Tackling cybercrimes with a public-private partnership model

Cybercrime is escalating worldwide, with projected annual damages reaching $10.5 trillion by 2025. In India, digital threats such as hacking, online fraud, investment scams, and cyber harassment are rising sharply. Recognizing the urgency of a collaborative approach, Karnataka’s CID established the Centre for Cybercrime Investigation Training & Research (CCITR) in 2019 through a public-private partnership with Infosys Foundation and DSCI. While such initiatives are steps in the right direction, India must enhance cyber resilience through improved policies, workforce training, and seamless cooperation between the government, private sector, and academia.
Key Cyber Threats Facing India
1. State-Sponsored Cyber Espionage
Foreign adversaries increasingly target India’s strategic sectors, including defense, energy, and governance. Advanced Persistent Threats (APTs) linked to China and Pakistan conduct surveillance, steal classified data, and disrupt infrastructure projects. India’s limited indigenous cybersecurity capabilities make it vulnerable. A 2021 report indicated that Chinese cyber actors may have deployed malware targeting Indian power grids and seaports amid border tensions.
2. Ransomware Attacks on Critical Infrastructure
Cybercriminals are launching ransomware attacks on India’s banking, healthcare, and IT sectors, crippling essential operations. These attacks use advanced malware to lock systems and demand cryptocurrency payments, making tracking difficult. The 2022 cyberattack on AIIMS Delhi, allegedly by foreign actors, disrupted healthcare services for weeks. A recent report ranked India as the second-most targeted country in the Asia-Pacific & Japan (APJ) region for ransomware attacks.
3. Financial Cybercrime & Digital Payment Fraud
The rapid growth of digital banking and UPI transactions has led to an explosion in phishing scams, digital payment fraud, and identity theft. Cybercriminals exploit security loopholes and manipulate unsuspecting users. According to the RBI, UPI-related financial frauds surged by 166% in 2023-24 compared to the previous year.
4. Deepfake Technology & AI-Driven Misinformation
The misuse of AI to generate deepfake videos and fake news poses risks to India’s elections, social stability, and public trust. Political entities and foreign actors weaponize AI to spread propaganda. A viral deepfake video of actress Rashmika Mandanna in 2023 raised alarms about the dangers of this technology. The World Economic Forum’s 2024 Global Risk Report ranked India highest for misinformation threats.
5. Supply Chain Cyber Attacks
Hackers increasingly target Indian companies via vulnerabilities in third-party vendors and software supply chains. MSMEs, which often lack robust cybersecurity policies, are prime targets. The SolarWinds cyberattack in 2020 exposed global supply chain risks, underscoring the need for stronger safeguards.
6. Cyberterrorism & Dark Web Exploitation
Terror groups are leveraging the dark web, encrypted messaging platforms, and cryptocurrencies to fund operations and recruit members. India’s weak surveillance framework allows extremists to operate anonymously. Investigations have shown ISIS-affiliated groups using Telegram and dark web forums to radicalize Indian youth.
7. IoT & Smart City Security Risks
With India’s increasing adoption of smart city infrastructure—CCTV surveillance, traffic systems, and public utilities—new cyber vulnerabilities have emerged. Many IoT devices lack encryption, making them easy targets for hackers. A suspected Chinese cyberattack on Mumbai’s power grid in 2020 highlighted these risks.
The Role of the Private Sector in Strengthening Cybersecurity
1. Boosting Indigenous Cybersecurity Research & Innovation
Indian companies should invest in domestic cybersecurity R&D to reduce reliance on foreign solutions, which pose risks of surveillance backdoors. Initiatives like IIT Kanpur’s C3iHub in partnership with Tata Advanced Systems are crucial for developing homegrown cybersecurity technologies.
2. Enhancing Threat Intelligence Sharing with Government Agencies
Public and private entities must work together to exchange real-time cyber threat intelligence. While CERT-In has mandated breach reporting, businesses are hesitant to comply due to regulatory concerns. Establishing a structured cyber threat intelligence-sharing framework can significantly improve cyber defenses.
3. Strengthening Cybersecurity in Financial Services
With the surge in digital transactions, private firms must adopt AI-driven fraud detection, blockchain-based security, and Zero Trust models to safeguard the financial sector. Companies like ComplyAdvantage are already using AI to enhance fraud detection in fintech.
4. Addressing the Cybersecurity Talent Shortage
India faces a massive shortage of skilled cybersecurity professionals. In May 2023, nearly 40,000 cybersecurity jobs remained unfilled. The private sector can bridge this gap by funding cybersecurity education, conducting training programs, and offering industry-recognized certifications.
5. Developing Secure Cloud & Data Protection Infrastructure
With data localization becoming a priority, private firms must invest in secure, indigenous cloud storage solutions to protect national data assets. Reliance JioCloud is an example of India’s push for secure cloud alternatives to foreign providers.
6. Combating AI-Driven Cyber Threats
Tech firms and startups should develop AI-powered deepfake detection tools to curb misinformation. McAfee’s Deepfake Detector is an example of AI being used to counter digital fraud.
7. Promoting a Cyber-Aware Corporate Culture
Private enterprises should train employees on cyber hygiene, conduct phishing simulations, and implement strict security policies to prevent breaches. Human error remains a major cybersecurity vulnerability.
Challenges in Private Sector Involvement
- Regulatory Uncertainty: India lacks a well-defined cybersecurity policy with clear incentives for private sector involvement. Fragmented regulations across agencies discourage businesses from investing in national cybersecurity.
- High Costs of Cybersecurity Implementation: Many firms, especially MSMEs, struggle to afford advanced cybersecurity solutions. Indian businesses allocate less than 10% of their IT budgets to cybersecurity.
- Limited Public-Private Threat Intelligence Sharing: Companies fear reputational damage and regulatory penalties if they report cyber incidents. Although CERT-In mandates reporting within six hours of detection, compliance remains low.
- Dependence on Foreign Cybersecurity Tools: Heavy reliance on foreign tech increases risks of espionage and surveillance vulnerabilities. Indigenous cybersecurity ecosystems must be strengthened.
- Weak Supply Chain Security: Many MSMEs supplying critical infrastructure lack cybersecurity maturity, making them entry points for larger cyberattacks.
Steps to Improve Public-Private Collaboration
1. Establish a National Cybersecurity Coordination Council: A centralized body with strong private-sector representation should oversee cybersecurity initiatives, aligning efforts across MeitY, CERT-In, NCIIPC, and RBI.
2. Create a National Cyber Threat Intelligence Exchange (NCTIX): A structured, AI-driven platform should be established for secure, real-time intelligence-sharing between businesses and government agencies.
3. Offer Tax Incentives & Subsidies: To encourage cybersecurity investments, the government should provide tax breaks, R&D incentives, and funding for startups developing indigenous security solutions.
4. Upskill the Workforce: Cybersecurity should be integrated into university curricula, and firms should collaborate on training initiatives like Skill India’s cybersecurity programs.
5. Mandate Cybersecurity Standards: Businesses, especially in BFSI, telecom, and IT sectors, should adhere to risk-based compliance frameworks. The Digital Personal Data Protection Act (DPDPA) 2023 should be enforced strictly.
6. Support Indigenous Cybersecurity Startups: The government and private sector should fund AI-driven threat detection, blockchain security, and cloud encryption startups to foster innovation.
Key takeaways
India’s cybersecurity future depends on seamless collaboration between the public and private sectors. While initiatives like CCITR are promising, India must accelerate policy reforms, incentivize industry participation, and invest in indigenous cybersecurity innovation. Strengthening intelligence-sharing, workforce development, and digital infrastructure security will be critical in building a cyber-resilient nation.