime Operations Center in Manila to Power Intelligence, Consulting and Crisis Response Services
Thursday, June 18, 2026
New 24/7 operations center anchors …Read More »

Cybersecurity News in Asia

Featured

S E Asia governments targeted by cyber-espionage group

Featured

Rethinking network and infrastructure design for resilience

Featured

Bringing cybercriminals to justice in APAC