India Is Now in the Crosshairs
India is among the top five most-targeted countries for cyberattacks globally, a distinction that comes with the territory of being one of the world’s fastest-growing digital economies. In 2026, the threat landscape has shifted dramatically as attackers harness artificial intelligence to automate, personalise, and scale their operations in ways that were impossible just two years ago.
How AI is Changing Cyberattacks
Traditional cyberattacks required skilled human operators. AI is changing that calculus by:
- Automated phishing: AI can now write highly personalised phishing emails in any language — including flawless Hindi, Tamil, or Bengali — by scraping publicly available information about targets from social media
- Deepfake scams: Audio and video deepfakes of executives are being used to authorise fraudulent financial transfers. Several Indian companies have already fallen victim
- Faster vulnerability exploitation: AI tools can identify and exploit security vulnerabilities in software within hours of public disclosure — much faster than security teams can patch
- Supply chain attacks: As seen in the Cordyceps CI/CD vulnerability, attackers are targeting the software development pipelines that companies use to ship code
India’s Most Targeted Sectors
The sectors facing the most severe threats in India include:
- Banking and Financial Services: UPI fraud, banking trojan malware, and account takeover attacks
- Healthcare: Patient data theft and ransomware targeting hospitals
- Government and Critical Infrastructure: State-sponsored attacks targeting power grids, water systems, and government databases
- SMEs: Small and medium enterprises are disproportionately targeted because they have valuable data but limited security budgets
CERT-In’s Role and Recent Advisories
India’s Computer Emergency Response Team (CERT-In) has been proactive in issuing advisories and mandating stricter reporting requirements for cybersecurity incidents. Key requirements include a 6-hour mandatory incident reporting window and stricter data localisation requirements for certain sectors.
CERT-In also regularly issues advisories on specific threats — Indian businesses should subscribe to these alerts through the official CERT-In portal.
What Indian Businesses Must Do Right Now
Cybersecurity is no longer optional for businesses of any size. The minimum baseline for 2026:
- Enable MFA everywhere: Multi-factor authentication should be mandatory for all business accounts, especially email and cloud services
- Train your employees: Human error causes 80%+ of breaches. Regular phishing simulation training dramatically reduces susceptibility
- Patch promptly: Most successful attacks exploit known vulnerabilities with available patches. A structured patch management process is non-negotiable
- Back up data: The 3-2-1 rule: 3 copies of data, on 2 different types of storage, with 1 copy offsite or in the cloud
- Have an incident response plan: Know exactly what you will do before you are attacked, not after
The AI Defensive Edge
Defenders are also harnessing AI. Security platforms now use machine learning to detect anomalous behaviour — catching attacks that signature-based tools would miss. Indian companies have access to enterprise-grade AI security tools through AWS, Microsoft Azure, and domestic providers like Quick Heal and Tata Communications. The key is implementation: the best tools in the world are ineffective without trained people and processes.
