For the first time, the Data Security Council of India assembled a joint task force to source threat intelligence at the origin and ensure coordinated action across the cybersecurity spectrum.
Cyberattacks on Indian businesses spiked dramatically -- rising by up to three times -- following the launch of Operation Sindoor, according to industry estimates.
Yet, most organisations successfully repelled the onslaught with minimal breaches because of coordinated efforts between government agencies, industry bodies, and private cybersecurity firms.
For the first time, the Data Security Council of India (DSCI) -- a not-for-profit industry body for data protection -- assembled a joint task force of stakeholders including private sector players to source threat intelligence at the origin and ensure coordinated action across the cybersecurity spectrum.
This was activated in anticipation of retaliation to the military action against Pakistan-based terrorists, allowing real-time intelligence sharing about threat actors and swift response.
Setup by Nasscom, the DSCI engages with governments and their agencies, regulators, industry sectors, industry associations, and think-tanks for policy advocacy, capacity building, and outreach activities.
"This is the first time we saw concentrated support and information outreach from a variety of departmental organisations, as well as private companies. The DSCI created a task force where intel was shared on a regular basis about notorious actors, so threat profiles were constantly updated," said an industry source with knowledge of the matter.
A senior executive at a cybersecurity firm said: "A lot of information was being shared. Otherwise, we would have done what we normally do -- protect our clients, but from just one point of view."
"In this case, as many started sharing information, we began updating our threat profile and then the scenario changed," the executive said.
Amid heightened tensions between India and Pakistan, the ministry of electronics and information technology (Meity) also issued a critical advisory warning of a sophisticated cyber threat campaign targeting organisations in the banking, financial services and insurance (BFSI) sector.
Cybersecurity experts noted that while regulated industries ramped up efforts to detect disruptions, enterprises also took proactive steps.
Sundareshwar Krishnamurthy, partner and cybersecurity leader at PwC India, said organisations had taken a more proactive approach in responding to the threat.
"In response, organisations have implemented various measures including enhanced threat detection and remediation, heightened monitoring for better detection and improved communication between various internal and external stakeholders," Krishnamurthy said.
"Many have also conducted cyber-simulation drills and red team assessments to stress-test the resilience of their infrastructure," added Krishnamurthy.
Many conglomerates sent out internal communications warning employees about potential cyberattacks, including phishing attempts, while reinforcing the importance of secure networks.
Staff were also instructed to follow mandatory cybersecurity protocols.
'Avoid connecting to public or unsecured wi-fi networks (such as those belonging to hotels and airports) for work-related tasks. Instead, use your own mobile phone hotspot in such situations,' read one advisory from a major conglomerate, issued shortly after the India-Pakistan conflict began.
Employees were also urged to use only authorised and licensed software. Some firms instructed staff to conduct office-related work solely on mobile phones equipped with company-approved software.
T V Narendran, managing director and chief executive, Tata Steel, told Business Standard that the company had long prioritised cyber defences.
"Irrespective of this incident, we are constantly beefing up our cybersecurity, and we have been doing this for many years," he said.
Firms providing cybersecurity services added that clients and enterprises had also begun actively auditing vendor environments to assess their disaster recovery (DR) preparedness.
"We were asked to show how prepared we are if things break down. What was our Plan B? How will we be able to continue to offer our services? Every type of contingency was being checked. This is the first time that the intensity of physical audits was really high," said a senior executive of a security services provider firm.
That vigilance, the executive added, may have been key to maintaining operational stability.
"Yes, some government Web sites were down, but operationally, nothing major went offline," he said.
"What we've established this time around as a preparedness process, I think, needs to continue in the mainstream. My fear is that three or four months down the line, the focus may fade. This should not be a one-off. The geopolitical issues will not die down -- new ones will keep arising," said Pankit Desai, co-founder and CEO of Sequretek.
Another senior cybersecurity expert said hackers might have targeted government Web sites more this time, but future attacks could be on private enterprises.
"We're also seeing a lot of AI bot-led attacks, and that's what happened during this period," the expert said.
In a recent development, Maharashtra Cyber reportedly identified seven advanced persistent threat (APT) groups responsible for over 1.5 million cyberattacks on critical infrastructure Web sites across India following the April 22 Pahalgam terrorist attacks, according to a PTI report.
Of these, only 150 attacks were successful -- reflecting a failure rate of 99.99 per cent, the report noted.
Feature Presentation: Rajesh Alva/Rediff
© 2025