Identity Theft, Insider Risks, and AI Threats: The Dark Side of India's Digital Boom While large enterprises are strengthening their cybersecurity infrastructure, small and medium-sized enterprises (SMEs) remain highly vulnerable due to lower cybersecurity maturity
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
In 2024, India ranked as the second most cyber-attacked nation after the United States. While large enterprises are strengthening their cybersecurity infrastructure, small and medium-sized enterprises (SMEs) remain highly vulnerable due to lower cybersecurity maturity.
Syed Shahrukh Ahmad, Co-founder & CTO, CloudSEK, attributed this rise to financial incentives. "Whenever revenue grows, attackers want a piece of it," he explains. Ahmad also pointed out that third-party vendors and interconnected systems have widened the attack surface, making it easier for hackers to exploit sensitive consumer and enterprise data. "If you are a bank, your risk doesn't stop at your infrastructure. You're sharing data with vendors, agencies, and partners—how do you ensure that data is secure throughout the entire supply chain?" he questioned.
The insider threat
Cyber threats aren't just external—insider risks are growing concerns. Arvind Boggarapu, CTO, Sequretek, explained that India's IT environment is more relaxed compared to the U.S., leading to a higher risk of insider-led breaches. "In the U.S., IT is very much locked down—you cannot install anything without multiple approvals. But in India, IT systems are more flexible, which increases the risk of insider-led attacks," he noted.
Identity theft
Beyond IT breaches, identity theft and financial fraud remain rampant in India. Ashok Hariharan, Founder & CEO of IDfy, revealed that his company has processed KYC for over 300 million individuals and handles 65 million authentications a month. However, data privacy remains a major issue. "You post your house for rent on Magic Bricks, and suddenly you start getting calls from builders and Bajaj Finserv. Where did they get your number? From data brokers," Hariharan pointed out, highlighting the lack of data security in India.
"All fraud problems are data problems. Fraudsters operate in rings, and we need to detect these networks rather than just flagging individual transactions," Sandesh G.S., CTO, Bureau added.
AI: the gatekeeper?
While AI is helping organisations strengthen their cybersecurity, it is also introducing new risks. Vishal Gupta, Founder & CEO, Seclore, warned about the threats posed by AI systems like Large Language Models (LLMs). "The biggest challenge enterprises face with AI is the fear of the unknown. Once an AI system gets access to your data, how do you control what it does with it?" he questioned.
Attackers are also targeting AI models with prompt injection attacks and data poisoning, making them unreliable. "Attackers are trying to poison AI models, making them ineffective or introducing biases that can be exploited," warned Boggarapu. To mitigate risks, organizations must shift to a data-centric security approach. "Instead of protecting networks, devices, or applications, enterprises need to protect the data itself," he further emphasised.
Road ahead
With cyberattacks becoming a new form of warfare, businesses must move beyond reactive security measures and invest in real-time threat detection, AI-driven fraud prevention, and third-party risk management. Regulations like the DPDP Act are pushing enterprises toward stricter data governance, but organisations must proactively enhance their security posture. "Cybersecurity is national security," Boggarapu stated, echoing a sentiment shared by India's Home Minister, Amit Shah. As AI continues to shape cybersecurity, India's ability to adapt, automate, and counter evolving threats will determine its resilience in the digital age.
Panelists shared their opinions at Entrepreneur Tech & Innovation Summit 2025.
