India has been experiencing a significant surge in cybercrime, impacting both its citizens and businesses. According to recent data from India’s National Cyber Reporting Platform (NCRP), cyber fraud against citizens has increased by 51% over the past year. In 2024, more than 1.7 million cybercrime complaints were filed by Indian citizens, up from 1.1 million complaints in 2023. While many of these cyber scams originated domestically, about 45% of cyberattacks came from cybercriminal havens in countries like Cambodia, Myanmar, and Laos.
The rise in cybercrime in India highlights the dark side of increased access to online services. As the country digitizes many government services, making it easier for citizens to access them, cybercriminal activity has also shifted online. President Droupadi Murmu addressed this issue in a speech to Parliament on January 31, emphasizing the importance of cybersecurity in an increasingly digital society. She highlighted the challenges posed by digital fraud, cybercrime, and emerging technologies like deepfakes to social, economic, and national security.
Not only are Indian citizens at risk of cybercrime, but businesses in the region are also facing a growing number of online attacks. Cyber-risks and digital/technology risks are top concerns for companies in India, with businesses prioritizing these issues more than their global counterparts. PricewaterhouseCoopers’ 2025 Global Digital Trust Insights — India Edition reported that Indian organizations are focused on mitigating key risks like cyberthreats, digital vulnerabilities, and inflation, underscoring the need for robust cybersecurity measures and reliable technological infrastructure.
Compared to global averages, India is experiencing a higher volume of cyberattacks, particularly in the form of unwanted requests targeting websites. Denial-of-service attacks are also more prevalent against Indian targets compared to global averages. Attackers have shifted to a mobile-first approach, targeting API servers for mobile applications with increased requests per host. Venky Sundar, founder and president for the Americas at Indusface, noted that cybercrime is increasingly targeting external-facing APIs associated with mobile apps rather than traditional web platforms.
To combat cyber threats, the Indian government has taken steps to enhance cybersecurity measures. The Reserve Bank of India (RBI) has introduced exclusive internet domains for banks and non-bank financial institutions, aimed at reducing phishing attempts. India also enacted its first privacy and data protection law in 2023 and recently drafted implementation rules to define the rights of Indian citizens and requirements for companies handling data.
In collaboration with the United States, India signed a memorandum of understanding (MoU) to cooperate on intelligence gathering, exchange information on cybercrime cases, and provide collaborative training. Efforts are also underway to rescue and repatriate Indian citizens who have been exploited in forced labor camps for cybercriminal syndicates in Cambodia, Myanmar, and Laos, where they are involved in various online scams.
Despite these initiatives, India is facing a shortage of cybersecurity professionals. The government has initiated a plan to train 5,000 “cyber commandos” over the next five years to assist national and state governments with cyber investigations. President Murmu emphasized the need to train citizens in cybersecurity to create employment opportunities in the field and ensure competence in cybersecurity. India has achieved Tier 1 status in the International Telecommunication Union’s Global Cybersecurity Index, reflecting its commitment to enhancing cybersecurity measures and protecting against cyber threats.