The Current Situation of Cyber Security in India

cyber, security, internet-4610993.jpg

As per an article by Business Standard, around 82% Indian companies suffered a ransomware attack in 2020!  compared to 67% in 2017.

Also, the cost of recovering from the impact of a ransomware attack in India tripled over the last year, up from $1.1 million (over Rs 8 crore) in 2020 to $3.38 million (more than Rs 24.5 crore) in 2021 to date.

The average ransom payment in India was $76,619 (over Rs 55 lakh). However, paying up often didn’t work in favor of organization as Indian organizations that paid the ransom got back, on average, 75 per cent of their data and only 4 per cent got all their data back, according to ‘The State of Ransomware 2021’ report by global cybersecurity leader Sophos.

As the Indian government has been pushing to digitize the country, the enterprises too have rushed to digitize their processes and business operations. While this technological advancement has helped organizations to scale their business, it has also put them to the risk of exposure to critical data and intellectual property theft. Stretching from cyber attacks on critical infrastructure to the new forms of the misuse of social media, India has been suffering from various cyber threats for years now.

  • As per the government data presented in the parliament, nearly 1.16 million cases of cyber attacks in India were reported in 2020, marking an average of 3,137 cyber security issues reported every day of the year.
  • The ‘Cost of a Data Breach Report 2020’ released by IBM reported that the average cost of a data breach in India in 2020 was $2 million, marking an increase of 9.4% since 2019.
  • An article by Inc42 revealed that ever since the arrival of the COVID-19 pandemic, India has witnessed a 4000% increase in phishing emails and a 400% spike in the number of policy violations.
  • According to this article by Inc42, 66% of organizations in India have suffered at least one data breach or cyber attack since shifting to a remote working model during the pandemic.
  • The Internet Crime Report by the FBI revealed that India is ranked third in the world among the top 20 countries being victimized by cybercrimes.

Incidents of cyber attacks across India from 2015 to 2020

Latest Cyber Security Incidents in India

Besides these increment in the cyber attacks and crimes, there have been dozen of disastrous cyber attacks on organizations throughout India. 

  • In May 2020, Ed-tech startup Unacademy suffered a data breach that resulted in the compromise of the accounts of 22 million Indian users. The email addresses, usernames and passwords of the compromised accounts were put up for sale on the dark web.
  • In October 2020, the user data from the giant online grocery platform called BigBasket went up for sale in an online cyber crime market. The personal information of around 20 million Indian users was being sold for $40,000. The information on sale included names, email IDs, PINs, mobile numbers, password hashes, addresses, locations, dates of birth and IP addresses. 


  • In January 2021, COVID-19 lab test results of thousands of Indian patients were leaked online seemingly by government websites. The leaked data was made publicly accessible on Google. The sensitive information included patients’ dates of birth, full names, centers in which the tests were held and testing dates. 
  • In February 2021, personally identifiable information (PII) of 500,000 Indian police personnel went up for sale on a database sharing forum. The data was traced back to a police exam conducted on 22 December 2019. The leaked information included full names, email IDs, mobile numbers, dates of birth, criminal history and FIR records of the exam candidates.
  • India’s second-largest stockbroker, Upstox, suffered a data breach in April 2021 that affected its 2.5 million customersOver 56 million KYC data files were leaked including email IDs, date of birth, passports, PAN, etc. The infamous hacker group ShinyHunters gained access to the KYC details and contact data by compromising a third-party warehouse. 


  • In November 2020, the data of 1.4 million Indian job seekers was leaked online after a cyber attack on the job portal IIMjobs. The compromised data included the victims’ names, email addresses, phone numbers, the exact location of users, links to their LinkedIn profiles and their industry of work. 

Centre planning separate cybersecurity policy

The National Security Council Secretariat, which works with the National Security Advisor in an advisory role to the Prime Minister on national security matters, is considering a stand-alone law for cybersecurity in India, and is working on a strategy document that will consider both the domestic and international implications of such a policy, people familiar with the matter said.

The policy will be the first of its kind, even as provisions for cybersecurity exist under the information technology law and certain financial regulations mandated by the Reserve Bank of India. But India does not have a stand-alone law in the domain.

The policy is being worked out by National Cyber Security Coordinator Lt Gen (retd) Rajesh Pant in the secretariat. “It is one of the deliverables of proposed National Cyber Security Strategy, and is required to cater for new age cyber crimes,” Pant said.

Leave a Comment

Your email address will not be published. Required fields are marked *