As India steps into 2026, its digital public infrastructure stands unmatched: Aadhaar, UPI, DigiLocker, FASTag, and CoWIN collectively serve more than a billion citizens. However, the same architecture powering national progress is now a prime target for cyber aggression.
According to the Seqrite India Cyber Threat Report 2026, India logged 265.52 million threat detections in a year—505 every minute. Check Point’s 2025 analysis places Indian organisations at 2,011 cyberattacks per week, one of the highest in the world.
This is no longer an IT problem. It is a national security issue, with economic, geopolitical, and strategic consequences.
The new battlespace
Cyberattacks today are shaped by global rivalries, opaque supply chains, and foreign data jurisdictions. Hybrid, state-sponsored campaigns target telecom, banking, transport, and health systems. Cloud misconfigurations alone account for nearly one in five breaches, while cross-border data flows expose Indian information to regulatory environments beyond our control.
Where are we vulnerable?
India’s strategic weakness is not technology; it is enforcement. Conviction rates remain low, investigations are slow, and cybercrime often falls outside traditional policing capacity. The DPDP Act offers direction, but without implementation muscle, deterrence remains notional.
Equally worrying is the human layer: poor password practices, phishing susceptibility, and low organisational cyber maturity — a national hygiene deficit that no firewall can compensate for.
The dependency risk
India’s cybersecurity market touched $5.56 billion in 2025, projected to cross $12.9 billion by 2030, yet the ecosystem still depends on foreign black-box technologies for 30–40 per cent of critical segments. This creates supply-chain risks in a volatile geopolitical environment.
Strategic autonomy is not achieved through procurement. It is built through capability.
What must change?
1. Fast-track cyber courts and time-bound conviction mechanisms
2. Mandatory cyber standards in critical infrastructure (telecom, power, health, BFSI)
3. Domestic procurement preference and joint IPR models
4. Quantum-safe cryptography roadmap for DPI
5. A national cyber hygiene program for citizens and SMEs
The bottom line
Cybersecurity is no longer a technical enclosure. It is economic competitiveness, strategic deterrence, and sovereignty in the digital century. The next decade will decide whether India remains a market for cybersecurity… or becomes a global producer of it.
The window for hesitation has closed.
(Lt Gen M.U. Nair (Retd) is the former National Cyber Security Coordinator, Government of India, and former Signal Officer in Chief of the Indian Armed Forces)
