India’s Cybersecurity Hurdles: Navigating Identity Theft, Insider Risks, and AI Threats
India’s rapid digital transformation presents both opportunities and significant cybersecurity challenges. While large enterprises are investing in cybersecurity infrastructure, small and medium-sized enterprises (SMEs) remain particularly vulnerable. A recent analysis revealed that in 2024, India ranked as the second most cyber-attacked nation after the United States.
The SME Vulnerability
SMEs often lack the resources and cybersecurity maturity of larger organizations, making them prime targets. Syed Shahrukh Ahmad, Co-founder & CTO at CloudSEK, attributes this rise to financial incentives: “Whenever revenue grows, attackers want a piece of it.” He also noted that interconnected systems are key factors that have widened the attack surface, making it easier for hackers to exploit sensitive consumer and enterprise data.
“If you are a bank, your risk doesn’t stop at your infrastructure. You’re sharing data with vendors, agencies, and partners—how do you ensure that data is secure throughout the entire supply chain?” Ahmad questioned, underscoring the importance of comprehensive risk management.
The Insider Threat
Cyber threats aren’t solely external; insider risks are a growing concern. Arvind Boggarapu, CTO at Sequretek, explains that India’s IT environment’s more relaxed approach compared to the U.S. can increase insider-led breaches. “In the U.S., IT is very much locked down—you cannot install anything without multiple approvals. But in India, IT systems are more flexible, which increases the risk of insider-led attacks,” he noted.
Identity Theft and Financial Fraud
Beyond IT breaches, identity theft and financial fraud are prevalent issues in India. Ashok Hariharan, Founder & CEO of IDfy, noted that his company has processed KYC for over 300 million individuals and handles 65 million authentications monthly. Data privacy is also a major concern.
Hariharan elaborated, “You post your house for rent on Magic Bricks, and suddenly you start getting calls from builders and Bajaj Finserv. Where did they get your number? From data brokers,” highlighting the lack of sufficient data security measures in India.
Sandesh G.S., CTO, BureauID, emphasized the need for a network-focused approach: “All fraud problems are data problems. Fraudsters operate in rings, and we need to detect these networks rather than just flagging individual transactions.”
AI: A Double-Edged Sword
While AI offers tools to strengthen cybersecurity, it simultaneously introduces new risks. Vishal Gupta, Founder & CEO of Seclore, warned about the threats posed by AI systems, particularly Large Language Models (LLMs). “The biggest challenge enterprises face with AI is the fear of the unknown. Once an AI system gets access to your data, how do you control what it does with it?” he questioned.
Attackers are also targeting AI models with prompt injection attacks and data poisoning, compromising their reliability. “Attackers are trying to poison AI models, making them ineffective or introducing biases that can be exploited,” Boggarapu warns.
To mitigate these risks, organizations must shift to a data-centric security approach, protecting the data itself rather than just the devices or networks.
The Road Ahead
Businesses must move beyond reactive security measures and invest in real-time threat detection, AI-driven fraud prevention, and third-party risk management to combat the evolving threat landscape. Regulations like the Digital Personal Data Protection (DPDP) Act are pushing enterprises towards stricter data governance. Still, organizations must proactively enhance their security posture.
“Cybersecurity is national security,” Boggarapu stated, echoing a recent sentiment from India’s Home Minister, Amit Shah. As AI continues to shape cybersecurity, India’s ability to adapt, automate, and counter these threats will determine its resilience in the digital age.
