India’s Cybersecurity Crisis: AI-Driven Threats Surge in 2025

Trend Micro’s newly released “2025 Cyber-Risk Report” paints stark picture of India’s threat landscape. Leveraging telemetry from 850,000 sensors and three trillion daily threat queries, the study finds that India has vaulted into the world’s top three targets across every major attack vector, with adversaries weaponizing generative-AI to automate phishing, create deep-fakes and mutate malware faster than defenders can react.

1. Email: India’s Weakest Link
   • Email remains the predominant entry point. Of the 1.49 trillion malicious emails blocked globally in 2024, India accounted for 1.03 billion 6.9% of the world total and nearly 24% of all detections in Asia.
   • Nine in ten email-borne threats logged in South Asia originated in India, underscoring systemic gaps in secure-mail gateways, DMARC adoption and user awareness.
2. Malware & Ransomware Intensify
   • India recorded 19.3 million malware hits in 2024, ranking third globally (4.74% of world-wide detections). CoinMiner, FakeMS and Mudyupdate families dominated endpoints.
   • Ransomware remains rampant: 209,000 incidents placed India second in Asia and third world-wide. WannaCry initially unleashed in 2017 still tops the ransomware chart, revealing chronic patching lapses.
3. AI Super-charges Attackers
   • Criminals now use large-language models for “living off the inbox” attacks: crafting context-rich phishing, generating polymorphic code and conducting automated reconnaissance.
   • Deep-fake business-email compromise (BEC) and “virtual kidnapping” scams surfaced in India for the first time, exploiting social-media footprints to manipulate victims in real time.
4. Sector Hotspots
   • Banking & Financial Services, Government, Energy and Healthcare face the heaviest barrage, reflecting rich data troves and critical-infrastructure stakes.
   • Public cloud misconfigurations and shadow SaaS continue to expose credentials, while OT environments see a 12% rise in exploits targeting outdated industrial protocols.
5. Business Impact and Risk Index
   • Trend Micro’s Cyber-Risk Index (CRI) for India deteriorated to 38.4, a 6.2-point fall, signalling greater likelihood of material breach in the next 12 months.
   • Direct losses stem from data theft, ransom payments and regulatory fines; indirect damage includes customer-trust erosion and rising cyber-insurance premiums.
6. Defence Gaps
   • Legacy perimeter tools cannot parse AI-generated lures or polymorphic binaries.
   • Patch management, MFA coverage and privileged-account hygiene remain inconsistent in small and mid-sized enterprises, which form the backbone of India’s digital economy.
7. Recommended Countermeasures
   • Adopt a unified XDR/SASE platform to collapse visibility silos and apply behaviour-based analytics.
   • Integrate security LLMs (e.g., Trend Cybertron) to automate alert triage and surface hidden lateral-movement patterns.
   • Harden email with DMARC, SPF and user-specific sandboxing; implement “assume-breach” tabletop drills focused on ransomware and BEC.
   • Audit and retire stale accounts; enforce least-privilege and continuous patching, especially for Internet-facing assets.

Bottom Line: India’s expanding digital footprint and persistent basic-hygiene gaps make it a magnet for AI-driven, high-velocity attacks. Only predictive, intelligence-led security anchored in consolidated platforms, automated analytics and disciplined cyber-hygiene can bend the risk curve.Access the Full Trend Micro “2025 Cyber-Risk Report” (PDF):
https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/trend-2025-cyber-risk-report