Cyberattacks against Indian organizations have surged to unprecedented levels, doubling year-over-year and significantly outpacing the global average. A new report for the third quarter of 2024 reveals that Indian entities faced nearly 1.2 billion attacks, a massive jump from 600 million in the same period last year. This alarming trend highlights the growing digital risks for businesses and government agencies in South Asia, fueled by economic growth and the rise of new technologies.
A Staggering Rise in Attack Volume
The latest data from Indusface’s Q3 2024 report paints a stark picture of the cybersecurity landscape in India. While cyberattacks globally saw a 26% increase compared to the previous year, India experienced a staggering 92% rise in incidents.
This deluge of attacks included 377 million denial-of-service (DoS) events and 215 million malicious bot-based requests aimed at APIs and web servers. The numbers show a clear strategic focus from attackers on exploiting vulnerabilities within the Indian digital infrastructure.
Why India Has Become a Prime Target
India’s position as Asia’s third-largest economy, with a robust growth of 5.4% in Q3 2024, has made it a lucrative target. This economic expansion, combined with the rapid digitization of services, creates a perfect storm for cyber threats. The financial impact is already significant, with a PricewaterhouseCoopers (PwC) report noting that 44% of Indian businesses have suffered data breaches costing at least $500,000 in the last three years.
This has not gone unnoticed by corporate leaders. The same PwC survey revealed that 61% of Indian executives now list cybersecurity as a top-three business priority, reflecting the growing urgency to protect digital assets against increasingly sophisticated attacks.
The Evolving Tactics of Cybercriminals
Attackers are moving beyond traditional methods. Ashish Tandon, founder and CEO of Indusface, pointed out that technological advancements are empowering even novice hackers. “The rise of large language models (LLMs) has significantly lowered the barrier for executing vulnerability attacks,” Tandon said. This has led to what the report calls an “unprecedented rise in vulnerability exploitation.”
Instead of relying solely on overwhelming servers with traffic, cybercriminals are now focusing on exploiting specific flaws in websites and APIs. Some of the most common attack vectors include:
- Blind SQL injection
- Server-side request forgery (SSRF)
- HTML injection
This shift indicates that attackers are becoming more precise and are actively searching for weak points in an organization’s security posture rather than just launching brute-force attacks.
Critical Sectors in the Crosshairs
Certain industries are bearing the brunt of this cyber onslaught. The banking, financial services, and insurance (BFSI) sector in India faced twice as many attacks as the global average. More alarmingly, the power and energy sectors were targeted at four times the global average rate per website.
Phani Deepak Akella, Indusface’s Vice President of Marketing, suggested that these attacks are not random. “We believe that these industries are targeted for geopolitical reasons, as this will lead to disruption in all essential services,” he explained. This highlights a dangerous trend where cyberattacks are used as tools for geopolitical destabilization.
The Alarming Gaps in Corporate Defenses
Despite the rising threats, many Indian companies are struggling to keep up. The report exposed critical gaps in security practices, particularly concerning APIs, which are the backbone of modern digital services. A startling 36% of companies skip API security testing altogether, while only 19% use automated scanning tools.
Furthermore, the delay in fixing known issues is a major problem. More than 30% of high-severity vulnerabilities remain unpatched six months after they are discovered. This leaves a wide-open door for attackers to exploit known weaknesses, putting sensitive data and critical systems at severe risk. The Reserve Bank of India has also issued warnings, urging businesses to adopt more robust security measures to counter the risks of digitization.
