The Threat Landscape Has Changed
India registered over 2.4 million cyberattacks per day in 2025. AI has made every stage of the attack lifecycle faster and cheaper. Here are the top 5 threats CISO must prioritise in 2026.
1. AI-Powered Phishing
Generative AI eliminated bad grammar from phishing emails. Attackers craft personalised spear-phishing in seconds using LinkedIn and company data. What to do: Run TRAP phishing simulations. Deploy AI-powered email security. Train Finance on BEC verification.
2. Ransomware-as-a-Service
312% increase in ransomware in 2025. LockBit, BlackCat, and Play ransomware affiliates all targeted Indian organisations. Manufacturing, healthcare, and logistics are primary targets. What to do: Deploy EDR/XDR with behavioural detection. Immutable backups. Network segmentation.
3. SEBI CSCRF Non-Compliance
SEBI CSCRF 2024 mandates specific technical controls, periodic CERT-In compatible VAPT, and board-level governance. SEBI is scrutinising compliance during inspections. What to do: SEBI CSCRF gap assessment. Automate compliance monitoring with TRAC. CERT-In empanelled VAPT.
4. DPDP Act Enforcement
The DPDP Act 2023 is enforceable with fines up to Rs.250 crore. Early enforcement actions are expected throughout 2026. What to do: DPDP gap assessment. Data inventory and RoPA creation. Consent management.
5. Supply Chain Attacks
Attackers target software vendors to gain access to hundreds of downstream customers simultaneously. What to do: Third-party vendor risk assessments. Restrict vendor access. Dark web monitoring for vendor mentions.
Your 2026 Priority List
- VAPT of critical web apps and APIs
- Phishing simulation training for all employees
- SEBI/DPDP compliance gap assessment
- EDR/XDR deployment on all endpoints
- Dark web monitoring
- Incident response tabletop exercise
Need Help With This?
Threat ResQ offers free 30-minute consultations on all topics covered in this article. Our certified experts give you a tailored action plan.
Book Free Consultation →