As India progresses towards a $1 trillion digital economy, cybersecurity specialists caution that fraud is no longer confined to isolated incidents. It has evolved into a systemic risk affecting enterprises, small businesses, and digital payment networks alike.
What is driving the rise of cyber fraud?
A primary factor is the expansive growth of India’s digital landscape. The India Cyber Threat Report 2026 by Seqrite reveals that Indian organizations observed over 265 million cyberattack detections in the last year, averaging more than 700,000 incidents daily.
Experts assert that attackers are keeping up with the pace of digital transformation. With the rise of cloud services, remote work, digital payments, and API-driven platforms, every new endpoint emerges as a potential vulnerability.
The increase in ransomware activity exemplifies this trend. Seqrite data indicates that January 2025 saw the highest monthly total of ransomware incidents, signifying a shift from opportunistic to sustained, targeted attacks.
How are fraud tactics changing?
Cyber fraud is becoming increasingly sophisticated, personalized, and difficult to identify.
Analysts from Barracuda Networks report that phishing schemes are no longer generic emails filled with errors. Attackers are leveraging artificial intelligence to craft highly personalized messages that reference genuine projects, imitate internal communication styles, and capitalize on real-time events within organizations.
This shift suggests that traditional awareness training and role-based security measures are becoming less effective against context-aware social engineering strategies.
Ransomware tactics have also evolved beyond basic data encryption. Experts warn that multi-faceted extortion—encompassing data theft, repeated attacks, and threats of public exposure—has become commonplace. Network scans targeting widely used software indicate that attackers are conducting thorough reconnaissance prior to launching their strikes.
Why are small businesses and merchants at risk?
Small and medium-sized enterprises are increasingly becoming prime targets for digital fraud as payment transactions surge.
PhonePe reports that merchant fraud in India has risen sharply in recent years, with scammers increasingly focusing on SMBs in online marketplaces, service outlets, and physical stores. The rapid increase in UPI transactions has also provided fraudsters with more opportunities to deceive unsuspecting merchants through social engineering and fake payment confirmations.
According to PhonePe, even a single fraudulent transaction can result in financial losses, operational disruptions, chargebacks, and potentially account restrictions or freezes for small businesses.
What is AI’s influence — a challenge or a solution?
Artificial intelligence is simultaneously fueling fraud and enhancing defenses.
On one hand, AI empowers attackers to automate phishing schemes, create convincing fake identities, and scale their fraudulent activities. Conversely, security providers assert that AI-driven monitoring, automated response systems, and predictive analytics are becoming indispensable tools for defenders.
Sanjay Katkar, Joint Managing Director at Quick Heal Technologies, emphasized that India’s cyber threat landscape is becoming increasingly sophisticated, necessitating continuous monitoring across digital platforms to identify impersonation, fraud, and data misuse.
Experts advise, however, that AI cannot substitute human judgment. Barracuda Networks highlights that while AI-driven security operations centers may reduce response times, governance, oversight, and experienced teams remain critical.
Are organizations equipped to handle these risks?
Levels of preparedness remain inconsistent. Seqrite’s cybersecurity preparedness survey indicates that while most organizations have basic malware protection and backup systems in place, there are notable gaps in incident response planning, asset visibility, and secure configuration.
Emerging risks, such as the long-term effects of quantum computing on encryption, are also beginning to influence board-level conversations, particularly in regulated industries like banking and healthcare.
What changes are necessary?
Cybersecurity professionals generally concur that technology alone will not suffice.
Rohit Aradhya, VP and Managing Director at Barracuda Networks, stressed that cyber resilience hinges on strategy, culture, and the ability to learn and adapt—beyond just tools. Regulatory scrutiny is also increasing, with organizations expected to demonstrate operational resilience and compliance with data protection regulations.
For merchants and businesses, experts suggest implementing stronger verification practices, improved documentation, expedited incident reporting, and ongoing employee education.
