Kaspersky blocked 50 lakh cyberattacks on Indian businesses in 2025

Kaspersky blocked more than 50 lakh web-based cyberattacks targeting Indian businesses in 2025, the cybersecurity firm said on Wednesday. The figure marks a 10 per cent increase from 2024, reflecting the growing threat landscape as Indian organisations accelerate their digital adoption.

The company recorded 50,31,065 threat incidents across Indian businesses last year, according to its annual threat data. These attacks included compromised websites, malicious downloads and other online vectors that can lead to unauthorised system access and data exposure.

Advertisement

‹

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 22 May 2026
📍 Dehradun

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026
📍 Goa

Register Now →

EVENT

Cyber Surakshit Uttar Pradesh

Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.

📅 Wed, 27 May 2026
📍 Lucknow

Register Now →

›

India’s rapid digital transformation is expanding the attack surface faster than many organisations can secure it, according to Jaydeep Singh, General Manager for India at Kaspersky. He pointed to the role of artificial intelligence in enabling more sophisticated attacks.

“What makes this even more pressing is the role AI now plays in the hands of threat actors, enabling attacks that are more targeted, more adaptive, and increasingly difficult to detect,” Singh said.

Regulatory response and compliance gaps

The threat data arrives as Indian regulators intensify their focus on cybersecurity. The Indian Computer Emergency Response Team, known as CERT-In, handled nearly 29.44 lakh cyber incidents in 2025, Singh noted.

However, readiness remains uneven across Indian businesses. Many organisations are still in the early stages of compliance and governance, leaving significant windows of exposure, according to Kaspersky’s assessment.

“Organisations here must treat cybersecurity not as a checkbox but as a business imperative,” Singh added. “Keeping systems updated, enforcing strong access controls, and investing in 24/7 threat monitoring are no longer optional.”

How web-based threats work

Web threats are malicious activities that use the internet to target users and computer systems. These can include phishing websites that mimic legitimate services to steal login credentials, drive-by downloads that install harmful software without user consent, and compromised web pages that redirect visitors to malicious servers.

Advertisement

Such attacks can result in denial of access to computer networks, unauthorised entry into private systems, exposure of sensitive personal or government data, and unwanted changes to network services.

The growth of smart devices and high-speed mobile networks has expanded the attack surface for such threats, Kaspersky noted. The proliferation of internet-connected devices in homes and offices, commonly called the Internet of Things or IoT, has outpaced user awareness of security risks.

Protection measures for organisations

To reduce exposure to web-based threats, Kaspersky recommends several measures for Indian businesses.

Organisations should keep operating systems, browsers and applications updated to patch known security flaws. Using strong, unique passwords for online services and enabling two-factor authentication, where users verify their identity through a second device or code, can limit the damage from compromised credentials.

The firm also recommends augmenting existing security controls with expert-led threat monitoring services that provide round-the-clock surveillance and rapid response to sophisticated attacks.