Key Highlights:

• Kaspersky says India is facing targeted cyberattack campaigns from multiple global threat groups.
• Enterprise credentials and databases from Indian organizations are actively traded on dark web forums.
• Cybersecurity spending still trails recommended levels despite strong market growth.
• India’s cyber defense gap is widening as attacks become more persistent and state-linked.

Kaspersky, a global cybersecurity and digital privacy company, says Indian enterprises are facing increasingly targeted cyberattacks as sensitive data appears on dark web marketplaces and advanced threat groups expand operations. At Kaspersky Connect 2026 in Delhi, researchers and analysts outlined how the country’s cybersecurity spending still trails risk exposure, even as threats grow faster and more coordinated.

The findings point to a shift. Attacks are no longer random. Instead, they are persistent, strategic, and often tied to high-value sectors.

What did Kaspersky reveal about cyber threats in India?

At the Kaspersky Connect 2026 intelligence forum, security leaders examined active campaigns targeting Indian organizations across government, telecom, research, and infrastructure sectors.

Researchers highlighted the continued operations of Transparent Tribe, also known as APT36, which targets government and military entities. Meanwhile, Lazarus-linked activity continues to focus on nuclear, defense, and scientific institutions. Another group discovered in 2024 reportedly used Google Translate as a command-and-control proxy during attacks on an Indian telecom research center.

Together, these campaigns signal a pattern. Threat actors are not experimenting. They are executing sustained operations with clear objectives.

Kaspersky also disclosed that its systems detected nearly 500,000 new malicious samples daily in 2025 while tracking more than 900 advanced persistent threat groups worldwide.

How much Indian enterprise data is circulating on the dark web?

The event also revealed measurable evidence of leaked enterprise exposure.

Security analysts recorded 78 defaced Indian websites, more than 48,100 compromised credentials in malware logs, and at least 25 advertisements offering databases belonging to Indian organizations. Access to enterprise networks was reportedly listed for sale between $350 and $3,500.

These listings show a troubling shift. Attackers are no longer just stealing data. They are monetizing access itself.

As a result, organizations may face risks even before detecting a breach internally.

Why is India’s cybersecurity spending still behind the threat curve?

Despite rising threats, cybersecurity budgets remain below recommended levels.

India’s cybersecurity market stood at about $6 billion in FY2025 and is projected to reach $14 billion by FY2030. However, spending currently accounts for roughly 11 percent of enterprise IT budgets, compared with a suggested 20 percent for data-sensitive organizations.

Sector differences are also visible. BFSI organizations allocate between 16 and 18 percent of IT budgets to security. Meanwhile, manufacturing, energy, and utilities typically spend only 8 to 10 percent.

This mismatch creates a structural gap. Threat actors are scaling faster than enterprise defenses.

What makes today’s cyberattacks different from earlier threats?

According to regional leadership at the event, the threat landscape has changed fundamentally.

“The data we presented at Kaspersky Connect 2026 reflects a threat environment that has fundamentally changed. Attacks on India are no longer opportunistic. They are targeted, persistent, and in many cases state-linked. The challenge for Indian enterprises is not just deploying the right technology; it is closing the visibility gap fast enough to stay ahead of adversaries who are already inside many networks they have yet to detect.”

That shift matters. It suggests attackers are already embedded inside systems before detection begins.

Therefore, visibility and response speed now matter as much as prevention.

Which sectors face the highest exposure right now?

Manufacturing, telecom, government services, BFSI, and research institutions remain primary targets. However, risks are expanding as operational technology merges with traditional IT infrastructure.

This convergence increases exposure across energy systems, utilities, and industrial automation environments. Consequently, organizations must secure both digital and physical operations simultaneously.

Security leaders at the forum also discussed extended detection and response platforms, threat intelligence integration, and industrial cybersecurity as immediate priorities.

These areas are becoming central as enterprise infrastructure grows more interconnected.

Why collaboration is becoming a cybersecurity necessity

Another theme emerging from the forum was coordination.

Executives from multiple sectors emphasized the importance of intelligence sharing between organizations, vendors, and security teams. Events like Kaspersky Connect are increasingly positioned as platforms for exchanging real-world threat indicators and mitigation strategies.

As digital transformation accelerates, collaboration is shifting from optional to essential.

Organizations are now expected to combine automation, visibility, and intelligence to improve long-term resilience.

What does this mean for India’s cybersecurity future?

India’s digital expansion continues to increase its attack surface across industries. However, the gap between threat sophistication and defensive readiness remains visible.

The Kaspersky findings suggest organizations must strengthen detection capabilities, increase cybersecurity investment, and improve intelligence coordination to reduce exposure. Without faster adaptation, targeted campaigns could continue scaling across sectors.

As highlighted at Kaspersky Connect 2026, Kaspersky’s assessment signals a turning point where enterprise security strategy must evolve as quickly as the threat environment itself.