Are We Really Ready for Cyberwarfare? Despite India's top-tier global ranking, gaps in training, infrastructure, and accountability suggest a different reality

By Shivani Tiwari

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

In 2024, India achieved Tier 1 status in the Global Cybersecurity Index (GCI), with a score of 98.49 out of 100—placing it among the world's leading nations for cybersecurity. The index, released by the International Telecommunication Union (ITU), assessed countries across five pillars—legal, technical, organisational, capacity development, and international cooperation.

Yet, this impressive score starkly contrasts with the realities observed on the ground, particularly in government institutions and critical infrastructure.

Inside a INR 146 crore bank heist: a wake-up call


Professor Triveni Singh, former Superintendent of Police (Cyber Crime) and Chairperson at the Future Crime Research Foundation, recalled investigating a major cyberattack on a cooperative bank two years ago.

"Cybercriminals planted a laptop within the bank's internal network, installed a remote access tool and keyloggers, and managed to capture the credentials of both the maker and checker—then transferred INR 146 crore," he said. Forensic analysis revealed that poor physical and digital controls had allowed the breach. The security operations centre (SOC), Singh recalled, was staffed by interns playing cards. "They had no access control protocols, no active surveillance, and the CCTV server had not been updated in nearly a year," he shared at Acronis TRU Security Days - India 2025 event.

Most alarmingly, when asked who the Chief Information Security Officer (CISO) was, a branch manager stepped forward—unaware of what the designation meant. "In government institutions, 99 per cent of those listed as CISOs don't even know they hold the role," Singh said.

Training gaps and paper compliance


According to Singh, superficial training and a lack of institutional understanding are major threats. "In government departments, people attend one-day workshops labelled 'CISO training'. They come for breakfast, lunch, and leave. That's not capacity building," he said.

He emphasised the urgent need for genuine investment in skills and cyber awareness. "You cannot train someone to respond to a cyber crisis with two or three days of orientation. Cybersecurity requires continuous education, not certificates for compliance."

Singh also questioned the visibility and awareness of existing national cyber guidelines. "Ask any government official if they've read the RBI's cybersecurity guidelines, or the latest policy from SEBI or IRDAI. You'll find no one has. How can you ensure compliance when there is no understanding of the rules?"

Data, responsibility, and the civilian risk factor


Prashant Mittal, Deputy Director General at the National Informatics Centre, highlighted the massive amount of data handled by government departments, much of it migrated to the cloud. "Krishi Bhavan alone handles data equivalent to 30 per cent of the global population due to overlaps like one individual being a beneficiary of multiple schemes," he said.

With the Digital Personal Data Protection (DPDP) Act, 2023, now in effect, the stakes are higher. Mittal warned that penalties for breaches can reach up to INR 250 crore. "Many managed service providers (MSPs) do not have the capacity to absorb such losses. They'll soon be held accountable under revised contracts."

On the civilian side, cyber-awareness remains dangerously low. Rajesh Chhabra, General Manager – India & South Asia at Acronis, urged citizens especially students, women, and the elderly in smaller towns—to take basic precautions. "Avoid clicking on unsolicited WhatsApp or SMS links, invest in antivirus protection, and never reuse passwords across platforms," he advised.

He also warned against common scams involving fake customer service numbers found on search engines. "Even SBI has begun issuing alerts about these tactics," Chhabra said. "It's often the lack of awareness that leads to financial fraud."

India's top-tier GCI ranking reflects robust policy frameworks, but cyberwarfare readiness demands more than documentation. As Singh noted, "Cybersecurity cannot be achieved through certificates or slogans. Until we train the right people and build real accountability, the systems will remain vulnerable."

Shivani is a tech writer covering the dynamic world of startups, artificial intelligence, cybersecurity, and emerging technologies. With a sharp eye for innovation and a passion for storytelling, she brings insightful coverage and in-depth features that spotlight the people and ideas shaping the future. You can reach out at tshivani@franchiseindia.net.
Science & Technology

Build a Profitable One-Person Business That Runs Itself — with These 7 AI Tools

Discover seven tools to automate content, leads and sales so you scale solo.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Money & Finance

8 Passive Income Ideas That Are Actually Worth Pursuing

These passive income ideas offer long-term earning potential with minimal ongoing effort.

Growing a Business

I've Built 22 Companies in 89 Countries — Here's Why a Clear Mission Is the Ultimate Growth Hack

A mission statement is the foundation of a company and should be developed before a business ever accepts a transaction.

Business News

The Fastest-Growing Startup Ever Just Surpassed $500 Million in Annual Revenue. Here's Why It Keeps Growing, According to Its CEO.

Anysphere is the startup behind Cursor, a popular AI coding assistant now used by more than half of Fortune 500 companies.