New Delhi, Dec. 22 -- In 2025, Indian CISOs stopped treating cyberattacks as background noise in a fast-digitising economy. They became signals - of geopolitical tension, fragile digital plumbing and a threat landscape that now spans power grids, telecom networks, hospitals and even the country's highest constitutional offices. What sets this year apart was not just the volume of attacks, but their intent. Cyber incidents increasingly mirrored real-world flashpoints, turning networks into proxies for political messaging, economic disruption and strategic pressure. From attacks linked to Operation Sindoor to ransomware crippling hospitals and data breaches exposing millions, India's cyber year marked a clear escalation.
Operation Sindoor and the opening of a cyber front
The inflection point came in the first half of the year. In the aftermath of Operation Sindoor, security agencies recorded a sharp surge in coordinated cyber activity targeting government portals, defence-linked systems and critical infrastructure. Officials described it as a textbook case of hybrid warfare - cyber operations amplifying geopolitical tension without crossing into kinetic conflict.
Unlike random cybercrime, these attacks followed a pattern: timed, symbolic and persistent. The objective was less immediate damage and more signalling capability, testing resilience and creating uncertainty.
President's website, power grids and telecoms in the crosshairs
One of the most visible incidents was the cyberattack on the President of India's website. While authorities confirmed no sensitive data was compromised, the symbolism mattered. Globally, targeting state symbols is a common tactic in politically motivated campaigns, aimed at reputational impact rather than operational disruption. In India's case, it underlined that even well-secured government systems are not immune.
More concerning were attacks on everyday infrastructure. Power Grid Corporation of India faced a distributed denial-of-service (DDoS) attack. No outage followed, but experts flagged the incident as significant. Power grids worldwide are increasingly targeted not to cause instant blackouts, but to map systems and identify vulnerabilities in operational technology that was designed for reliability, not security. Telecom networks also came under strain. State-owned BSNL suffered two cyber incidents in quick succession, exposing long-standing concerns around legacy systems and delayed modernisation. Telecom infrastructure carries civilian, enterprise and government traffic, making it a strategic asset - and a prime target globally for both cybercrime and espionage.
Healthcare breaches bring cyber risk home
Away from geopolitics, cyber risk took on a deeply personal dimension. A major breach at Star Health Insurance exposed sensitive medical and personal data of millions of policyholders, reigniting questions around enforcement of data protection as healthcare digitisation accelerates.
That vulnerability became starkly visible when ransomware attacks disrupted hospitals in Delhi, locking doctors out of patient records and forcing a return to manual processes. Unlike corporate breaches, ransomware in healthcare has immediate human consequences - delayed treatment and heightened patient risk. India's experience mirrored a global surge in hospital attacks in 2025.
Corporate espionage, APIs and mass-scale fraud
Indian enterprises also faced a quieter but more insidious threat. Cybersecurity firms reported a 273% surge in spyware attacks targeting manufacturing, IT services and research-intensive companies. These were not smash-and-grab operations, but long-term intelligence-gathering efforts - stealing IP and monitoring communications as India integrated deeper into global supply chains.
At the other end of the spectrum, poorly secured application programming interfaces (APIs) enabled data scraping, account takeovers and fraud across fintech and e-commerce platforms. Loan app scams, phishing and SIM-box fraud exploded, with law enforcement operations such as Cyber Vajra Prahar exposing syndicates operating at industrial scale, draining thousands of crores from individuals.
India versus the world
India's cyber turbulence mirrored global trends - ransomware, AI-enabled phishing and politically motivated hacks - but with sharper domestic consequences. Globally, organisations faced nearly 2,000 cyberattacks a week in 2025, while faster detection marginally reduced the average breach cost to about $4.4 million.
India logged over 265 million cyberattack attempts during the year. The average cost of a data breach rose to about Rs.220 million ($2.6 million) - lower than the global average, but climbing faster year-on-year amid uneven cyber maturity and rapid digitisation. Globally, cybercrime is estimated to cost over $10 trillion annually.
From tools to strategy
As the year closed, Rohit Aradhya, VP and MD for app security engineering at Barracuda Networks, summed up the shift underway. "Tools don't create cyber resilience, strategy does," he said. "When AI becomes part of how you detect, respond and learn, it stops being an add-on and becomes a force multiplier against sophisticated, AI-driven ransomware." In an age of AI and quantum disruption, he added, the strongest defence would be "a security-aware culture of learning, agility and purpose-driven talent."
That theme echoed across sectors. As Tejesh Kodali, group chairman of Blue Cloud Softech Solutions, noted, 2025 highlighted both AI's promise and mounting pressures around security and resilience. The path ahead, he said, is a move away from fragmented, reactive defences towards integrated, AI-powered frameworks that uphold trust and long-term digital growth.
For India, the writing is now on the wall. Cybersecurity is no longer an IT function tucked away in server rooms. It is a boardroom issue, a public safety concern and a national security priority. As digital public infrastructure and platform-led growth accelerate, the challenge for 2026 will be ensuring resilience keeps pace with ambition.
Published by HT Digital Content Services with permission from TechCircle.