Source: ET

Why in News?

The Parliamentary Standing Committee on Home Affairs underscored the escalating cyber threats in India, calling for greater public awareness, enhanced cyber safety, and stronger digital security as internet penetration and online transactions rapidly expand.

What are the Key Cyberthreats India is Facing?

• Cyber-enabled Financial Frauds: India is witnessing a surge in phishing, ransomware, identity theft, UPI and online banking frauds. 
  • In 2024, the nation recorded 1.91 million cybercrime complaints, reflecting the scale of digital financial vulnerability.
• Ransomware & Malware Attacks: Hospitals, government databases, and critical private enterprises are prime targets of ransomware and malware. 
  • The AIIMS Delhi cyberattack (2022) exposed the fragility of health and public service systems.
• Critical Infrastructure Vulnerability: Strategic assets such as power grids, telecom networks, nuclear facilities, and ports face persistent cyber sabotage threats. 
  • The Kudankulam Nuclear Power Plant attack (2019) underscored risks to national security.
• Data Breaches & Privacy Risks: Frequent cyber intrusions into government and private sector databases have led to large-scale personal data leaks. 
  • The Air India breach (2021) compromised information of nearly 4.5 million passengers.
• Deepfa kes & Misinformation: AI-driven deepfake content and fake news campaigns threaten social cohesion, democratic institutions, and electoral integrity. 
  • The 2024 election campaign saw deepfake videos of political leaders circulating widely.
• Dark Web & Cyber Terrorism: The dark web is increasingly exploited for radicalization, illegal arms/narcotics trade, and terror financing via cryptocurrencies. Such covert networks intensify organized crime and cyber terrorism in India.

What Factors are Undermining the Effectiveness of India’s Cybersecurity Framework?

• Inadequate Legal and Regulatory Framework: Existing laws like the IT Act, 2000, and the Digital Personal Data Protection Act, 2023, lack specific provisions for emerging threats such as AI-enabled attacks and deepfakes.
• Shortage of Skilled Cybersecurity Professionals: India faces a massive gap in trained cybersecurity experts to monitor and respond to threats in real-time. 
  • A report by NASSCOM states thatIndia needs at least one million cybersecurity professionals, but currently has less than half that number.
• Rapid Digitalization and Low Cyber Awareness: As India’s digital ecosystem expands rapidly, the scale and sophistication of cyber threats have also risen in tandem
  • Also, India faces weak cyber hygiene among citizens, with many users failing to identify phishing attacks, fraudulent websites, and scam calls, while limited digital literacy programs in rural areas further increase vulnerability to cyber fraud.
• Weak Protection of Critical Infrastructure: Power grids, telecom networks, and nuclear plants remain vulnerable due to outdated security protocols.
  • At the same time, SMEs and critical sectors in India lack robust defenses, and reliance on imported IT/telecom equipment increases risks of embedded vulnerabilities.
• Fragmented Coordination Among Agencies: Multiple agencies like CERT-In, National Critical Information Infrastructure Protection Centre, and private stakeholders operate with limited coordination, causing delays in threat detection and response.

What Measures Should be Adopted to Strengthen Cybersecurity Framework in India?

• Strengthen Legal & Regulatory Framework: The IT Act, 2000 needs urgent updates to cover AI, deepfakes, and ransomware threats. Strong enforcement of the Digital Personal Data Protection Act, 2023 with clear accountability is essential.
• Institutional & Audit Reforms: Mandate cybersecurity audits and stress tests in critical sectors like banking, healthcare, and utilities. 
  • Establish district-level cybersecurity units for localized threat management and strengthen coordination with CERT-In.
• Strengthen Critical Infrastructure: Enforce two-factor authentication (2FA), data encryption, and real-time monitoring systems in critical sectors like banks. 
  • India should promote Zero-Trust Architecture in critical sectors (continuous verification instead of perimeter-only defense).
• Promote Indigenous Cybersecurity Solutions: India should push for Make in India cybersecurity tools to reduce foreign dependence. Startups developing AI-based threat detection must be supported through funding and incubation.
• Improve Cyber Hygiene & Awareness: Launch nationwide cyber literacy campaigns in regional languages, targeting rural communities, youth, and senior citizens.
  • Integrate cybersecurity education in schools and universities, supported by secure infrastructure and staff training, to build digital resilience from an early stage.

Conclusion

Cyberthreats in India have moved beyond mere financial frauds to encompass national security, privacy, and democratic integrity. With the rapid digitization of governance and economy, India’s vulnerability to ransomware, data breaches, deepfakes, and critical infrastructure sabotage has increased manifold. A multi-pronged approach involving robust cyber laws, institutional capacity, public awareness, and global cooperation is essential to secure India’s cyberspace and safeguard its developmental trajectory.