/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/11/03/ai-linked-cyber-security-threats_ransomware-2025-11-03-14-20-50.png)
Cyberattacks against Indian organisations continued to rise sharply in 2025, with cloud misconfigurations, infostealer malware and increasingly sophisticated ransomware emerging as key threat vectors, according to the State of Cyber Security in India 2025 report released by Check Point Software Technologies
The report finds that India remained among the most targeted countries globally. On average, organisations across sectors faced 2,011 cyberattacks per week in 2025, significantly above global levels. Education emerged as the most targeted sector worldwide, with institutions recording between 4,248 and 9,817 attacks per week. Telecommunications, healthcare, financial services and government entities also experienced persistently high attack volumes, highlighting the breadth of exposure across both public and private sectors.
Digital growth widens the attack surface
The report links the rising threat levels to India’s rapid digital adoption. Cyber incidents increased from approximately 1.03 million in 2022 to 2.27 million in 2024, with early indicators in 2025 suggesting further growth. Financial losses from cyber fraud reported on the National Cyber Crime Reporting Portal reached Rs 36,450 crore by February 2025.
Much of this fraud has been driven by phishing-based UPI scams, AI-assisted social engineering, SIM swap attacks and deepfake-enabled fraud. The findings suggest that expanding digital payments, cloud usage and connected infrastructure are significantly increasing India’s overall attack surface.
Cloud misconfigurations remain a critical risk
Cloud security misconfigurations were identified as a major India-specific vulnerability. The report highlights several severe incidents, including a breach that exposed 500GB of personal and biometric data due to an unsecured cloud storage bucket. The compromised data reportedly included records linked to law enforcement and military personnel.
Such incidents reflect a broader pattern in which misconfigurations, excessive access permissions and unmanaged identities continue to be among the leading causes of breaches. Despite the growth in cloud adoption, less than 9 per cent of sensitive cloud data is encrypted, and only a small proportion of organisations are able to detect or contain breaches within the first hour, substantially increasing potential damage.
Infostealer malware and ransomware on the rise
Infostealer malware activity also increased markedly. Between March and May 2025, more than 44,000 Windows devices in India were compromised by Lumma Stealer alone. Other prominent malware families included RisePro, Vidar, StealC and RedLine, which use modular designs to enhance credential theft.
Within enterprise environments, AgentTesla and FormBook remained widespread. AgentTesla infections rose 22 per cent year-on-year, largely driven by targeted phishing campaigns.
Ransomware attacks remained elevated, affecting an estimated 7 to 10 per cent of organisations nationwide, with the education sector facing notable spikes. Attackers are increasingly prioritising data exfiltration and extortion, using zero-day vulnerabilities, AI-assisted reconnaissance and legitimate system tools to evade detection.
Commenting on the findings, Sundar Balasubramanian, Managing Director for India and South Asia at Check Point Software Technologies, said India’s rapid digital progress has also accelerated threat activity.
“India’s digital momentum is unstoppable, but so are the adversaries exploiting its speed,” he said. “As AI-driven innovation expands, security strategies must evolve even faster. This requires securing AI systems against manipulation while also using AI-powered intelligence to predict and prevent attacks.”
Aathir Ahad, Chief Information Security Officer at Wipro, pointed to a shifting risk landscape for India’s technology sector. “As coordinated attacks and geopolitical pressures intensify, India’s IT services industry faces a new risk paradigm,” he said. “Long-term resilience will depend on intelligence-driven security, an identity-first approach, and protection built into every layer of global digital operations.”