India’s rapid push toward building a $5 trillion digital economy is creating an expanding cyberattack surface that adversaries are already actively exploiting, according to cybersecurity expert Dr. Srinivas Mukkamala. The analysis highlights a widening gap between the country’s digital growth and its security readiness, raising concerns about systemic vulnerability across critical infrastructure, public platforms, and enterprise systems.
Between 2021 and mid-2025, India reportedly recorded more than 2.2 million cybersecurity incidents, averaging over 3,000 attacks per day. Key sectors such as financial services, healthcare, telecom, and government systems have been among the most frequently targeted. The country has also emerged as one of the most heavily attacked globally, with financial losses from cyber fraud reaching tens of thousands of crores of rupees.
The report notes that cyber threats are no longer isolated incidents but part of sustained and coordinated campaigns. Advanced persistent threat groups have been linked to attacks on government and defense-related systems, while large-scale cyber activity has surged during periods of geopolitical tension. These developments suggest that cyber conflict is already an active and ongoing dimension of national security.
Despite significant progress in institutional capacity, including the work of India’s Computer Emergency Response Team (CERT-In), which handles millions of incidents annually, experts warn that defensive maturity has not kept pace with the scale of digital expansion. India’s internet user base has crossed 1 billion connections, but cybersecurity preparedness has not scaled proportionately.
High-profile incidents such as data exposure risks in major digital public infrastructure systems have also raised concerns about security testing and system resilience. The analysis argues that rapid scaling of digital platforms has sometimes been treated as a proxy for security, rather than being validated through rigorous adversarial testing.
The rise of artificial intelligence is further intensifying the threat landscape. AI-generated misinformation, deepfake content, and automated phishing attacks are increasingly being used to manipulate public opinion and target individuals in regional languages. During India’s 2024 general elections, AI-driven content and disinformation campaigns were widely reported, contributing to concerns about electoral integrity in the digital age.
Cybersecurity challenges are also evolving at a technical level, with AI enabling faster vulnerability discovery and more sophisticated attack automation. Techniques such as model poisoning, prompt injection, and system manipulation are emerging risks as organizations rapidly deploy AI systems without fully hardened security frameworks.
The report also highlights structural challenges, including reliance on legacy legal frameworks such as the Information Technology Act, which predates modern cloud infrastructure, digital payment systems, and AI technologies. Meanwhile, cybercrime complaints continue to rise, particularly in regions with lower digital literacy.
Experts argue that India requires a comprehensive national cybersecurity and AI readiness audit to assess systemic vulnerabilities across infrastructure, supply chains, and digital platforms. Such an audit would evaluate the country’s ability to detect, attribute, and respond to AI-enabled attacks while strengthening domestic capabilities in critical technology areas.
The broader recommendation is a three-pronged approach: modernizing cybersecurity strategy to address AI-driven threats, building sovereign AI and infrastructure resilience, and integrating adversarial thinking into workforce development and policy design.
While India’s digital transformation remains one of the fastest in the world, the analysis concludes that economic ambition must be matched with security resilience. Without it, the very infrastructure driving growth could become an expanding target surface for increasingly sophisticated adversaries.
