By Diwakar Dayal, Managing Director & Area Vice President – India & SAARC, SentinelOne
Cybercrime is expanding in India. Between 2022 and 2024, reported cyber incidents more than doubled. This indicates both an increase in attacks and more willingness to report incidents. Reading between the lines, one could also surmise that threat actors are scaling attacks with a focus on the tactical repeatability of tried and tested methods, rather than developing new attack vectors.
Artificial intelligence (AI) has played a role in this shift, albeit not in as dramatic a way as many had expected. By 2025, AI had established itself as a practical support tool in cyber operations. Instead of replacing older tactics, it helps criminals run them faster and at higher volume. Large language models (LLMs) now assist in writing phishing emails, developing social engineering scripts, and automating tasks that were previously completely manual. Attackers also rely heavily on common online tools like chat apps, public publishing sites, and commercial APIs, which now form part of everyday criminal workflows due to their reach and efficiency.
Gradual Evolution of Threats and Operational Maturity
Cybercrime has evolved gradually. Credential theft, ransomware, and crypto fraud now operate through structured processes with repeatable steps and clear profit paths, underscoring that the AI era has prompted more organisation on the part of cybercriminals, rather than the arrival of a new threat model.
AI reinforces this maturity by accelerating familiar attacks. Automated writing tools allow phishing waves to be launched quickly and at scale. Some systems generate tailored spam for website forms or chat windows, while others help produce malicious code or bypass checks like CAPTCHAs. By lowering the effort needed to run known attacks, these tools make it easier for both advanced groups and less skilled actors to expand their reach.
The defining change is speed. Core techniques remain the same, but they can now be executed faster, automated more easily, and targeted to far bigger audiences.
The Rise of Industrial-Scale Cybercrime
Cybercrime operations are becoming larger and more organised. Investigations into crypto phishing schemes have uncovered campaigns that use tens of thousands of subdomains on free publishing platforms to spread fake pages. This infrastructure allows scams to run continuously and at scale, sometimes costing victims large sums.
Such operations often resemble organised commercial enterprises. Teams may work in shifts, follow internal rules, and use systems to manage stolen data or funds. Evidence from credential-stealing malware networks and phishing supply chains shows cybercrime functioning as a coordinated industry supported by specialist tools and distribution channels.
Legitimate digital services play a key role. Cloud hosting, messaging platforms, and public publishing tools offer scalable environments where malicious activity can blend into normal traffic. At the same time, criminal groups and state-linked actors monitor the same open intelligence sources that defenders use. Shared research and threat reports can give reconnaissance value, narrowing the gap between attackers and security teams and making detection harder.
Why India Faces Heightened Exposure
India’s fast-growing digital economy increases this risk. A large online population and rapid adoption of digital services create many entry points for attackers to target at scale. Automation, along with trusted infrastructure, allows campaigns to reach thousands of users or websites at once.
Financial systems remain prime targets. Profit-driven attacks frequently focus on digital payments, online banking, and cryptocurrency platforms. Criminals can steal funds or login credentials using phishing links, trusted messaging channels, or malicious smart contracts. As participation in digital finance expands, so does the potential return for attackers.
While public awareness and cybersecurity skills are improving, the pace of digital adoption may put pressure on readiness. Reports of hundreds of millions of blocked attacks and malware detections in recent years show how closely hostile activity tracks with the country’s digital growth. Exposure depends not only on technical weaknesses, but also on how quickly new digital services spread across the economy.
Implications for Trust and Defence in 2026
In 2026, organisations are likely to face attacks that move faster, combine financial and strategic motives, and demonstrate greater coordination. AI-supported automation and large-scale criminal structures mean familiar tactics can now be deployed with far greater reach.
This shift challenges how trust is assessed online. As attackers misuse legitimate platforms and understand security practices, traditional signals such as infrastructure reputation or surface-level authenticity may provide less protection. Defence strategies may need to rely more on behavioural patterns, operational context, and real-time analysis instead of static indicators alone.
Cyber threats are evolving through continuity rather than through disruption. Phishing, fraud, and credential theft remain central, but they are executed with greater automation, organisation, and scale. For Indian businesses and policymakers, the key issue entering 2026 is alignment: defensive capabilities, workforce skills, and response systems must operate with speed and coordination comparable to the cybercrime operations they face.