India Officially Part of Global Cyberwarfare, Says Industry Players Cyberwarfare has evolved alongside the digital transformation of critical infrastructure. The focus is no longer confined to a handful of nations. In recent years, India has emerged as a prime target for state-sponsored malicious groups

Conflicts between nations are no longer limited to missiles and nuclear bombs—cyberwarfare has emerged as the modern weapon of choice, capable of crippling critical infrastructure within seconds and keeping it offline for extended periods.

The most alarming aspect of this shift is the interconnected nature of the global economy. A cyberattack on a major corporation in the United States can trigger widespread disruptions, impacting businesses in Europe, India, and beyond. A prime example is the late July 2024 Microsoft outage, caused by a Denial-of-Service (DDoS) attack. As per several reports, Microsoft and US Fortune 500 companies suffered over USD 5.4 billion in financial losses due to the Windows outage. Additionally, 8.5 million Microsoft Windows devices worldwide were rendered inoperative.

In India, the outage significantly impacted several industries, including flight operations (IndiGo, Akasa Air, and SpiceJet), and jeopardized data, potentially leading to future cyberattacks.

A few years ago, cyberwarfare primarily revolved around espionage, surveillance, and the theft of sensitive military data, largely involving the five major powers—the United States, the United Kingdom, France, Russia, and China. North Korea, too, has been a key player in state-sponsored cyberattacks targeting foreign entities.

However, the landscape has shifted. Cyberwarfare has evolved alongside the digital transformation of critical infrastructure. The focus is no longer confined to a handful of nations. In recent years, India has emerged as a prime target for state-sponsored malicious groups.

"Over the last three to four years, India has consistently ranked among the top five countries targeted by cyberattacks," says Pankit Desai, Co-founder and CEO, Sequretek. "India's rapid digital growth, coupled with its expanding economy, has created an environment where companies are both willing and able to pay for cybercrimes, including ransomware."

India as a cyber target

Desai believes India is now officially part of the global cyberwarfare landscape, alongside other major powers. "In underdeveloped countries with limited assets, cyberattacks may not be prioritized. But with India now the fifth-largest economy, the risks are significantly higher," he explains. He notes that the total ransom payments made out of India have exceeded the value of overall cyber risk insurance policies.

The views were echoed by other experts as well. "India's rapid digitization, combined with its growing global economic and technological significance, has positioned it firmly on the global cyberwarfare landscape. As a center for technology and innovation, India faces increasing cyber threats aimed at disrupting its progress," says Pranav Patil, Chief Data Scientist, AdvaRisk.

As per the Indian Cybercrime Coordination Centre (I4C), in the first nine months of 2024, India lost approximately INR 11,333 crore (INR 113.33 billion).

Rajesh Chhabra, General Manager, India, Acronis, added, "Ongoing geopolitical tensions with China, particularly following border disputes, have heightened cyber threats to Indian businesses and critical sectors."

Dr. Sabine Kapasi, Co-Founder and MD at Enira Consulting, recalled cyberattacks during the 2020 Galwan Valley clash between Indian and Chinese soldiers over territorial claims in Pangong Tso, Galwan Valley, Demchok and Daulat Beg Oldie in eastern Ladakh. "Groups like RedEcho, believed to have links to China, targeted India's power grid, aiming to disrupt energy supplies. Similarly, Chinese hackers attempted to breach the Serum Institute of India during COVID-19 vaccine production."

As of the time of publishing, we don't have concrete data on how much India lost due to China state-sponsored attacks in 2024.

State-sponsored hacker groups carry out sophisticated, covert cyberattacks in which an intruder gains unauthorized access to a computer system or network, establishing a long-term presence to monitor, intercept, and steal sensitive data. APTs often operate for political (cyber espionage, surveillance, or influencing political outcomes) or financial motives. Some of the groups are not traditionally directly part of any state; however, there are several groups that attack global governments and businesses to fulfill their financial motives.

North Korea's state-sponsored group, Lazarus, which was behind the WazirX hack, resulted in the theft of approximately USD 230 million (INR 2,000 crore) in digital assets.

Some of the groups in 2024 that have targeted global agencies are LockBit and RansomHub, as per the Cyble Global Cyber Threat Intelligence Overview 2024 report. These two groups have emerged as the most active and sophisticated Ransomware-as-a-Service (RaaS) groups, taking cyberattacks to another level. The former hit Motilal Oswal Financial Services in 2024 with a ransomware attack.

Ransomware attacks surged, with over 2,600 incidents across industries like healthcare, finance, and manufacturing. Data leak attacks and malware sales also increased in 2024, with over 700 incidents.

SMB as a vulnerable group

Desai feels that nation-state-backed groups have unlimited resources compared to traditional cybercriminals. Therefore, it is highly probable that we will continue to see persistent involvement from nation-states in targeting critical infrastructure, including "utilities, telecom, transportation, financial services, and healthcare," he emphasized.

These segments are vulnerable because an attack can directly impact a large segment of consumers, disrupting the regular functioning of the company, which can lead to significant economic fallout and reputational damage.

While highlighting concerning trends under Small and Medium-sized Businesses (SMBs), Kulin Shah, Co-Founder and COO, Onsurity, says, "Supply chain vulnerabilities are emerging as a critical concern. Nearly 70 per cent of SMBs we've interacted with are expanding their digital partnerships, but many haven't updated their security protocols accordingly," Shah added.

He further said, "Cloud security is becoming non-negotiable as more SMBs migrate their operations. However, many are struggling with securing multi-cloud environments effectively. Also, regulatory compliance, especially with the Digital Personal Data Protection Act, is pushing SMBs to reassess their security frameworks, but they are finding this challenging without proper guidance," Shah highlighted

Statistics show that 88 per cent of Indian SMBs suffered cyberattacks in 2024 alone, according to the ESET SMB Cybersecurity Report. Also, India could suffer up to 1 trillion loose in cyberattacks annually by 2033, rising to 17 trillion by 2047, the Invisible Hand report says.

Word to the wise for 2025

As per the India Cyber Threat Report 2025, released by the Data Security Council of India (DSCI), the healthcare sector in India is the most vulnerable with 21.82 percent, followed by the hospitality sector with 19.57 percent, and 17.38 percent for the Banking, Financial Services, and Insurance (BFSI) sector.

Desai believes that in 2025, businesses will have a critical need for stronger regulatory oversight, enhanced collaboration, and proactive risk management to counter increasingly sophisticated cyber threats. "Governments and enterprises alike must step up efforts to address cyberattacks through robust regulations and coordinated defense strategies," said Desai.

For small businesses, Mohan Krishnamurthy Madwachar, Country Manager, Sattrix India, suggests that basic cybersecurity hygiene is vital. "Use strong passwords, update systems, and train employees to spot phishing. Beyond this, adopting affordable tools like Endpoint Detection and Response (EDR), antivirus software, multi-factor authentication, and cloud backups can significantly reduce risks," he said.

Adding to this, Shah notes that we will witness more sophisticated attack patterns targeting SMBs' digital transformation initiatives. However, "The good news is that with proper planning and protection, SMBs can build robust security frameworks without breaking their budgets. The focus should be on building layered protection—combining proper security measures with appropriate cyber insurance coverage," explained Shah.

Nevertheless, Indian companies are heavily investing in cybersecurity. The Indian Cybersecurity Market size is expected to reach USD 4.70 billion in 2024 and is projected to grow to USD 10.90 billion by 2029, at a CAGR of 18.33 percent during the forecast period (2024-2029).