Cybersecurity incidents in India have seen a dramatic rise, with the number of cases reported to the Indian Computer Emergency Response Team (CERT-In) increasing more than fourfold between 2019 and 2023. Data shared by the Minister of State for Electronics and Information Technology, Jitin Prasad, in the Rajya Sabha on Friday revealed that while 394,499 incidents were reported in 2019, the figure skyrocketed to 1,592,917 in 2023.
The year 2020 saw the sharpest increase, with incidents nearly tripling from 394,499 in 2019 to 1,158,208. The numbers continued to rise in the following years, reaching 1,402,809 in 2021 and slightly dipping to 1,391,457 in 2022 before jumping again in 2023. The only exception was in 2022 when there was a marginal dip compared to 2021.
Additionally, the report highlighted a worrying trend in cybersecurity incidents affecting government organizations. Between 2019 and 2023, the number of such incidents more than doubled. In 2019, CERT-In recorded 85,797 incidents involving government bodies, which climbed to 204,844 by 2023, with a significant spike observed in 2022 when 192,439 incidents were reported.
CERT-In mandates that certain types of cybersecurity incidents, including data breaches, identity thefts, and attacks on digital payment systems, must be reported to the agency. These reporting requirements were reinforced in April 2022 with guidelines directing the mandatory disclosure of 20 specific types of incidents.
In a separate statement, Prasad assured the Rajya Sabha that there had been no breach of Aadhaar data from the Central Identities Data Repository (CIDR) maintained by the Unique Identification Authority of India (UIDAI). However, he refrained from commenting on allegations of data leaks, including a controversial claim regarding Aadhaar and passport details from the Indian Council of Medical Research (ICMR) database.