HQ/EMEAFind out how we can help your business
India is witnessing a dramatic surge in cyberattacks, with a particular focus on APIs and critical sectors such as banking and utilities. Recent findings reveal a staggering thirtyfold increase in DDoS incidents targeting APIs compared to traditional web assets, underscoring the growing attractiveness of APIs as a target for attackers.
According to a quarterly report, a managed application security provider, Indian organisations faced nearly 1.2 billion cyberattacks in the third quarter of 2024, doubling from 600 million in the same period last year. These included 377 million denial-of-service (DoS) events, and 215 million bot-driven requests aimed at API services and web servers. This escalation highlights a troubling trend where attackers are increasingly exploiting vulnerabilities in APIs using a variety of sophisticated techniques.
The introduction of large language models (LLMs) like ChatGPT, which have made cyberattacks easier to carry out, is a major contributor to this increase. These tools enable even beginner hackers to deploy scripts targeting known vulnerabilities, leading to an alarming increase in such incidents. As attackers evolve their strategies, Indian companies find themselves grappling with a growing threat landscape.
The economic growth of India has made it a prime target for cyberattacks, with many businesses reporting costly breaches and key sectors facing heightened risks.
The surge in attacks is not only linked to technological vulnerabilities but also to India’s economic growth, which reached 5.4% in the third quarter of 2024. This progress has made the country an attractive target for cybercriminals. Over the past three years, 44% of Indian businesses have reported data breaches costing upwards of $500,000. Consequently, 61% of business leaders now rank cybersecurity among their top three organisational priorities.
Certain industries are disproportionately affected. Banking, financial services, and insurance sectors face twice as many attacks as the global average, while the power and energy sectors encounter four times the global average per website. Analysts attribute this to geopolitical motivations, with attackers aiming to disrupt essential services.
The report also highlights significant gaps in API security. Only 19% of Indian companies use automated scanning tools to detect vulnerabilities, while 45% rely on manual penetration testing, and over a third do not test their APIs at all. Alarmingly, more than 30% of critical vulnerabilities remain unpatched for over six months, leaving systems exposed to exploitation.
As cyberattacks in India rise by 92% year-on-year, organisations face mounting pressure to address security misconfigurations, authentication failures, and common vulnerabilities such as SQL injection and server-side request forgery. Strengthening cybersecurity frameworks and prioritising timely patch management are crucial steps to mitigate these escalating risks.
