In just twelve months, Indian organisations saw more than 265 million cyber attacks sweep across their networks, websites and endpoints. That works out to roughly 500 detections every single minute, a pace that turns “cyber risk” from a compliance box into an operational reality for every CIO in the country.
What makes 2025 different is not just the volume, but the quality of attacks and how quickly adversaries are folding AI, cloud and social engineering into their playbook. At the same time, Indian boards are finally putting real money behind AI‑driven defence and cloud security, with recent surveys showing AI as the top cyber investment priority, ahead of even core cloud controls.
This is the backdrop against which Future Is Now will cover enterprise security: not as a niche IT topic, but as one of the central board‑level stories of 2026.
What does 265 Million‑Attack Number Really Tells Us
Seqrite’s latest India Cyber Threat Report, built from monitoring over 8 million endpoints between late 2024 and 2025, gives the clearest statistical snapshot so far. Across that estate, the company detected 265.52 million malware incidents, with classic Trojans and file‑infecting malware accounting for about 70% of the load.
The report also shows that attacks are not distributed evenly across the map or economy. A handful of states—Maharashtra, Gujarat and Delhi—absorb a disproportionate share of detections, while cities like Mumbai, Kolkata and New Delhi sit at the top of the attackers’ target list. On the sector side, education, healthcare and manufacturing together account for nearly half of all detections, reflecting a mix of legacy systems, valuable data and often‑fragile security operations.
This is only one dataset, but it aligns with broader analysis from India‑focused security firms and incident trackers, which point to a steady rise in data breaches, ransomware and DDoS campaigns against government, BFSI, healthcare and industrial targets through 2024 and 2025.
AI Is Now on Both Sides of the Firewall
One of the most striking trends emerging from 2025 is the way AI is shaping both attack and defence. Security researchers describe attackers using AI to automate phishing at scale, craft more convincing deepfake audio and video, and probe cloud environments faster than human analysts can respond.
The same technology, though, is rapidly being pulled into defensive stacks. PwC’s India edition of its Global Digital Trust Insights study reports that AI is now the top cyber investment priority for Indian security leaders, with close to half planning to increase spending significantly on AI‑powered detection and response over the next year. In that survey, cloud security ranks immediately behind AI, and managed security services remain a strong third, signalling that boards are finally comfortable paying for external expertise where in‑house teams cannot keep up.
From a CIO’s perspective, this creates a new category of risk: AI misalignment inside security tools themselves. If models are not tuned to local data, regulatory expectations and business context, “AI security” can become an expensive black box that raises alerts without reducing real risk. Over the next year, the most effective organisations will be those that treat AI as one more control in a layered defence, not a magic bullet.
Where Indian Organisations Are Still Most Exposed
Despite rising budgets and better board‑level awareness, several fault lines keep appearing across reports and breach post‑mortems.
- Cloud misconfiguration and visibility gaps
With more workloads moving into public and hybrid clouds, a large share of detections now occur in cloud environments, reflecting weak identity controls, poor segmentation and inconsistent patching. Many Indian enterprises still run on‑premise style security models in the cloud, without continuous posture management or zero‑trust principles. - Operational technology and manufacturing risk
Manufacturing and industrial operations are increasingly targeted via IoT and control‑system vulnerabilities, yet these environments often sit outside the traditional IT security remit. Seqrite and other researchers note that attacks on OT can now cause not just data loss but real‑world production downtime, which quickly gets the CFO’s attention. - Healthcare and education data
Healthcare remains one of the most attacked verticals globally because medical records are rich, long‑lived data sources that can be monetised for years. In India, hospitals and universities are digitising rapidly without always investing in strong identity, backup and incident‑response capabilities, creating a tempting target surface. - Third‑party and supply‑chain exposure
Surveys of Indian security leaders highlight third‑party breaches as one of the most worrying, and under‑addressed, risks. Vendors increasingly handle core workloads, but vendor assessments, contract clauses and continuous monitoring are often immature.
Three Things CIOs Need to Change Before 2026
Drawing from the data and from how leading enterprises are responding, three shifts stand out as urgent.
a) Move from perimeter security to continuous risk visibility
The attack numbers show that “build a hard shell around the network” is no longer a viable strategy. CIOs should push for:
- Unified threat visibility across endpoints, cloud workloads and OT, not just the corporate LAN.
- Continuous posture management in cloud accounts, looking for misconfigurations, exposed keys and risky policies.
- Table‑top exercises with business and legal teams so incident response is not being rehearsed for the first time mid‑breach.
This is less about buying another box, more about making data from existing tools actually coherent and actionable.
b) Treat AI security and AI‑driven defence as governance issues, not just tools
As AI systems enter everything from customer service to underwriting, the security team’s role expands beyond firewalls to model governance, data lineage and abuse cases.
CIOs and CISOs should work with data leaders to:
- Maintain a register of AI systems in production, including who owns them and what data they touch.
- Define clear guardrails for LLM use (prompt filtering, red‑teaming, access control) and document them as part of cyber policy.
- Align AI security work with board‑level risk appetites, instead of experimenting in isolation.
Boards are already signalling willingness to invest here; they now need a governed roadmap, not scattershot pilots.
c) Build partnerships, not just tools
The Seqrite report and other incident analyses underline how quickly attacks escalate beyond what a small, overstretched internal team can manage. This is why many Indian organisations are turning to managed detection and response, digital‑risk protection and specialist ransomware‑recovery services.
CIOs should:
- Identify one or two strategic security partners who can provide 24×7 monitoring, threat intelligence and incident response capability.
- Push vendors for India‑specific threat intelligence, not generic global feeds; attacks in Maharashtra or Delhi often look different from those in North America or Europe.
- Tie service‑level agreements to time‑to‑detect and time‑to‑contain, not just device counts or license numbers.
What Future Is Now Will Track Next
The 265‑million‑attacks figure is a headline, but it is also a baseline. Given the pace of digitisation, the rise of AI‑powered attack tooling and the sheer value of India’s data economy, the number is unlikely to go down in 2026.
For CIOs and CXOs, the key questions now are:
- How fast can cyber strategy move from reactive patching to intelligence‑led resilience?
- Which sectors and states are likely to see the next spike in targeted attacks, as adversaries move beyond metros?
- How do we measure progress—not just in tools bought, but in incidents avoided and downtime reduced?
In upcoming Enterprise Tech and CXO Voices coverage, Future Is Now will dive deeper into sector‑specific stories—from BFSI fraud analytics to manufacturing OT hardening—and into practical playbooks that Indian CIOs are using to keep real systems running under sustained attack.
For now, the message from the data is blunt: India is one of the busiest cyber battlefields on the planet, and 2026 will reward the enterprises that treat security not as a cost centre, but as a competitive advantage and a board‑level discipline.
