Key Points
- Kaspersky blocked 50.31 lakh web-based attacks on Indian businesses in 2025
- CERT-In handled 29.44 lakh cyber incidents during the same period
- Web-based threats rose 10 per cent year-on-year targeting Indian organisations
Web-based cyberattacks targeting Indian businesses rose 10 per cent in 2025, with security firm Kaspersky Lab blocking more than 50 lakh threat incidents across the year. The firm recorded 50,31,065 attacks through compromised websites, malicious downloads and other online vectors that can lead to unauthorised system access and data exposure.
The surge reflects the expanding attack surface as Indian organisations accelerate digital adoption faster than they can secure their systems, according to Jaydeep Singh, general manager for India at Kaspersky Lab.
“What makes this even more pressing is the role AI now plays in the hands of threat actors, enabling attacks that are more targeted, more adaptive, and increasingly difficult to detect,” Singh said.
Regulatory response and compliance gaps
The threat data arrives as Indian regulators intensify their focus on cybersecurity enforcement. The Indian Computer Emergency Response Team (CERT-In) handled 29.44 lakh cyber incidents in 2025, Singh noted, citing the agency’s figures.
However, readiness remains uneven. Many Indian businesses are in the early stages of compliance and governance, leaving significant exposure windows, according to Kaspersky’s assessment.
“Organisations here must treat cybersecurity not as a checkbox but as a business imperative,” Singh said. “Keeping systems updated, enforcing strong access controls and investing in 24/7 threat monitoring are no longer optional.”
By the numbers
- 50.31 lakh
- web-based attacks blocked by Kaspersky in 2025
- 10%
- year-on-year increase in cyberattacks
- 29.44 lakh
- cyber incidents handled by CERT-In in 2025
How web-based threats compromise organisations
Web-based threats use the internet to target users and computer systems through several methods. These include phishing websites that mimic legitimate services to steal login credentials, drive-by downloads that install harmful software without user consent and compromised web pages that redirect visitors to malicious servers.
Such attacks can result in denial of access to computer networks, unauthorised entry into private systems and exposure of sensitive personal or corporate data. The growth of internet-connected devices across Indian homes and offices has expanded the potential entry points for attackers.
To reduce exposure, Kaspersky Lab recommends that organisations keep operating systems and applications updated to patch known security flaws. The firm also suggests using strong unique passwords and enabling two-factor authentication — where users verify their identity through a second device or code — to limit damage from compromised credentials.
Your Questions, Answered
How many cyberattacks did Kaspersky block on Indian businesses in 2025?
Kaspersky blocked 50,31,065 web-based threat incidents targeting Indian businesses in 2025, marking a 10 per cent increase from the previous year.
How many cyber incidents did CERT-In handle in 2025?
The Indian Computer Emergency Response Team handled 29.44 lakh cyber incidents in 2025, according to figures cited by Kaspersky.
What types of web-based threats are targeting Indian organisations?
Common threats include phishing websites that steal credentials, drive-by downloads that install malware without consent and compromised web pages that redirect users to malicious servers.
How can Indian businesses protect themselves from web-based cyberattacks?
Organisations should keep systems updated, use strong unique passwords, enable two-factor authentication and invest in continuous threat monitoring services.
