India’s digital journey has redefined how we power cities, move people, heal patients, and transact business. From energy and healthcare to telecom and finance, our critical infrastructure has become the central nervous system of the economy. However, it has also opened new fault lines, exposing our most vital systems to a fast-evolving spectrum of cyber threats.
Managing Director & Area Vice President – India & SAARC
SentinelOne
Today’s attackers are applying artificial intelligence to automate and scale their campaigns. They’re using deepfakes, voice cloning, and highly convincing social engineering tactics. These methods are not only harder to detect, they’re specifically designed to bypass traditional defences by undermining public trust in digital services.
In this environment, focusing solely on recovery after an incident is no longer enough. India must commit to cyber resilience. We must design systems and teams capable of absorbing shocks and continuing to operate even while under attack.
A Rising Tide of Threats
India is weathering a surge of cyberattacks. In 2023, over 1.6 million cybersecurity incidents were reported, up from just 53,000 in 2017. The fallout has been serious: hospitals disrupted, power grids in Andhra Pradesh and Telangana targeted, and telecom and transport services affected.
All this is happening while AI-powered deception is becoming widespread. Over 75% of Indian internet users encountered deepfakes last year. One scam in Karnataka used AI-generated videos to promote a fraudulent rental app, tricking over 200 investors out of INR 2 crore. In Delhi and Kerala, cybercriminals used cloned voices and deepfake videos to pressure families into paying fake ransoms.
India’s Unique Vulnerabilities
India’s critical infrastructure is built for scale, but not always for security. Many critical systems still run on legacy Operational Technology (OT) platforms that were never built with modern cybersecurity in mind. This, combined with budget limitations and a shortage of skilled professionals, especially in the public sector, creates significant gaps in defence.
At the same time, regulation is racing to keep pace. The Digital Personal Data Protection Act (DPDPA) and CERT-In guidelines are positive moves, but the speed at which AI-driven threats and synthetic media are evolving continues to outstrip current policies.
When essential services like healthcare, payments, and utilities are so deeply integrated with digital platforms, even brief disruptions can have wide-reaching consequences, from delayed surgeries and stalled transactions to compromised data and declining public trust.
Moving Beyond Recovery
Traditional cybersecurity has focused on prevention and recovery. Stop the attack if you can, and rebuild if you can’t. But today’s threats move too quickly and adapt too easily. Many go undetected until the damage is already done. Waiting to respond after an incident means accepting avoidable disruption.
Resilience acknowledges that breaches are inevitable and prioritises continuity: keeping systems running, data safe, and trust intact, even under attack.
Building Resilience into the Foundation
True resilience is a mindset shift. It starts with continuous monitoring and real-time threat detection powered by AI, so anomalies are spotted before they escalate. Network segmentation and zero-trust principles are crucial to containing threats and limiting their movement between IT and OT environments.
Backup strategies must also evolve. Data should be encrypted, stored in protected locations, and regularly tested, not only to recover quickly but to ensure data integrity in case attackers attempt to compromise it.
Just as importantly, organisations must invest in their people. Cybersecurity training must go beyond phishing emails. Staff should be prepared to identify and respond to deepfakes, cloned voices, and other sophisticated social engineering attempts.
Incident response plans also need to be revisited. Modern playbooks must include steps for verifying the authenticity of digital evidence and conducting forensic investigations in a world where synthetic content can easily blur the lines between real and fake.
National and Enterprise-Level Progress
Encouragingly, India is making progress. National agencies like CERT-In, NCIIPC, and the National Cyber Coordination Centre are stepping up with stronger monitoring and better coordination. The DPDPA has also added clarity on how organisations should manage and report data breaches.
On the ground, initiatives like Cyber Swachhta Kendra are helping raise awareness among citizens and small businesses. And just last year, over 12,000 officials in government and critical sectors received cybersecurity training. That’s a solid move toward closing the skills gap.
But resilience can’t be built by the government alone. Businesses have a key role to play, from growing local talent and sharing threat insights to making cyber resilience part of everyday culture, decisions, and boardroom conversations.
The Strategic Imperative
In a country where over a billion citizens rely on national platforms like Aadhaar, UPI, and DigiLocker, a successful cyberattack is a national concern.
Cyber resilience is India’s next strategic imperative. It is essential not only for protecting infrastructure, but for preserving public trust, ensuring continuity of essential services, and safeguarding national wellbeing in an increasingly unpredictable digital future.
Authored by Diwakar Dayal, Managing Director & Area Vice President – India & SAARC, SentinelOne
