India Cyber Threat Report 2026

India’s Most Comprehensive Cyber Threat Intelligence Report Is Here
Download Report

Exploring the State of Cybersecurity in India

265.52 MILLION

Detections across over 8 million endpoints were recorded averaging 505 detections every minute.

India is under the highest cyber threat pressure in its history — from AI-driven phishing and identity attacks to industrial ransomware and hybrid cyber warfare. Powered by telemetry from 8 million+ endpoints, 265M+ detections, and insights from Seqrite Labs, India’s largest malware analysis center, this report reveals the real state of India’s digital risk — and what enterprises must do next.

Key Findings of 2025

505

Detections are observed every minute

70%

Trojans and File Infectors together make up this share of all malware detections

9.2 Million

Network-based exploits exceeded this number of scans

91%

On-prem continues to absorb this share of detections

113,000 Detections

Ransomware activity peaked in Jan 2025, driven by Xelera and Weaxor

47%

Of total volume across the Education, Healthcare & Manufacturing sectors

The
Troublesome Trio

Trojan

88.44 million

Infector

71.09 million

Worm

13.81 million

The Top Impacts

Type of Threat: Trojans and Infectors
State: Maharashtra
City: Mumbai
Industry: Education & Training

Major Cyberthreats of 2025

Operation Sindoor

A coordinated hybrid warfare campaign blending APT36, SideCopy, and hacktivist attacks to infiltrate India’s defense and government networks.

Protect your systems with Seqrite ZTNA

XELERA Ransomware

A ransomware campaign weaponizing fake government job notifications to deploy Python-based payloads and Discord-controlled data theft.

Prevent Ransomware Attacks with Seqrite EPP

Google Salesforce Breach

A high-impact cyber-extortion attack exploiting vishing and malicious OAuth apps to extract sensitive Salesforce data from Google.

Secure your data with Seqrite Data Privacy

SideCopy Evolution

A rapidly evolving APT campaign using MSI installers, sideloaded DLLs, and open-source RATs to target India’s defense and critical sectors.

Defend against APT Attacks with Seqrite XDR

What Our Experts Say

“The future of security lies beyond the device, our new mission is safeguarding the lifeblood of the digital enterprise: data. As India accelerates into an AI-driven, cloud-native economy, the old guard of endpoint-centric controls must yield to a dynamic, data-centric security vision. Leadership is not just about protecting resources, but about shaping a culture where data protection is woven into every decision, partnership, and innovation. Building digital trust for tomorrow demands an unwavering commitment to resilient, intelligent, and ethical data stewardship. This is the paradigm shift that will secure India’s digital ambitions for generations to come.”

PRAVEEN KUMAR, CISO

Nykaa

“In BFSI sector, the threat landscape is unforgiving. Cybercriminals know that trust is our most valuable currency, and
they target it relentlessly. Over the last year, we have seen sophisticated fraud schemes, account takeovers, and ransomware campaigns aimed directly at disrupting financial stability. For us, cybersecurity is no longer a back-office function, it is core to customer confidence and regulatory compliance. The future will belong to institutions that can combine real-time fraud detection with proactive intelligence, ensuring security and trust go hand in hand.

SHERMUGADURAI, CISO

Tamil Nadu Mercantile Bank (TMB)

“The insights from the India Cyber Threat Report 2026 mirror the realities we face in engineering, construction & manufacturing. As IT and OT environments merge, even small security gaps can trigger large-scale operational disruptions. Our priority today is ensuring visibility across industrial networks, tightening access controls, and predicting anomalies before they halt production & operations. Cybersecurity has become a key enabler for business because in engineering & construction industry, every minute of uptime counts & reliability of platforms is of paramount importance.”

UDAY DESHPANDE, CISO

Larsen & Toubro

“As enterprises embrace cloud, mobility, and connected devices, the attack surface is expanding faster than security teams can cover it. Our traditional models built for fixed perimeters no longer apply. Security must move closer to identity, data, and behavior wherever they reside. The concept of a ‘secure boundary’ has become entirely digital. This shift has also transformed how attacks are launched — with adversaries now using AI to scale, automate, and adapt. Defending against AI-driven threats requires AI-driven defense: security built to match the speed and intelligence of the attackers themselves.”

ASHISH ADHVARYU, Chief Delivery Head

Infosys

“In BFSI sector, the threat landscape is unforgiving. Cybercriminals know that trust is our most valuable currency, and they target it relentlessly. Over the last year, we have seen sophisticated fraud schemes, account takeovers, and ransomware campaigns aimed directly at disrupting financial stability. For us, cybersecurity is no longer a back-office function, it is core to customer confidence and regulatory compliance. The future of secure banking will belong to institutions that blend real-time fraud detection with proactive intelligence, where security, resilience, and trust go hand in hand.”

RADHAKRISHNAN, CISO

Indian Overseas Bank, Chennai

Cyber threats are no longer episodic—they are a continuous reality. Cybercriminals, empowered by AI and automation, now launch attacks in hours instead of months, making them faster, stealthier, and more persistent. Traditional defences alone won’t suffice. Organizations must embrace adaptive security—where detection, response, and resilience are embedded into core operations and recognize that employees are the first line of defence. Building a strong human firewall through awareness and training is as critical as deploying advanced technologies. This shift from static protection to dynamic resilience will define who thrives in the digital era.”

DILEEP KUMAR MUKUNDAN, CISO

IFTAS

“Threat intelligence has evolved rapidly, moving beyond static threat lists to AI systems that can analyze data across sectors and predict attacks before they happen. This shift is especially critical for education, where schools, universities, and learning platforms hold sensitive student data, research records, and personal information. If India strengthens national-level intelligence sharing and combines it with adaptive, locally responsive defense across public systems, private enterprises, and educational institutions, we can protect millions of learners and build one of the most secure digital ecosystems in the world, but only if we act now before threats outpace our defenses.”

GOUTHAM NANJUNDASWAMY, CTO

Ethnus

Cyberstorm 2026
Predicting the Next Wave of Threats

AI Trust Manipulation

PREDICTED TREND

Poisoning the Well – Direct Attacks on AI Models

Social Engineering 2.0

PREDICTED TREND

Hyper-Personalized AI Phishing & Mobile Banking Malware

Statecraft by AI

PREDICTED TREND

AI-Enhanced APTs and Strategic Deception

Exploit Acceleration

PREDICTED TREND

Zero-Day & Supply Chain Weaponization

Contactless Fraud

PREDICTED TREND

NFC Relay & Token Hijacking in Payments

Hidden File Vectors

PREDICTED TREND

SVG File Abuse in Stealth Attacks

Mobile Evasion

PREDICTED TREND

Malware Adapting to Google’s New App Rules

Endpoint Neutralization

PREDICTED TREND

EDR Freeze & Kernel Suspension Exploits

Equip your leadership with data-backed insights to make smarter, faster cybersecurity decisions

Download the India Cyber Threat Report 2026 to protect your organization.

Download The Full Report

India Cyber Threat Report 2026

Exploring the State of Cybersecurity in India