A sharp rise in spyware attacks is putting Indian organisations at significant risk, according to new findings released by global cybersecurity and digital privacy company Kaspersky.
In 2025, Kaspersky’s business security solutions detected 369,445 spyware attacks targeting organisations across India, marking a 72% year-on-year increase from 214,407 detections in 2024. The surge highlights spyware as one of the fastest-growing and most dangerous cyber threats facing Indian enterprises today.
Spyware, designed to secretly infiltrate systems and extract sensitive information, enables attackers to monitor user activity, capture confidential business data, and track internal communications without detection. Unlike traditional cyberattacks, spyware often operates silently, making it difficult to identify until significant damage has already been done. Beyond data theft, it can also degrade system and network performance, affecting daily operations.
“Spyware is one of the most dangerous threats against Indian businesses today, precisely because it works in silence.” – Jaydeep Singh, General Manager, India, Kaspersky
The surge in attacks coincides with India’s rapid digital expansion. With internet connectivity surpassing 100 crore users and digital transactions scaling at unprecedented levels, the country has become a prime target for cybercriminals. Critical sectors such as BFSI, manufacturing, and government services are increasingly being targeted, given the high value of their data and operations.
Regulatory developments have added another layer of urgency. Under the Digital Personal Data Protection (DPDP) Act, 2023 and associated rules introduced in 2025, spyware incidents can now result in regulatory penalties, requiring organisations to ensure data protection, breach reporting, and compliance. However, Kaspersky notes that over 83% of organisations are yet to fully implement DPDP requirements, leaving gaps that attackers can exploit.
Jaydeep Singh, General Manager for India at Kaspersky, warned that spyware incidents are no longer just IT issues but full-scale business risks impacting compliance, reputation, and continuity.
To mitigate risks, Kaspersky recommends that organisations adopt proactive security measures, including regular software updates, restricted exposure of remote services, use of advanced threat detection solutions, leveraging threat intelligence, and maintaining secure, isolated data backups.
The report underscores the need for Indian enterprises to move toward AI-powered, intelligence-led cybersecurity strategies to detect and neutralize threats before sensitive data is compromised.