A rise in spyware attacks is putting businesses in India at growing risk, according to global cybersecurity and digital privacy company Kaspersky.
In 2025, Kaspersky business solutions detected 369,445 spyware attacks targeting organisations in India, a sharp 72% increase compared to 214,407 detections recorded in 2024.
Spyware is a type of software that is secretly installed on a user’s computer to collect their data. Spyware’s surveillance activity leaves users open to data breaches and misuse of private, confidential data. Spyware also affects network and device performance, slowing down daily user activities.
It has emerged as one of the fastest-growing B2B threats in India, with Kaspersky recording a significant surge in detections targeting Indian businesses, underscoring the urgent need for organisations to strengthen their defences against this silent, data-stealing malware.
The threat is unfolding alongside India’s explosive digital growth by 2025, with internet connections crossing 100 crore, with UPI processing over 21 billion transactions worth ₹27 lakh crore in December 2025 alone, creating a vast and lucrative attack surface for threat actors. The Union Budget 2025 – 26 allocated ₹782 crore for cybersecurity, reflecting the government’s recognition of the growing threat to India’s digital infrastructure.
Adding to this urgency, India’s Digital Personal Data Protection (DPDP) Act, 2023, and DPDP Rules, 2025, now make spyware breaches a direct regulatory liability mandating explicit consent, prompt breach reporting, encryption, and periodic audits. Yet more than 83% of Indian organisations have not begun comprehensive DPDP implementation, leaving critical gaps that threat actors are well-positioned to exploit.
“Spyware is one of the most dangerous threats against Indian businesses today, precisely because it works in silence. By the time an organisation realises it has been compromised, sensitive data, strategic decisions, and corporate intelligence may already be in the hands of adversaries. India’s rapid digital expansion, its thriving IT and start-up ecosystem, and the accelerating digitisation of critical sectors like BFSI, manufacturing, and government services make it a high-value target.
A spyware incident is no longer just a security failure, it is a regulatory and reputational crisis that can have lasting consequences on business continuity and stakeholder trust. Organisations in India must move beyond reactive defences and adopt intelligence-led, AI-powered security solutions that can detect and disrupt threats before data is compromised,” says Jaydeep Singh, General Manager for India, Kaspersky.
Kaspersky’s findings highlight how spyware underpins modern cyberespionage by enabling attackers to quietly monitor systems, capture sensitive data, and track internal communications over extended periods. Designed for stealth and persistence, these tools allow threat actors to build a detailed picture of organisational activity and extract high-value intelligence, reinforcing the growing role of advanced spyware in long-term, targeted intelligence gathering.