Indian digital revolution has created one of the world’s largest connected societies, but scale has also produced vulnerability. With over 100 crore internet connections, ₹27 lakh crore in monthly UPI transactions and critical infrastructure has increasingly digitised. Cybersecurity is no longer a technical afterthought it is a matter of economic stability, governance continuity and national security. At the centre this CERT-In has become institutional backbone of India’s cyber resilience strategy.
Digital expansion and the scale of risk
Indias digital growth has been center of attraction for world over the ten years. The number of internet connections in India increased a lot from 25.15 crore in 2014 to 100.29 crore by 2025. At the time the amount of data people used every month went up nearly 400 times. Indias internet users consumed 61.66 MB of data per month in the beginning but this number jumped to 24.01 GB per user by 2025. The digital growth of India is about the internet and how people in India uses the internet. Indian internet scenario is growing fast.
India got access to financial services and other services from digital developments. It has also made India more vulnerable and towards cyber-attacks. Every time someone makes a transaction or a company moves its data to the cloud or uses an internet connected device. Indias cyber-attack surface is a problem because of all these digital transactions and internet connected devices.
The financial sector is an example of this risk. It is very clear. In December 2025 UPI processed over 21 billion transactions. These transactions were worth than ₹27 lakh crore. If there are problems with the system or if someone attacks it this can have big effects on the economy. This shows why cybersecurity is very important for the economy to be stable. That is why the Union Budget 2025–26 put aside ₹782 crore for cybersecurity. This means that digital security is now a part of the policy. The financial sector and cybersecurity are closely linked.
CERT-In: From incident response to strategic cyber governance
The Computer Emergency Response Team of India which is also known as CERT-In was set up under Section 70B of the Information Technology Act of 2000. CERT-Ins main job has changed a lot over time. It used to handle incidents after they happened but now it does a lot more. Nowadays CERT-In works as the point for India when it comes to finding out about threats coordinating between different sectors and reducing the risks that come with using computers and the internet.
In the year 2025 the Computer Emergency Response Team of India which is also known as CERT-In dealt with than 29.44 lakh cyber incidents. This is a big number and it shows that India is one of the countries that has to respond to a lot of cyber problems. The cyber incidents that CERT-In handled were of all kinds including phishing campaigns where people try to trick others into giving away information and ransomware attacks where peoples data is locked and they have to pay to get it back. There were also problems with infrastructure systems, which are like the basic systems that our country needs to function properly.
To manage this complexity, CERT-In issued 1,530 alerts, 390 vulnerability notes and 65 advisories by enabling near-real-time risk mitigation across sectors. 29 Common Vulnerabilities and Exposures (CVEs) were identified and published domestically, strengthening indigenous vulnerability research. This shift from firefighting to anticipation marks in CERT-In transition into a strategic cyber institution rather than a purely technical agency.
Sectoral cyber defence: Protecting the economic nervous system
India’s cyber threat profile is no longer uniform, it is sector-specific. Recognising this CERT-In has developed sectoral CSIRTs to protect domains where cyber disruption could cause systemic damage.
Financial Sector (CSIRT-Fin): The BFSI ecosystem faces high-frequency attacks due to transaction volumes and data sensitivity. CSIRT-Fin enables coordinated threat intelligence sharing, incident response and advisories across banks, NBFCs, insurers and payment platforms. Thus ensuring continuity of trust in India’s digital finance architecture.
Power and Energy (CSIRT-Power): Power grids are increasingly digitised and networked, making them vulnerable to cyber sabotage. CSIRT-Power functions as CERT-In extended arm, analysing threats, coordinating audits and ensuring vulnerabilities flagged by Cyber Swachhta Kendra are addressed before they translate into physical disruptions. These sector-specific frameworks signal a shift from generic cyber defence to infrastructure-grade security planning.
Audits, assurance and the institutionalisation of cyber hygiene
One of the most consequential interventions has been the institutionalisation of cybersecurity audits. In 2025, 231 cybersecurity audit organisations were empanelled, significantly expanding India assessment capacity across government and critical infrastructure
A significant proportion of CERT-In led audits concentrated on banking and financial institutions, power and energy infrastructure and transport and logistics networks. Importantly audit outcomes are not treated as standalone compliance documents. Findings are aggregated and analysed to detect systemic design vulnerabilities, informing revised guidelines and secure-by-design advisories. This structured feedback loop has enhanced cyber resilience not only at the organisational level but across entire critical sectors.
Capacity building at national scale
Cybersecurity is only as strong as the human systems operating it. In 2025, CERT-In conducted:
- 32 specialised technical training programmes
- 95 cybersecurity awareness sessions
- 122 cybersecurity drills and exercises, including complex tabletop simulations
These initiatives collectively trained 20,799 officers and cybersecurity professionals across government, PSU and industry.
The drills had a lot of people involved with 1,570 organisations taking part. These organisations are from different fields, including defence, space, atomic energy, telecom, finance, power, oil and gas transport IT/ITeS and State Data Centres. This is important because it shows that everyone is working together to get ready for crises. The government wants to make sure that all of these organisations can respond quickly and work together when something bad happens with security. This is a deal because it means that the government is taking a whole of government approach to cyber security.
Cyber Swachhta Kendra: Citizen-centric cybersecurity
So security is really important for institutions. Indias cyber system also needs people to be careful with their computers and phones. The Cyber Swachhta Kendra or CSK for short is a deal because it is one of the largest efforts, in the world to prevent cyber-attacks from happening in the first place. The Cyber Swachhta Kendra is doing a lot of work to keep the cyber system safe.
By December 2025 CSK had covered all of Indias digital population. They worked with a lot of organisations around 1,427 across different sectors. The CSK systems for detecting botnet and malware were really good at sending out alerts to users who had been compromised. This helped a lot of people. In fact the CSK malware removal tool was downloaded around 89.55 lakh times, which shows that many people in the public were using it. The CSK is clearly doing a job, at helping people with malware and botnet problems.
Unlike enforcement-driven models CSK focuses on voluntary remediation and awareness, aligning cybersecurity with India’s participatory governance ethos
Policy frameworks for emerging technologies
ERT-Ins 2025 outputs show that they are really looking at what the future might hold. They want to be ready for the things that could happen tomorrow. Of just dealing with the old threats they made new rules to handle the new kinds of risks that are coming up. CERT-In is focusing on these next-generation risks. Trying to stay one step ahead. The new policy frameworks from CERT-In are all about getting ready for what’s coming next.
- SBOM, QBOM, CBOM, HBOM and AIBOM guidelines, creating transparency across software, hardware, cryptography and AI supply chains
- Quantum Cyber Readiness White Paper, preparing institutions for post-quantum cryptographic threats
- Ransomware and BFSI Digital Threat Reports, offering sector-specific intelligence
- Guidelines for smart cities, satellite communications, UAS security and MSMEs
These documents are helping India to get ready for problems before they happen so India does not have to wait for a crisis to happen and then try to fix it. This way India is moving towards being prepared. The country will not have to depend so much on trying to solve problems after they have already happened. The documents are really important for India to have a system and India is trying to make sure that the country is ready, for anything that might happen instead of just waiting for something bad to happen and then trying to deal with it. These documents are a part of Indias plan to be more prepared and to reduce the need for India to react to crises all the time.
Command, coordination and crisis management
CERT-In also anchors a multi-layered national coordination framework. This includes the National Cyber Coordination Centre for metadata level situational awareness, State and Sectoral CSIRT enabling decentralised and rapid response. The Cyber Crisis Management Plan ensures continuity of essential services during major incidents. Such an integrated architecture allows India to absorb cyber shocks without cascading systemic failure, an indispensable capability for a digitally dependent economy.
Global recognition and strategic credibility
The policy maturity and the operational scale of CERT-In have gradually attracted the world to take notice of it. Its work has been part of the World Economic Forum Global Cybersecurity Outlook in 2025 on AI-driven threat detection, the Oxford-WEF Cyber Resilience Compass in areas of global resilience and France in it co-signed AI risk governance report. These recognitions underscore the shift of India as a cyber consumer to a norm-shaper in the world digital governance structures.
Cybersecurity as sovereign infrastructure
The cyberspace security in India is in a decisive stage. The finance systems, the governance system, the energy system and the trust of the people are now being supported by digital systems, cyber defence has now become a sovereign infrastructure.
The performance of CERT-In of 2025 in terms of millions of incidents addressed, thousands of audit and alert messages and country wide coverage of citizens signifies that India is not only developing digital capacity but also digital resilience. The increasing complexity and use of AI in cyber threats argues can be seen in India, where scale, coordination and policy foresight is the real engine of national cybersecurity.
