Check Point Software Technologies has released its State of Cyber Security in India 2025 report, warning of a sustained rise in cyberattacks targeting Indian organizations across sectors. The findings show that threat actors are increasingly exploiting cloud misconfigurations, infostealer malware, and more sophisticated ransomware techniques to breach high value targets.
India continued to rank among the most heavily targeted countries worldwide. In 2025, organizations across industries in India faced an average of 2,011 cyberattacks per week, well above global averages. The education sector emerged as the most attacked vertical globally, with institutions experiencing between 4,248 and 9,817 attacks per week. Telecommunications, healthcare, financial services, and government organizations also recorded persistently high attack volumes, highlighting India’s broad exposure across public and private domains.
The report links India’s rising cyber risk to rapid digital adoption and expanding attack surfaces. Cyber incidents increased sharply from around 1.03 million in 2022 to 2.27 million in 2024, with early 2025 data pointing to further growth. Financial cyber fraud losses reported on the National Cyber Crime Reporting Portal reached ₹36,450 crore as of February 2025. These losses were largely driven by phishing led UPI fraud, AI assisted social engineering, SIM swap attacks, and deepfake enabled scams, underscoring how digital payments, cloud platforms, and connected infrastructure are being actively exploited.
Cloud security weaknesses emerged as a critical India specific challenge. Check Point highlighted several severe incidents, including a breach that exposed 500GB of personal and biometric data belonging to law enforcement and military personnel due to an unsecured cloud storage bucket. Misconfigurations, over permissive access controls, and unmanaged identities remain among the leading causes of breaches in Indian enterprises. Despite the surge in cloud related incidents, less than nine percent of sensitive cloud data is encrypted, and only a limited number of organizations can detect or remediate breaches within the first hour, significantly increasing potential damage.
Infostealer malware activity also rose sharply in India. Between March and May 2025, 44,197 Windows devices were compromised by Lumma Stealer. Other prominent malware families included RisePro, Vidar, StealC, and RedLine, which leverage modular designs and advanced credential theft capabilities. Within enterprise environments, AgentTesla and FormBook remained dominant, with AgentTesla infections rising 22 percent year over year, primarily spread through targeted phishing campaigns.
Ransomware continued to affect between seven and ten percent of organizations nationwide, with notable spikes in the education sector. Attackers increasingly emphasized data exfiltration and extortion rather than pure encryption, using zero day vulnerabilities, AI powered reconnaissance, and legitimate system tools to evade detection and maximize disruption.
Sundar Balasubramanian, Managing Director for India and South Asia at Check Point Software Technologies, said India’s rapid digital growth is being matched by increasingly capable adversaries. He emphasized the need to secure AI systems against manipulation while also using AI driven intelligence to anticipate and prevent attacks, shifting cyber security from a reactive defense to a proactive enabler of trust and resilience.
Aathir Ahad, Chief Information Security Officer at Wipro, said that coordinated attacks and geopolitical pressures are creating a new risk landscape for India’s IT services industry. He stressed that long term resilience will depend on intelligence driven security, an identity first approach, and embedding protection across every layer of global digital operations.
THASNIYA VP
