On a January morning this year, a seasoned share trader from Mumbai was added to what appeared to be an exclusive investment group on WhatsApp.

The conversations looked authentic. Members discussed market trends, shared screenshots of impressive returns and encouraged disciplined investing. A sophisticated trading application displayed his growing portfolio. Over several weeks, his confidence grew as the displayed value crossed ₹2 crore.

Then, when he attempted to withdraw his money, everything disappeared. The group vanished. The application stopped responding. His savings of ₹86.9 lakh had been siphoned off through a meticulously orchestrated fraud. This case, consistent with hundreds of similar complaints filed with cyber crime portals every week, is no longer an aberration. It is a pattern.

The scale of this challenge is staggering. Indians filed over 24 lakh cyber crime complaints in 2025 alone, up from 19.18 lakh the previous year.

Financial losses exceeded ₹22,495 crore in 2025, as per a Press Information Bureau (PIB) release from February 11, 2026. Every day, thousands of Indians lose their savings to fraudulent investment groups, digital arrest scams, fake loan applications, betting syndicates, sextortion rackets, examination paper leak networks, and a growing range of cyber-enabled crimes.

Recognising the scale and sophistication of this challenge, the Government of India has strengthened its institutional response through the Indian Cyber Crime Coordination Centre (I4C), the National Cyber Crime Reporting Portal, the Cyber Fraud Mitigation Centre and closer coordination with banks, telecom service providers and law enforcement agencies. Yet, despite these important initiatives, cyber criminals continue to adapt faster than institutional responses.

The reason is simple. Cyber crime has fundamentally changed.

Today’s cyber criminals no longer need sophisticated hacking tools to target ordinary citizens. They need trust, reach and scale. Social media and messaging platforms provide all three. By exploiting fear, greed and human psychology, organised criminal networks have transformed digital platforms into their primary operating environment. 

If cyber crime has evolved, our response must evolve with it.

Public debate usually revolves around encryption, privacy and regulation. These are important issues, but they have obscured a more fundamental question.

If digital platforms possess some of the world’s most advanced technologies for understanding online behaviour, why are organised criminal networks able to operate on them for days and sometimes weeks, before meaningful intervention occurs?

The answer is not a lack of technology.

The world’s leading digital platforms have built extraordinary trust and safety capabilities. They identify fake accounts, detect coordinated inappropriate behaviour, remove spam, disrupt malicious software, combat terrorist propaganda, detect child sexual exploitation material, and continuously improve platform integrity using artificial intelligence and behavioural analytics. These systems operate at a scale unimaginable even a decade ago.

Yet, when it comes to organised cyber crime targeting citizens, the response often remains complaint-driven, rather than prevention-driven. It is worth acknowledging that platforms do act on fraudulent content when it is reported, but the critical issue is the speed and proactivity of that response. The distinction between reactive removal and proactive detection is where victims either fall prey or are protected.

Banks provide an excellent comparison. They do not wait for customers to complain before looking for suspicious activity. Every transaction is continuously assessed for unusual behaviour: a credit card suddenly used in another country, an unusually large transfer or an unfamiliar spending pattern immediately triggers additional scrutiny. Banks do not read intentions. They recognise behaviour.

Digital platforms possess similar capabilities. They need not read private messages or weaken end-to-end encryption to identify organised criminal activity.

Newly created accounts rapidly adding strangers, repeated sharing of identical fraudulent links, the sudden creation of large investment groups, coordinated activity across related devices, and other abnormal behavioural patterns all leave digital signatures that sophisticated systems can identify without examining the content of private conversations.

This is not surveillance. It is behavioural risk assessment—an approach that platforms already employ extensively to combat spam, fake accounts, and coordinated abuse.   

The same behavioural capabilities also underpin many of the personalised commercial services that these platforms already provide. The proposal is not to compromise privacy, but to use existing behavioural intelligence more effectively against organised criminal networks operating in plain sight.

The debate therefore should not be framed as privacy versus security. It should be framed as the responsible deployment of existing technological capabilities to prevent organised crime before citizens become victims.

The ongoing policy debate surrounding proposed username-based messaging features on digital platforms only reinforces this reality, with seemingly incremental product changes which could significantly alter the cyber crime risk landscape and therefore warrant close collaboration between platforms and public authorities before large-scale deployment.

India’s evolving digital regulatory framework provides an opportunity to move in precisely that direction. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 already require significant intermediaries to exercise due diligence and establish grievance redressal mechanisms.

The growing emphasis on intermediary accountability reflects a broader recognition that digital platforms have responsibilities extending beyond merely providing communication infrastructure.

India is not alone in this direction. Singapore’s Online Criminal Harms Act 2023 and the European Union’s Digital Services Act both operationalise obligations for platforms to share risk information with authorities, demonstrating that this model is neither untested nor unprecedented.

Rather than viewing these responsibilities only through the lens of legal compliance, India should view them as the foundation for a more collaborative operational model.

The objective is neither greater regulation nor greater surveillance. Instead, India should pursue something far more practical—a structured operational partnership between digital platforms and the country’s existing cyber crime architecture.

India's immediate requirement is not another institution but better operational integration among those already established. The I4C, the Cyber Fraud Mitigation Centre, the National Cyber Crime Reporting Portal, specialised cyber police units, financial institutions and telecom operators together constitute a capable ecosystem.

Cyber crime does not suffer from a shortage of organisations. It suffers from a shortage of operational integration.

The digital world functions in seconds. Institutional responses often function in days. That gap is where organised criminal networks—including those coordinated from across India’s borders—continue to thrive.

Major digital platforms should become proactive contributors to cyber crime prevention rather than remaining largely passive recipients of complaints. Their role would not be to investigate crimes, determine guilt, or replace law enforcement. Those responsibilities must remain sovereign functions of the State.

Their role should be to detect emerging patterns of organised criminal behaviour using capabilities they already possess, and share appropriate behavioural risk indicators with the existing cyber crime operational architecture.

Within the existing operational framework, designated platform liaison teams could work alongside authorised law enforcement representatives empowered to provide immediate legal validation wherever required. Once clearly defined legal thresholds are met, and subject to appropriate judicial or statutory oversight using clearly defined standard operating procedures, preventive action could begin without delay, temporarily disabling fraudulent accounts, preserving digital evidence, notifying financial institutions where necessary and initiating further investigation.

Investigation remains a sovereign function. Detection becomes a shared responsibility.

That distinction is fundamental. The proposed model does not transfer policing powers to private companies, nor does it place the government inside private platforms.

Each participant retains its institutional identity, legal responsibilities, and accountability. What changes is the speed and coordination with which they work together.

This operational philosophy extends well beyond investment fraud. Illegal betting syndicates, digital arrest scams, examination paper leak networks, predatory loan applications, fake recruitment schemes, deepfake-enabled financial fraud, sextortion, narcotics trafficking, and even organised human trafficking increasingly rely upon digital platforms for recruitment, communication and victim acquisition.

Different crimes will continue to require different investigators, different laws, and different investigative procedures. But many of them display remarkably similar behavioural patterns before they develop into full-scale criminal operations.

Platforms are often the first entities capable of recognising that something unusual is unfolding. That early warning is invaluable.

The philosophy is straightforward:

  • Technology detects.
  • Law validates.
  • Existing institutions coordinate.
  • Prevention begins immediately.
  • Investigation follows.

This is neither anti-platform nor anti-privacy: it is simply pro-citizen.

Naturally, such a model also demands responsibilities from every stakeholder. Platforms must invest not only in user engagement but equally in user protection.

The government must continue refining legal frameworks that encourage responsible, privacy-respecting preventive action while providing clear operating procedures for cooperation. Law enforcement agencies must continue strengthening technical capabilities, digital forensics, and specialised training to keep pace with rapidly evolving technologies.

Citizens themselves must remain vigilant, because no technology can entirely replace human judgement.

India’s digital transformation has always been built on collaboration. The success of the Unified Payments Interface was not the achievement of one institution. It was the result of government vision, the Reserve Bank of India’s regulatory foresight, and the coordinated efforts of banks, financial institutions and technology providers working through shared standards and common objectives.

India’s digital public infrastructure has demonstrated repeatedly that coordinated ecosystems deliver better outcomes than isolated institutions. Cyber safety deserves the same philosophy.

The technologies already exist. The institutional architecture already exists. The legal framework continues to evolve. The opportunity now is to connect these strengths into a coordinated operational model capable of responding at the speed of the digital world.

This is not about creating another authority. It is about enabling the institutions we already have. It is not about weakening privacy. It is about preventing organised criminal behaviour before citizens lose their life savings. It is not about asking platforms to become police agencies. It is about recognising that they have become an integral part of India’s digital infrastructure and that such a position carries operational responsibilities alongside commercial opportunities.

As India continues its remarkable digital journey, perhaps the next great innovation will not be another application or another law.

It may simply be a new partnership, one in which technology companies, financial institutions, telecom providers and law enforcement work together—not merely after crimes occur, but early enough to prevent them.

If India succeeds in building such an operational model, it may once again demonstrate that the country’s most important digital innovations are not those that merely connect millions of people, but those that protect the people who depend upon them.

The author is the former National Cyber Security Coordinator, Government of India, and a former Signal Officer in Chief, Indian Army

Disclaimer: Comments posted here are the sole responsibility of the user and do not reflect the views of THE WEEK. Obscene or offensive remarks against any person, religion, community or nation are punishable under IT rules and may invite legal action.