
“I dream of a Digital India where cybersecurity becomes an integral part of our national security”, Prime Minister Narendra Modi
Key Takeaways
- Over 86% of households are now connected to the
- Cybersecurity incidents in India rose from 10.29 lakh in 2022 to 22.68 lakh in 2024.
- Union Budget 2025-2026 allocated ₹782 crore for cybersecurity projects.
- Over 42 lakh SIM cards and 2,63,348 IMEIs linked to cyber frauds have been blocked.
- A dedicated helpline 1930 offers immediate cybersecurity assistance.
NEW DELHI, OCTOBER 08, 2025: India’s cyberspace is busier than ever, carrying crores of transactions and interactions every day. Over 86% of households are now connected to the internet, reflecting the remarkable progress under the Digital India initiative. The expanding digital landscape has enabled citizens to access digital services at their fingertips. At the same time, it has also widened the attack surface for cyber fraud, making cybersecurity a national priority.
Cyber frauds refer to deceptive activities carried out through digital platforms such as unauthorized access, data theft, or online scams, which are often intended to cause financial loss to victims.
The surge in cybersecurity incidents from 10.29 lakh in 2022 to 22.68 lakh in 2024 reflects the growing scale and complexity of digital threats in India. At the same time, the financial toll is becoming more pronounced, with cyber frauds amounting to ₹36.45 lakh reported on the National Cyber Crime Reporting Portal (NCRP) as of 28 February 2025. While the numbers point to increasing challenges, they also highlight remarkable progress in the nation’s detection and reporting mechanisms.
Tracing Cyber Fraud Patterns
The evolving landscape of cyber frauds shows that frauds are not confined to a single method but take diverse forms, often adapting to new technologies and user behaviour. Mapping these patterns is crucial to enable preventive measures. The staggering financial impact across the world is underscoring fraudsters’ global reach and the involvement of organised crime, often linked to fraud factories in Southeast Asia.
Emerging Cyber Threats
- Techniques like spoofing, where criminals act like trusted sources, are showing up in multiple fraud reports. Likewise, cases of deepfakes leveraging AI (Artificial Intelligence) and phishing, where individuals are lured into revealing sensitive information through deceptive emails or messages, are also on the ris— amplifying the overall impact of scams.
- Unified Payments Interface (UPI), India’s most preferred digital payment mode, has also been targeted by fraudsters using compromised mobile numbers. To address this issue, the Department of Telecommunications (DoT)launched the Financial Fraud Risk Indicator (FRI), which classifies suspicious numbers as Medium, High, or Very High-risk
- Illicit digital ventures have also emerged in the form of online betting apps, luring users into depositing funds in their online wallet to play such games with fake promises of large returns, generating over ₹400 crores in criminal proceeds
Strengthening India’s fight against cyber frauds, the Promotion and Regulation of Online Gaming Bill, 2025 was passed on 21st August 2025. This legislation is designed to encourage e-sports and social online games while imposing a complete ban on online money gaming, including their promotion, advertisements, and financial transactions
India’s Cybersecurity Framework
The Government of India has implemented strong defence mechanisms aimed at safeguarding its vast online community. Indians are increasingly integrating the internet into their daily lives, relying on it for essential needs such as business transactions, education, financial activities, and accessing government services digitally. Over 1,05,796 police officers are now registered on the CyTrain portal, with more than 82,704 certificates issued, equipping frontline personnel with essential cybercrime investigation skills
Cyber Laws Securing Cyber Space
Recognizing the critical importance of a secure digital environment, India’s Cybersecurity framework is underpinned by key legislations, notably:
- Information Technology Act, 2000serves as the bedrock of India’s cyber law framework. It addresses offences like identity theft, impersonation, cheating by personation through computer resources, and dissemination of obscene or harmful material. These provisions are vital in prosecuting fraudsters who exploit digital platforms for financial gain, while also empowering authorities to block malicious websites and fraudulent applications.
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021ensure accountability of social media intermediaries, digital platforms, and online marketplaces. It addresses emerging misuse of technologies, including AI and mandate the removal of unlawful content from platforms.
- Digital Personal Data Protection Act, 2023: requires that all personal data be handled lawfully and with user consent, making India’s digital landscape safer and more accountable for everyone. The Act places strict obligations on data fiduciaries to ensure security safeguards, thereby reducing the risks of unauthorised access or misuse. So far, more than 42 lakh SIM cards and 2,63,348 IMEIs (International Mobile Equipment Identity) linked to fraudulent activities have been blocked.
Responding to Cyber Incidents
Indian Computer Emergency Response Team (CERT-In) is the national agency for responding to cybersecurity incidents. It monitors cyber threats, detects vulnerabilities, and issues necessary advisories. Upon identification of incidents such as data breaches, phishing campaigns, or malware intrusions, CERT-In disseminates alerts and prescribes remedial measures to affected organisations. This proactive mechanism ensures timely containment of risks and enhances resilience across government, industry, and critical service providers. As of March 2025, CERT-In facilitated 109 cybersecurity mock drills, engaging 1,438 organisations from different states and sectors to assess cyber readiness and build resilience.
Protecting Critical Infrastructure
National Critical Information Infrastructure Protection Centre (NCIIPC), designated under Section 70A of the Information Technology Act, 2000, is the national nodal agency for the protection of critical information infrastructure in India. It works in close coordination with stakeholders in sectors such as banking, telecom, power, and transportation, which are vital to national security and public safety. Through continuous monitoring, risk assessment, and issuance of sector-specific guidelines, NCIIPC strengthens defensive capabilities and mitigates threats that could otherwise compromise essential services.
Strengthening Law Enforcement Capacity
The Indian Cybercrime Coordination Centre (I4C), established under the Ministry of Home Affairs, provides a comprehensive framework to enable Law Enforcement Agencies (LEAs) to deal with cybercrimes in an organised and coordinated manner. It supports capacity-building through specialised training programmes, research, and development of technical tools. It also facilitates real-time information sharing and coordinated investigations, enabling effective action against cybercriminal networks, including those engaged in financial frauds and other organised cyber offences. So far, I4C has proactively blocked 3,962 Skype IDs and 83,668 WhatsApp accounts linked to cyber frauds
Cybersecurity Initiatives: Governance in Action
In an effort to bolster India’s cyber defences, the Union Budget 2025 has allocated ₹782 crore for cybersecurity projects. This significant move highlights government’s heightened focus on cyber threats that pose risk to the national security Through the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS), financial institutions have been able to save more than ₹5,489 crore in over 17.82 lakh complaints.
National Cyber Crime Reporting Portal
To strengthen citizen participation in the fight against cybercrime, the Government has operationalised the National Cyber Crime Reporting Portal (www.cybercrime.gov.in). The portal enables citizens to report complaints relating to various categories of cybercrime, with a special focus on offences targeting women and children. A dedicated cybercrime helpline number 1930 provides immediate assistance to victims of online financial frauds by facilitating prompt reporting and, where possible, freezing of fraudulent transactions. Together, these initiatives serve as an accessible and responsive grievance redressal mechanism for citizens.
National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS)
NM-ICPS plays a pivotal role in combating cyber frauds by promoting advanced research and innovation in cybersecurity, artificial intelligence, etc. By supporting the development of tools, platforms, and methodologies for threat detection, the mission strengthens India’s ability to identify and prevent cyber frauds targeting individuals, businesses, and critical infrastructure. Collaboration between academic institutions, industry, and government under NM-ICPS also accelerates solutions to emerging and sophisticated cyber threats, including financial frauds, phishing, and identity-based crimes.
Cyber Crime Prevention Against Women and Children (CCPWC) Scheme
The CCPWC scheme addresses cyber frauds targeting vulnerable sections, particularly women and children. With financial support of ₹132.93 crore, the scheme has established cyber forensic-cum-training laboratories across 33 States and Union Territories. These laboratories have trained over 24,600 personnel in cybercrime investigation, digital forensics, and preventive measures. Through enhanced awareness, early detection, and rapid response capabilities, CCPWC strengthens the capacity of law enforcement to prevent online frauds, scams, and exploitation of women and children, ensuring a safer digital environment.
Cyber Crisis Management Plan (CCMP)
To strengthen preparedness against cyber-attacks and cyber-terrorism, the Government has initiated CCMP for all government bodies. The plan serves as a strategic framework to ensure coordinated recovery from any cyber crisis. So far, 205 workshops have been conducted across the country to build capacity and awareness under this framework.