India’s Cybersecurity Imperative

India’s cyber threat landscape is entering a new phase where AI-driven attacks can autonomously detect and exploit vulnerabilities at machine speed, compressing the entire attack cycle into minutes. With over 265 million cyberattacks recorded in 2025 and nearly 60% originating from the China–Pakistan axis, the scale and persistence of threats have intensified. As critical infrastructure, from power grids to financial systems, becomes increasingly digitised yet remains unevenly secured, vulnerabilities are widening. In this context, cybersecurity is no longer a technical safeguard but a core pillar of national security and strategic sovereignty. 

What are the Key Developments Shaping India’s Cybersecurity Landscape? 

• Digital Public Infrastructure (DPI) as Security Backbone: India’s DPI embeds security-by-design at scale, enabling authentication, traceability, and fraud control across sectors, especially finance. 
  • With 86%+ internet-connected households and billions of monthly UPI transactions, India has created one of the world’s largest secure digital ecosystems. 
  • It creates a standardised, interoperable security layer, which can be extended to sectors like health, education, and logistics. 
• Strengthening Institutional & Policy Architecture: India is building a multi-layered governance framework with CERT-In, NCIIPC, and I4C, moving toward proactive monitoring. 
  • Policy initiatives like mandatory incident reporting and audits are enhancing accountability and compliance culture. 
    • Cyber Swachhta Kendras (Botnet Cleaning and Malware Analysis Centre) enables users to detect, analyze, and clean their systems of botnets and malware, securing India's digital ecosystem. 
  • The Citizen Financial Cyber Fraud Reporting and Management System (CFCFMS), a key component of the Indian Cyber Crime Coordination Centre (I4C), has significantly strengthened India’s response to financial cyber frauds by enabling real-time reporting and swift action. 
• Operative Enforcement of the DPDP Act and Rules: The full enforcement of the Digital Personal Data Protection (DPDP) Act 2023 and 2025 rules has transitioned data privacy from a voluntary ethical guideline to a mandatory corporate survival pillar.  
  • Organizations are now legally compelled to redesign legacy systems to support individual rights like data erasure and breach notification, or face crippling financial penalties. 
  • Non-compliance now carries penalties up to ₹250 crore per incident, driving enterprise security spending. 
• Indigenous AI-led Cybersecurity Capabilities: India is pivoting toward "AI-Sovereignty" by leveraging domestic Large Language Models (LLMs) and predictive analytics to automate threat hunting and neutralize deepfake-led financial fraud at scale.  
  • By embedding AI into the national security fabric, the state is reducing reliance on foreign proprietary tools and enabling a self-learning defense system that adapts to local threat vectors in real-time.  
  • Tools like Vastav AI are detecting manipulated digital media, especially focusing on identifying deepfake videos with high accuracy. 
  • In early 2026, the IndiaAI Mission successfully onboarded 38,000 GPUs to power indigenous models, significantly strengthening cybersecurity by reducing dependence on foreign digital infrastructure, thereby enhancing data sovereignty and resilience against cyber threats. 
• Expanding Cybersecurity Market: Cybersecurity is emerging as a high-growth strategic sector, driven by rising threat perception and enterprise prioritisation. 
  • India's cybersecurity market is poised for significant expansion, expected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030.  
  • This expansion is fostering a vibrant startup ecosystem and innovation pipeline, especially in AI-security solutions.  
  • It also reflects a shift from cost-centre mindset to strategic investment, integrating cybersecurity into core business decisions. 
• Sectoral Cyber Resilience in Critical Infrastructure: Focused efforts are strengthening cybersecurity across power, banking, telecom, and public systems, enhancing resilience. 
  • For instance, in 2025, the Indian Computer Emergency Response Team (CERT-In) conducted 122 cybersecurity drills and exercises, including tabletop simulations involving 1,570 organisations across both public and private sectors.  
  • These covered critical domains such as defence, paramilitary forces, space, atomic energy, telecommunications, finance, power, and oil and gas industries. 
• Statutory Deepfake Control: The 2026 IT Rule Compression: The notification of the IT (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026 has introduced an aggressive takedown window for "Synthetically Generated Information" (SGI).  
  • Through this, India is forcing global platforms to treat deepfakes as immediate national security threats rather than passive content violations. 
  • The legislative pivot from a 36-hour to a 3-hour takedown mandate for "unlawful" synthetic content effectively eliminates the "virality window" used by malicious actors to sway public opinion or commit fraud. 

What are the Major Challenges Confronting India’s Cybersecurity Landscape? 

• Weaponization of Autonomous AI & "Zero-Day" Discovery: The democratization of generative AI allows adversaries to automate the discovery of software vulnerabilities and execute attacks at machine speed, far outpacing human response capabilities.  
  • This creates a "detection lag" where traditional security measures fail against polymorphic malware that rewrites itself to evade signature-based defenses.  
  • Anthropic’s 2026 "Project Glasswing" revealed that AI can autonomously chain "zero-day" exploits.  
    • Concurrently, India faced over 265 million cyberattacks in 2025 ( as per India Cyber Threat Report 2026) , many leveraging AI-driven reconnaissance. 
• Infrastructure Vulnerability- The Critical Sector Target: India’s critical information infrastructure (CII), including healthcare, power grids, and financial hubs, remains a primary target for state-sponsored and ransomware actors.  
  • Legacy OT (Operational Technology) systems are being connected to the internet without adequate segmentation, creating "backdoors" into national security assets. 
  • The convergence of IT and OT has created a systemic risk where a single breach in a utility provider can cascade into a nationwide service blackout. 
  • For instance, High-profile cyber breaches, such as the 2025 Star Health and Allied Insurance data leak affecting 31 million policyholders and the 2022 ransomware attack on All India Institute of Medical Sciences (AIIMS), New Delhi, have exposed vast volumes of sensitive personal and institutional data, underscoring critical vulnerabilities in India’s cybersecurity infrastructure.  
• Geopolitical "Grey Zone" Warfare & Attribution Deficit: State-sponsored actors from the "China-Pakistan axis" utilize cyber-espionage to map India’s strategic assets while maintaining plausible deniability through proxy "hacktivist" groups.  
  • This "grey zone" conflict bypasses traditional military deterrence, focusing on long-term persistence and intelligence theft rather than immediate destruction.  
  • For instance, the activities of Transparent Tribe (APT36), a Pakistan-based APT group, targeting Indian defence personnel and diplomatic networks through phishing campaigns and malware, illustrate how such actors operate covertly while avoiding direct attribution. 
• Financial Contagion & Digital Payment Vulnerabilities: The rapid scaling of UPI and digital banking has outpaced the implementation of robust "Zero Trust" architectures, making the financial switch a prime target for systemic disruption.  
  • A single successful breach at a clearinghouse level could trigger a "liquidity freeze," eroding public trust in the digital economy overnight.  
  • In the first half of FY26 (April–September 2025), the total amount involved in banking frauds rose by 30% year-on-year, reaching ₹21,515 crore.  
    • Notably, while the number of cases fell, the value per incident surged, largely due to high-value loan frauds.  
    • Further, digital arrest scams have surged nationwide, with citizens losing hundreds of crores through impersonation of police/CBI/ED officials, exposing the human layer of fintech vulnerability. 
• Data Sovereignty & The "Cloud Concentration" Risk: India lacks a fully localized, hyperscale cloud ecosystem, forcing government and private entities to store sensitive metadata on servers owned by foreign Big Tech.  
  • This "extraterritoriality" creates legal hurdles for data retrieval during investigations and leaves Indian data subject to foreign surveillance laws (e.g., the US CLOUD Act). 
  • Over 70% of Indian enterprises store sensitive data on foreign cloud infrastructure. Dominant hyperscalers (Amazon Web Services (AWS), Microsoft Azure, and Google Cloud) collectively control the majority of the Indian public cloud market. 
• The "Human Firewall" & Skill-Gap Paradox: While India is an "IT superpower," there is a catastrophic shortage of high-end cybersecurity professionals capable of "Red Teaming" (ethical hacking) or AI-forensics.  
  • The "compliance-only" culture in many Indian firms treats security as a checkbox rather than a dynamic operational priority, leading to widespread "insider-threat" risks.  
  • For instance, India has only around 380,000 cybersecurity professionals against a demand exceeding 1.2 million, highlighting a significant talent gap. 
• Regulatory Fragmentation & Incident Reporting Lag: The cybersecurity governance framework is currently split across multiple agencies (CERT-In, NCIIPC, I4C), leading to "siloed intelligence" and delayed response times during multi-vector attacks.  
  • Mandates for reporting breaches within 6 hours are often ignored by companies fearing "reputational contagion" and regulatory penalties.  
    • Also, lack of transparency prevents the "collective immunity" gained from sharing threat intelligence. 
• Deepfakes & Information Warfare (Cognitive Hacking): The rise of hyper-realistic AI-generated content (Deepfakes) has moved cybersecurity into the realm of "cognitive warfare," where the target is not the server, but public opinion and social cohesion.  
  • Nearly 65% of companies in India (60% worldwide) report experiencing deepfake-driven attacks, and 55% in India (48% globally) report reputational damage tied to AI-generated misinformation or impersonation campaigns. 
  • Also, during election cycles or civil unrest, these tools are used to trigger "algorithmic riots" by spreading targeted disinformation.  

What Measures are Needed to Strengthen India’s Cybersecurity Framework? 

• Unified Cyber Command and Intelligence Fusion: Establish a centralized, apex cyber command to dismantle siloed governance and integrate threat intelligence from multiple disparate agencies into a singular, real-time tactical dashboard.  
  • This fusion center must mandate bidirectional threat-sharing between the public and private sectors using automated, encrypted protocols.  
  • By consolidating incident response under one operational umbrella, the state can orchestrate synchronized countermeasures against multi-vector national security threats.  
    • This structural shift transforms the national defensive posture from reactive fragmentation to proactive, holistic network orchestration. 
• AI-Automated Red Teaming and Continuous Assessment: Deploy indigenous, generative AI systems to conduct continuous, autonomous penetration testing across all critical information infrastructure and state networks.  
  • Moving beyond periodic compliance audits, this dynamic defense mechanism continuously probes for zero-day vulnerabilities and polymorphic malware at machine speed.  
  • By fighting adversarial AI with defensive AI, security teams can predictively patch structural loopholes before external exploitation occurs.  
    • This ensures constant system hardening and dramatically reduces the operational detection lag against sophisticated state-sponsored intrusions. 
• Mandating Strict Zero-Trust Architecture: Enforce a nationwide, phased transition to Zero-Trust Architecture (ZTA) across all critical sectors, completely dismantling the obsolete perimeter-based security model.  
  • This approach necessitates continuous identity verification, micro-segmentation of networks, and strict least-privilege access controls for every user and machine-to-machine interaction.  
  • Transitioning to ZTA severely restricts the lateral movement of threat actors even if the initial network perimeter is successfully breached.  
    • It fundamentally shifts the operational paradigm from assuming internal network safety to a default stance of constant suspicion and verification. 
• Silicon Sovereignty and Hardware Indigenization: Launch an aggressive, targeted mission to systematically replace high-risk foreign hardware in telecom, power, and defense networks with trusted, domestically manufactured components.  
  • This strategy must be coupled with heavy investments in localized semiconductor fabrication and the development of indigenous microprocessors to eliminate deep-seated hardware backdoors.  
  • Achieving true silicon sovereignty ensures that the foundational layer of India's digital economy remains immune to supply-chain weaponization.  
    • It definitively decouples critical national security operations from untrusted, cost-driven geopolitical hardware dependencies. 
• Sovereign Cloud Infrastructure and Data Localization: Accelerate the deployment of highly secure, sovereign hyperscale cloud networks dedicated exclusively to storing classified government and critical enterprise data.  
  • This infrastructure must be governed by stringent data localization mandates that prevent extraterritorial surveillance and ensure immediate judicial accessibility during investigations.  
  • By physically anchoring sensitive digital assets within domestic borders, the state preempts the systemic risks associated with foreign cloud concentration.  
    • This structural isolation guarantees operational continuity and sovereign data integrity during acute geopolitical digital blockades. 
• Cultivating an Elite Cyber-Militia and Micro-Credentialing: Shift the educational paradigm from generalized IT degrees to specialized micro-credentialing in advanced AI-forensics, quantum cryptography, and offensive cyber-tactics. \ 
  • Simultaneously, establish an elite, civilian-military cyber reserve force that can be rapidly mobilized and deployed during large-scale national cyber emergencies.  
  • This initiative addresses the critical skill-gap paradox by building a deeply specialized, agile talent pool focused on immediate tactical interventions.  
    • It elevates the human workforce from passive compliance officers into an active, high-end cognitive defense layer. 
• Cyber Liability Frameworks and Insurance Mandates: Introduce stringent legal frameworks that impose direct fiduciary liability on corporate boards for severe negligence in maintaining mandated, baseline cybersecurity standards.  
  • To counterbalance this friction, mandate comprehensive cyber-insurance for all medium-to-large enterprises, forcing private markets to enforce rigorous security underwriting and risk mitigation.  
  • This economic lever shifts cybersecurity from being viewed as an IT overhead expense to a critical corporate governance and financial risk imperative.  
    • It organically elevates the baseline security posture of the entire private sector through market-driven compliance pressure. 
• Developing Active Cyber Deterrence Capabilities: Pivot the national security doctrine from purely defensive resilience to active cyber deterrence by developing calibrated, offensive digital capabilities.  
  • This involves building the strategic, technical capacity to conduct precise, proportional counter-strikes aimed at degrading an adversary's operational infrastructure.  
  • Establishing a credible threat of retaliatory digital force alters the risk calculus of state-sponsored actors operating aggressively in the geopolitical grey zone.  
  • It signals a definitive end to strategic passivity, establishing a robust, modern deterrent against unprovoked asymmetrical warfare.

Conclusion:

The transition of India’s cyber threat landscape into an AI-driven, machine-speed battlefield necessitates a departure from traditional, reactive security models toward a doctrine of active deterrence and silicon sovereignty. Integrating robust Digital Public Infrastructure with indigenous AI capabilities will be the cornerstone of maintaining strategic autonomy in a fragmented geopolitical order. Ultimately, the resilience of India’s critical infrastructure will depend on its ability to bridge the talent gap and unify its fragmented regulatory architecture into a cohesive national defense shield. 

Drishti Mains Question "The weaponization of Artificial Intelligence has transformed cybersecurity from a technical challenge into a critical pillar of national sovereignty." Discuss in the context of India’s vulnerability to AI-driven "zero-day" exploits and autonomous cyber warfare.