Cybersecurity in India: Challenges, Threats, Initiatives, and Strategy
Cybersecurity refers to the practice of protecting computer systems, networks, and digital data from theft, damage, or unauthorized access. In the era of rapid digitalisation, where governance, economy, and social interaction are increasingly technology-driven, cybersecurity has emerged as a critical component of national security. For India, with its expanding digital economy, rising cybercrimes, and growing strategic vulnerabilities, ensuring robust cybersecurity is essential not only for safeguarding citizens’ data but also for protecting critical infrastructure and maintaining public trust in digital governance.
Factly
As per the information reported to and tracked by CERT-In, the total number of cybersecurity incidents in 2022, 2023, and 22024 are given below:
Year | Total number of cyber security incidents |
2022 | 13,91,457 |
2023 | 15,92,917 |
2024 | 20,41,360 |
Importance
- National Security and Sovereignty
- Critical Infrastructure Protection: Power grids, nuclear plants, financial systems, transportation networks (air, rail), and communication systems are dependent on IT infrastructure. A cyber-attack can cause catastrophic physical damage and cripple the nation.
- Cyber Warfare and Espionage: State-sponsored actors target defense installations, military communications, and government databases to steal sensitive information, sabotage projects, and gain strategic advantage.
- Threat to Sovereignty: Cyber-attacks can be used to manipulate public opinion (via deepfakes, fake news), disrupt elections, and create social unrest, thereby undermining democratic processes and national integrity.
- Economic Security
- Protecting the Digital Economy: With a booming digital payments ecosystem (UPI) and e-commerce, cybersecurity is fundamental to maintaining consumer trust and financial stability. A breach can lead to massive financial fraud.
- Intellectual Property (IP) Theft: Attacks on corporate and R&D institutions (e.g., pharmaceutical, tech companies) aim to steal proprietary data and trade secrets, eroding India’s competitive advantage.
- Business Continuity: Ransomware attacks can halt operations of businesses, hospitals, and essential services, leading to direct financial losses and reputational damage.
- Data Privacy and Individual Rights
- Protection of Citizen Data: Initiatives like Aadhaar, Co-WIN, and health records hold vast amounts of personal identifiable information (PII). A breach violates the fundamental right to privacy (Justice K.S. Puttaswamy vs Union of India judgment).
- Identity Theft and Financial Fraud: Leaked data can be used for identity theft, phishing scams, and blackmail, causing severe harm to individuals.
- Social Stability and Public Order
- Fake News and Disinformation: Malicious actors use social media platforms to spread misinformation, incite violence, and flare up communal tensions, threatening law and order.
- Cyber-Terrorism: Terrorist groups use the internet for recruitment, fundraising, planning, and propaganda. Securing cyberspace is crucial to counter-terrorism operations.
- Governance & Trust
- Strengthens e-governance platforms and digital service delivery by preventing breaches and maintaining citizens’ trust.
- Resilience Against Cybercrime
- Prevents phishing, ransomware, identity theft, and online frauds which impact individuals and businesses.
- International Standing
- Enhances India’s credibility as a trusted digital hub
Major Cybersecurity Threats Faced by India
- Cyber Espionage & State-Sponsored Attacks: Targeting defence networks, government servers, and critical infrastructure (e.g., power grids, satellites).
- Nation-states often engage in cyber warfare, targeting sensitive government databases, defense systems, and critical infrastructure. These attacks may involve the theft of military secrets, disruption of communication networks, or compromising national defense mechanisms. Countries like China and Pakistan have been repeatedly linked to cyber espionage activities in India, targeting sectors like defense, energy, and finance.
- A news report by the New York Times (NYT) claiming that the massive power outage in Mumbai in 2020 could have been due to a cyber-attack from China
- Suspected Chinese hackers targeted India’s power grid in Ladakh (2022), raising concerns over national security.
- Ransomware Attacks: Locking systems and demanding ransom in cryptocurrencies; rising cases in hospitals, banks, and small businesses.
- May 2022 ransomware attack on AIIMS Delhi compromised the data of millions of patients
- Phishing & Identity Theft: Fraudulent emails, fake websites, and mobile apps tricking users into sharing sensitive information.
- Fake Customer Care Numbers: Scammers list fake numbers on Google for banks like SBI or HDFC. When users call, they are tricked into sharing OTPs or installing screen-sharing apps (like AnyDesk), leading to account draining.
- Fraudsters build lookalike bank or UPI apps, tricking users into entering personal information.
- Data Breaches: Leakage of personal data from government portals, banks, telecom companies, and private firms.
- India has witnessed large-scale data breaches where personal data, financial records, and corporate information are stolen. High-profile data breaches in sectors such as banking and telecommunications not only affect citizens but also national security.
- In 2021, Domino’s India data breach exposed 180 million order details, including customer locations and payment info.
- Malware & Botnets: Attacks on digital systems to disrupt services and conduct financial fraud.
- In 2017, the global WannaCry ransomware attack affected systems in India, including Andhra Pradesh police computers.
- Critical Infrastructure Attacks: Attempts to cripple power grids, oil refineries, ports, and transport systems.
- 2020 cyberattack on Mumbai power grid suspected to be linked to Chinese hackers, causing massive blackout in the city.
- Financial & Digital Payment Frauds: Exploiting vulnerabilities in UPI, mobile wallets, and e-commerce platforms.
- 2018 Cosmos Bank cyberattack (Pune) where hackers siphoned ₹94 crore using malware and fraudulent transactions.
- Rising UPI-related fraud cases across states .
- Cyberterrorism & Radicalisation: Use of encrypted platforms, dark web, and social media for propaganda, recruitment, and planning attacks.
- Disinformation & Fake News: Manipulating public opinion, undermining democratic processes, and triggering unrest.
- Election-related disinformation campaigns flagged by Election Commission.
- Disinformation during Farmers’ Protests
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: These attacks overload systems with excessive traffic, rendering essential services unavailable. DDoS attacks on government websites, banking services, and financial institutions can cause widespread disruptions, undermining trust in digital systems and leading to significant economic losses.
Challenges for Cybersecurity in India
India’s cybersecurity landscape is fraught with complex and multi-dimensional challenges that hinder its ability to build a resilient digital ecosystem.
- Technical & Infrastructural Challenges
- Legacy Systems: Many critical infrastructure organizations (e.g., in power, railways) still use outdated legacy systems that are difficult to patch and highly vulnerable to modern cyberattacks.
- Proliferation of IoT Devices: The rapid adoption of Internet of Things (IoT) devices in cities and homes has exponentially increased the attack surface. These devices often have weak security protocols and are easy targets for botnets.
- Supply Chain Attacks: As seen in the SolarWinds breach, attackers compromise a single software supplier to gain access to the networks of all its customers, making defense extremely difficult.
- Human Resource & Awareness Challenges
- Acute Shortage of Skilled Professionals: There is a massive gap between the demand and supply of cybersecurity experts.
- Low Cyber Hygiene Among Citizens: A vast population is new to the internet and lacks awareness of basic practices like using strong passwords, identifying phishing emails, and avoiding suspicious links. This makes them the weakest link.
- Lack of Top-Level Management Focus: In many organizations, cybersecurity is still viewed as an IT cost rather than a strategic business imperative, leading to underinvestment.
- Legal & Regulatory Challenges
- Outdated Legislation: The Information Technology Act, 2000 is ill-equipped to handle modern cyber threats like ransomware, crypto-jacking, and deepfakes. The process of investigation and prosecution is slow.
- Data Privacy Concerns: While the Digital Personal Data Protection (DPDP) Act, 2023 is a step forward, its implementation is key. Previous ambiguities in data storage and processing norms created vulnerabilities.
- Jurisdictional Issues: Cybercrimes are often cross-border. Navigating different international laws and securing cooperation from other countries for investigation and extradition is a major hurdle.
- Operational & Strategic Challenges
- Lack of Coordination: While agencies like CERT-In and NCIIPC exist, coordination between multiple agencies (central and state) and between public and private sectors is often siloed and inefficient.
- Reactive, Not Proactive Approach: India’s cybersecurity posture is often reactive, responding to attacks after they occur, rather than proactively hunting threats and preventing them.
- Attribution Problem: Sophisticated attackers use proxy servers and encryption to hide their identity and location, making it incredibly difficult to attribute an attack to a specific state or group with certainty.
- Economic Challenges
- Underinvestment: Both public and private sectors underinvest in cybersecurity infrastructure, tools, and human resources compared to the scale of the threat.
- Cost of Compliance: For MSMEs, the cost of implementing robust cybersecurity measures can be prohibitively high, making them soft targets.
- Rising Volume & Sophistication of Attacks
- Ransomware, phishing, DDoS, and state-sponsored attacks are becoming more advanced.
- Critical Infrastructure Vulnerabilities
- Power grids, healthcare, nuclear plants, and transport remain exposed (e.g., Mumbai power grid 2020, AIIMS ransomware 2022).
The Way Ahead: A Multi-Pronged Strategy
To address these challenges, India needs a comprehensive, integrated, and proactive strategy.
- Strengthening Legal and Regulatory Framework
- Operationalize the DPDP Act, 2023: Ensure effective implementation of the data protection law to create trust and hold organizations accountable for data breaches.
- Enact a Modern Cybersecurity Law: Revisit and replace the IT Act with a robust, comprehensive cybersecurity law that clearly defines cybercrimes, mandates reporting, and outlines protocols for international cooperation.
- Define Rules for Critical Infrastructure: Mandate stringent, auditable security standards for all operators of Critical Information Infrastructure (CII).
- Building Robust Institutional Capacity
- Augment CERT-In and NCIIPC: Significantly enhance the technical capabilities, manpower, and resources of these nodal agencies to allow for 24/7 threat monitoring and response.
- Promote Cyber Diplomacy: Actively engage in international forums (UN, G20, BRICS) to establish global norms of behavior in cyberspace and foster bilateral agreements for information sharing and joint operations.
- Developing Human Capital
- Integrate Cybersecurity in Education: Introduce cybersecurity concepts in school and university curricula to build a pipeline of talent.
- Large-Scale Upskilling Missions: Launch government-funded programs (in partnership with industry) to rapidly train and certify professionals in niche areas like cyber forensics, threat intelligence, and OT security.
- National Awareness Campaigns: Run continuous public awareness campaigns (on the lines of Swachh Bharat) on cyber hygiene using simple regional language content.
- Fostering Technology Indigenization and R&D
- Promote `Cyber Swadeshi’: Incentivize the development of indigenous cybersecurity products, tools, and solutions through start-up grants and R&D tax benefits.
- Reduce dependence on foreign vendors.
- Invest in AI and Machine Learning: Leverage AI for predictive threat analytics, automated threat detection, and faster response times.
- Develop Quantum-Resistant Cryptography: Start R&D efforts to prepare for the future threat of quantum computing, which can break current encryption standards.
- Enhancing Public-Private Partnership (PPP)
- Threat Intelligence Sharing: Create a secure, anonymized platform for real-time sharing of threat intelligence between government agencies and private sector companies (especially in BFSI, IT, and aviation).
- Joint Cyber Drills: Conduct regular nationwide cyber crisis simulation exercises involving both government and private CII operators to test and improve response plans.
- Adopting a Proactive Security Posture
- Shift to “Zero Trust” Architecture: Move beyond traditional perimeter-based security. Mandate a “never trust, always verify” model for critical networks.
- Encourage Ethical Hacking: Promote and legitimize bug bounty programs where ethical hackers can find and report vulnerabilities in government and critical websites for rewards.
- Resilience & Redundancy
- Regular audits, simulation of cyber-attacks, and multi-layered backup systems.
- Combating Disinformation
- Strengthen fact-checking units and AI-based monitoring to counter fake news.
- International Cooperation
- Active role in UN cyber norms, Budapest Convention, and bilateral CERT collaborations.
Government Initiatives
The Government has also institutionalised a nationwide integrated and coordinated system to deal with cyber-attacks in the country which, inter alia, includes:
- National Cyber Security Coordinator (NCSC) under the National Security Council Secretariat (NSCS) to ensure coordination amongst different agencies.
- Under the provisions of section 70B of the Information Technology (IT) Act, 2000, the Indian Computer Emergency Response Team (CERT-In) is designated as the national agency for responding to cyber security incidents.
- National Cyber Coordination Centre (NCCC) implemented by the CERT-In serves as the control room to scan the cyberspace in the country and detect cyber security threats. NCCC facilitates coordination among different agencies by sharing with them the metadata from cyberspace for taking actions to mitigate cyber security threats.
- Cyber Swachhta Kendra (CSK) is a citizen-centric service provided by CERT-In, which extends the vision of Swachh Bharat to the Cyber Space. Cyber Swachhta Kendra is the Botnet Cleaning and Malware Analysis Centre and helps to detect malicious programs and provides free tools to remove the same. It also provides cyber security tips and best practices for citizens and organisations.
- The Ministry of Home Affairs (MHA) has created the Indian Cybercrime Coordination Centre (I4C) to deal with cybercrimes in a coordinated and effective manner.
- Under the provisions of section 70A of the IT Act, 2000, the Government has established the National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
Government has taken following steps for protecting critical infrastructure and private data against cyber threats, which, inter-alia, includes:
- NCIIPC provides threat intelligence, situational awareness, alerts & advisories and information on vulnerabilities to organisations having Critical Information Infrastructures (CIIs)/ Protected Systems (PSs) for taking preventive measures against cyber-attacks and cyber terrorism. It also provides all cyber security related advice to these organisations, whenever asked for. Further, it follows up with concerned organisations for compliance of the IT (Information Security Practices & Procedures for Protected Systems) Rules, 2018 to improve their cyber security posture. It also organises training/awareness sessions for employees of entities having CIIs/PSs.
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), 2011 (“SPDI Rules”) made under section 43A of the IT Act has prescribed reasonable security practices and procedures to protect sensitive personal data of users.
- The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021”) under the IT Act prescribes that the intermediary shall take all reasonable measures to secure its computer resource and information contained therein following the reasonable security practices and procedures as prescribed in the SPDI Rules.
- The Digital Personal Data Protection Act, 2023 (DPDPA) provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and processing of personal data of individuals for lawful purposes by the Data Fiduciaries.
- CERT-In issued Cyber Security Directions in April 2022 under sub-section (6) of section 70B of Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.
- CERT-In issued guidelines on information security practices for government entities in June 2023 covering domains such as data security, network security, identity and access management, application security, third-party outsourcing, hardening procedures, security monitoring, incident management and security auditing.
- CERT-In has issued an advisory to various Ministries in November 2023 outlining the measures to be taken for strengthening the cyber security by all entities that are processing the digital personal data or information including sensitive personal data or information.
- CERT-In operates an automated cyber threat intelligence exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them.
- CERT-In provides leadership for the Computer Security Incident Response Team-Finance Sector (CSIRT-Fin) operations under its umbrella for responding to and containing and mitigating cyber security incidents reported from the financial sector.
- CERT-In has formulated a Cyber Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
- Cyber security mock drills are conducted regularly to enable assessment of cyber security posture and preparedness of organisations and enhance resilience in Government and critical sectors. 109 such drills have so far been conducted by CERT-In where 1438 organizations from different States and sectors participated.
- CERT-In has empanelled 200 security auditing organisations to support and audit implementation of Information Security Best Practices.
- CERT-In conducts regular training programmes for network and system administrators and Chief Information Security Officers of government and critical sector organisations regarding securing information technology infrastructure and mitigating cyber-attacks. A total of 12,014 officials have been trained in 23 training programs in 2024.
- CERT-In regularly conducts various activities for awareness and citizen sensitization with respect to cyber-attacks and cyber frauds.
- The Ministry of Electronics and Information Technology conducts programmes to generate information security awareness. Awareness material in the form of handbooks, short videos, posters, brochures, cartoon stories for children, advisories, etc. on various aspects of cyber hygiene & cyber security including deepfakes are disseminated through portals such as www.staysafeonline.in,www.infosecawareness.in and www.csk.gov.in.
India’s cybersecurity landscape is witnessing unprecedented challenges, but it also presents an opportunity to emerge as a global leader in digital trust and cyber resilience. A multi-pronged strategy that blends legal reform, institutional strengthening, skill development, public-private collaboration, and international cooperation is the need of the hour. As cyber threats grow in scale and complexity, India must move from reactive firefighting to proactive deterrence. With the right mix of technology, awareness, and governance, cybersecurity can become the foundation of a secure Digital India — one that protects its people, promotes innovation, and safeguards sovereignty in the age of information.
GS-3 Mains Question
Q. Cybersecurity is not just a technical issue but a national security imperative in the digital age. Examine the nature of cyber threats in India and suggest a multi-pronged strategy to tackle them. (15 marks, 250 words)
✍️ Curated by InclusiveIAS Editorial Team
At InclusiveIAS, our editorial team is led by experts who have successfully cleared multiple stages of the UPSC Civil Services Examination, including Mains and Interview. With deep insights into the demands of the exam, we focus on crafting content that is accurate, exam-relevant, and easy to grasp.
Whether it’s Polity, Current Affairs, GS papers, or Optional subjects, our notes are designed to:
Break down complex topics into simple, structured points
Align strictly with the UPSC syllabus and PYQ trends
Save your time by offering crisp yet comprehensive coverage
Help you score more with smart presentation, keywords, and examples
🟢 Every article, note, and test is not just written—but carefully edited to ensure it helps you study faster, revise better, and write answers like a topper.
