How 2026 could be a turning point for India's cybersecurity strategy

India is fast becoming a prime cyberattack target, with AI lowering entry barriers for attackers and raising the cost for businesses, pushing cybersecurity to the centre of the agenda ahead of 2026

As India continues its focus on going digital, 2026 will need to be about strengthening cybersecurity infrastructure, experts say. The reason for this preparedness is India’s increasing emergence as a target for cybercriminals.

 

Consider some of this data: India recorded more than 265 million cyberattacks in 2025, according to a report by Seqrite, the enterprise arm of security solutions and services firm Quick Heal; Trojans and file infectors accounted for 70 per cent of all attacks.

 

According to the State of Cyber Security in India 2025 report by Check Point Software Technologies, Indian organisations faced more than 2,000 cyberattacks per week per organisation. Across industries, Indian organisations faced 2,011 cyberattacks per week in 2025, significantly higher than the global average.

 

Data from the National Cyber Crime Reporting Portal (NCRP) highlights that cybersecurity incidents rose from 10.29 lakh in 2022 to 22.68 lakh in 2024. This reflects the growing scale and complexity of digital threats in India. At the same time, the financial toll is becoming more pronounced, with cyber frauds amounting to ₹36.45 lakh reported on the NCRP as of February 28, 2025.

 

All this data points to an increased and urgent need to adopt cybersecurity as an integral part of tech strategy rather than an afterthought.

 

Saurabh Sharma, lead security researcher at the Global Research and Analysis Team (GReAT), Kaspersky, said: “This convergence of AI and commoditised cybercrime manifests is among the distinct trends that will define the Indian enterprise security posture next year.”

 

Sharma is of the opinion that the malicious use of generative AI to create convincing phishing emails, voice clones, deepfake videos, chatbots for social engineering, or automated reconnaissance at scale will spill over from this year into the next.

 

Moreover, Kaspersky’s Global Research and Analysis Team (GReAT) highlights that India is among the top 12 countries targeted by advanced persistent threat (APT) groups. Infamous threat actors targeting enterprises and organisations in the subcontinent include Lazarus, Sidewinder, and Transparent Tribe (APT-36), among others.

 

Cloudflare’s Grant Bourzikas, chief security officer, believes that 2026 will be the year of real AI attacks. The past year was filled with AI’s contribution to basic malicious activities such as social engineering, deepfakes, business email compromise, and more, which will continue in 2026.

 

Bourzikas said that threat actors will predominantly shift to launching malicious campaigns through vibe coding, exacerbating the speed and execution of attacks. “They will increasingly use AI as a teacher or trainer to help them conduct reconnaissance, not because they do not know how to launch a low-level attack. This reconnaissance will enable them to gather critical information about a target and create specialised tools needed for scanning and exploitation. This attacker–AI synergy will slash learning time and propel the automated construction of hyperscale cyber operations to new heights,” he added.

 

With ransomware-as-a-service (RaaS), ransomware attacks have been democratised, which has serious implications for businesses. In India, sectors repeatedly hit by ransomware attacks include information technology (IT), banking, financial services and insurance (BFSI), manufacturing, and healthcare.

 

“The combination of AI tools increasingly used for ransomware development and the continued rise of RaaS models such as RansomHub transforms this damaging threat from a targeted assault by cybercrime groups into a widespread commodity available even to low-skill criminals. For Indian enterprises, this is no longer a question of ‘if’ but a costly ‘when’, making proactive, behaviour-based and intelligence-backed defence a non-negotiable aspect of modern business strategy,” said Sharma.

 

In 2026, one of the largest barriers to securing an organisation will be wasted budgets on old and antiquated technology. For most organisations, negotiating the renewal of security vendors is becoming increasingly expensive and remains one of the biggest headaches faced by chief information security officers (CISOs).

 

“Software inflation is at an all-time high, pointing towards hefty increases in renewal rates for 2026… but are the tools we renew even necessary to combat today’s threat actors? Price and year-on-year increases are often not indicative of any additional value added to the tools and services a vendor provides. As the attack surface grows, with novel vulnerabilities discovered daily alongside emerging threat actor groups, tactics and malware, CISOs must focus on eliminating tools that pose risks rather than adding additional tools to address risks,” cautioned Bourzikas.

 

Arvind Subramanian, executive vice president and managing director, India, at Iron Mountain, pointed out that even as AI takes centre stage in cybersecurity, the firm’s data shows that 75 per cent of Indian organisations are still managing some or most of their records in physical form. Failure to secure these assets can have severe consequences, including eroding customer confidence and causing significant financial and reputational damage.

 

“Effective records management, for both digital and physical assets, is essential for building trust and resilience. This is particularly true in sectors such as BFSI, the public sector, and healthcare, where a large number of Indian enterprises and government departments continue to manage physical records due to regulatory and historical needs,” added Subramanian.