India recorded over 265 million cyberattacks in 2025. As the threat landscape grows faster than any firewall can contain it, the country is building a security architecture that is more ambitious — and more urgent — than ever before
Every eleven seconds, a cyberattack somewhere in the world claims a new victim. In India, that rhythm has become a drumbeat. Indian organisations faced an average of 2,011 cyberattacks per week in 2025 — significantly higher than the global average — according to Check Point Software Technologies' State of Cyber Security in India 2025 report. CERT-In, India's national cyber response agency, handled over 29.44 lakh cyber incidents in 2025 alone, issuing 1,530 alerts, 390 vulnerability notes, and 65 advisories. The Union Budget 2025–26 allocated Rs 782 crore specifically for cybersecurity — a figure that signals the government's recognition of digital security as national infrastructure rather than departmental overhead.
The scale of the threat is matched, at least in ambition, by the scale of the response. India's cybersecurity market is being reshaped by regulatory pressure, AI-driven threat evolution, a deepening talent shortage, and an investment surge pulling enterprise budgets decisively toward managed, cloud-native, and intelligence-led security architectures. Fiscal 2025–26 was the year that cybersecurity stopped being an IT department conversation in India, and became a boardroom imperative.
The Market: A Billion-Dollar Shield Being Built at Speed
India's total cybersecurity market — encompassing hardware, software, and services — was valued at $ 8.58 billion in 2025 and is projected to reach $ 16.86 billion by 2030, growing at a CAGR of 14.5 percent, according to MarketsandMarkets. Globally, IDC estimates worldwide security spending will grow 12.2 percent in 2025, reaching $ 377 billion by 2028 — with security software as the largest segment and managed security services as the fastest growing. India's growth rate at 14.5 percent runs ahead of the global average, reflecting both its rapidly expanding digital attack surface and the relative immaturity of security investments compared to more developed markets.
Breaking down India's market by component offers a clearer picture of where spending is concentrated and where it is heading. Hardware — firewalls, intrusion detection systems, and unified threat management devices — accounts for the largest share of total market revenue, driven by public sector procurement for critical infrastructure and the continued build-out of physical security layers across banking, defence, and government. Software and services together form the faster-growing layer. On the software and services side specifically, Gartner estimates India's end-user information security spending — covering security software, security services, and managed security — at $ 3.3 billion in 2025, up 16.4 percent from 2024, and projected to grow a further 11.7 percent to $ 3.4 billion in 2026. Security software alone is expected to reach $ 1.56 billion in 2026, growing 12.4 percent year-on-year, as enterprises expand investments in application security, cloud security, and data protection tools.
Within services, managed security is the fastest-growing subsegment, forecast to grow 15.1 percent in 2026 as organisations turn to outsourced threat detection and response to bridge a widening talent gap. NASSCOM data indicates a 40 percent deficit in India's cybersecurity workforce — a structural shortage that is directly accelerating adoption of managed detection and response contracts and third-party SOC operations. BFSI leads all Indian verticals in security spending, driven by the scale of UPI — which now processes over 15 billion transactions per month — and the compliance requirements of the RBI, SEBI, and IRDAI. Cloud-based security is the fastest-growing deployment model, as enterprises accelerate cloud migration and encounter its security implications in real time.
The Threat Landscape: AI, State Actors, and Supply Chain Vulnerabilities
Fiscal 2025–26 produced a threat landscape that was qualitatively different from prior years — not just larger in volume, but structurally more dangerous in character. Three forces converged to define it.
The first was the weaponisation of artificial intelligence by threat actors. Attackers deployed AI-generated phishing campaigns with personalisation that legacy detection systems could not reliably identify. Ransomware evolved into multi-stage operations combining credential harvesting, lateral movement, and data exfiltration before triggering encryption — making the ransomware payload the last visible event in a long intrusion chain. Deepfake-enabled fraud, impersonating executives and public officials through synthetic audio and video, emerged as a significant new social engineering vector exploiting institutional trust at a scale that traditional phishing cannot achieve.
The second was a marked escalation in state-sponsored cyber activity. During India's Operation Sindoor in May 2025, a coordinated wave of cyber operations targeted Indian government websites and critical infrastructure simultaneously. Reported impacts included approximately 19 hours of distributed denial-of-service targeting the President's official website, approximately 200,000 probing and attack attempts against the power grid, and defacements across multiple ministry portals. The Seqrite India Cyber Threat Report 2026 documented a coordinated hybrid warfare campaign blending APT36, SideCopy, and hacktivist groups targeting India's defence and government networks throughout the fiscal year.
The third was the rapid expansion of the attack surface through cloud misconfiguration and supply chain vulnerabilities. Angel One, one of India's largest stockbroking platforms, disclosed in February 2025 a breach traced to unauthorised access to AWS-hosted resources, with client data for 7.9 million users potentially exposed. A malware incident targeting a third-party vendor portal linked to ICICI Bank, claimed by the Bashe ransomware group, reflected a growing pattern of supply chain attacks entering India's banking sector through vendor access pathways rather than direct infrastructure compromise. In June 2025, Delhi hospitals Sant Parmanand and NKS Super Speciality suffered server intrusions that disrupted OPD and IPD digital workflows, forcing reversion to manual processes — demonstrating that the healthcare sector's rapid digitisation had not been matched by equivalent security investment.

The Regulatory Architecture: DPDP, CERT-In, and New Accountability
India's regulatory cybersecurity framework underwent significant tightening in fiscal 2025–26, creating binding new compliance obligations and — in the process — new budget lines across every regulated sector.
The Digital Personal Data Protection (DPDP) Act, 2023, came into full implementation focus in 2025. The Act imposes fines of up to Rs 500 crore for personal data breaches, mandates incident reporting within six hours, requires log retention for 180 days, and demands comprehensive data protection impact assessments for high-risk processing activities. Draft enforcement rules issued in January 2025 further codified consent requirements, cross-border data transfer norms, and organisational accountability mechanisms. Gartner's Shailendra Upadhyay said in March 2026 that "the implementation of India's DPDP Act, combined with emerging AI regulations across global markets, is increasing compliance complexity and placing new accountability pressures on CISOs." Identity-based attacks, he added, were driving identity-first security up executive agendas across Indian enterprises.
CERT-In published its Comprehensive Cyber Security Audit Policy Guidelines in 2025, mandating annual cybersecurity audits for critical infrastructure operators — covering information technology, operational technology, cloud, supply chain, and physical security layers. In fiscal 2024–25, CERT-In conducted nearly 10,000 audits across critical sectors including power, transportation, and banking. The Department of Telecommunications' Telecom Cyber Security Rules required service providers to report breaches within six hours and share attack scope within 24 hours. Together, these frameworks are elevating cybersecurity compliance from a technical function to a board-level accountability across Indian enterprises and government bodies.
Key Players: A Three-Tier Ecosystem
India's cybersecurity market operates across three distinct tiers, each playing a different and complementary role.
Among domestic IT services majors, TCS has built its Cyber Defence Suite around AI and machine learning capabilities, providing proactive threat intelligence and automated incident response across enterprise client networks. Infosys, Wipro, HCL Technologies, and Tech Mahindra have embedded cybersecurity across their digital transformation portfolios, with managed SOC operations, zero-trust architecture deployment, and DPDP compliance services as growth areas. Tata Communications has partnered with Palo Alto Networks to deliver secure hybrid IT environments, leveraging its national network backbone alongside Palo Alto's cloud-native security platform. Wipro has partnered with Okta to integrate identity and access management into zero-trust frameworks for enterprise clients.
Among homegrown cybersecurity specialists, Quick Heal Technologies — India's most established domestic security product company — continued to serve enterprise and consumer segments through its Seqrite brand, which also produces the India Cyber Threat Report, one of the country's most authoritative annual threat intelligence publications. Innefu Labs, ESEC Forte Technologies, and CyberNX Technologies represent an emerging tier of Indian-origin firms building AI-driven security analytics, managed SOC services, and identity security solutions tailored to India-specific threat patterns. In March 2025, Zero Defend Security unveiled Vastav AI — described as India's first deepfake detection system — a cloud-based platform using machine learning, forensic analysis, and metadata inspection to identify AI-generated media with a reported accuracy of 99 percent.
Among global technology vendors, Palo Alto Networks announced a strategic partnership with a leading Indian telecommunications provider in October 2025 to integrate its security solutions into telecom infrastructure. Check Point Software Technologies launched an India-based data residency instance of its Harmony SASE platform in May 2025, designed for localised, cloud-delivered network security compliant with India's regulatory environment. Fortinet launched an AI-driven security suite specifically for Indian SMEs in September 2025 — addressing a segment that global enterprise security vendors have historically underserved. CrowdStrike, Cisco, Zscaler, Trend Micro, and Darktrace maintained strong enterprise presences, competing on AI-enhanced detection, extended detection and response (XDR) platform depth, and cloud-native integration capabilities.

The Road Ahead: AI-First, Identity-Led, and Compliance-Driven
Three strategic shifts will define Indian cybersecurity through the remainder of the decade. The transition to AI-native security — where detection, response, and remediation are automated and intelligence-driven — is no longer a future state. Indian SOCs are deploying machine learning to process the volume of alerts that human analysts alone cannot manage, moving security operations from reactive to predictive.
Identity-first security is becoming the defining architectural choice. The rise of agentic AI — autonomous systems acting on behalf of users across enterprise applications — has created new non-human identity vectors that traditional IAM tools were not designed to govern. Gartner's Alex Michaels noted in March 2026 that the rise of agentic AI "introduces new challenges that expose gaps in traditional identity and access management approaches," as enterprises must now govern not just human users but AI agents operating with enterprise credentials.
Compliance will continue to be a structural demand driver. With the DPDP Act's enforcement machinery now operational, and sector-specific mandates from RBI, SEBI, IRDAI, and the NCIIPC tightening in parallel, security budgets in India's regulated sectors face sustained upward pressure regardless of broader IT spending cycles. Gartner projects India's information security spending to grow at double-digit rates through the forecast period — a trajectory that reflects both the deepening threat environment and the irreversibility of India's digital transformation.
India is simultaneously one of the most targeted and most rapidly adapting cybersecurity markets in the world. The gap between the two — between the pace of attack and the pace of defence — is what the industry exists to close.
