One in Five ICS Systems in India Targeted by Malicious Activity in Q1 2025

Entrepreneur

23-05-2025

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
India's industrial sector is facing a wave of cyber threats, with nearly one in five operational technology systems compromised in early 2025. According to Kaspersky ICS CERT, 19.1 per cent of ICS computers in India encountered malicious activity, pointing to a growing vulnerability in the country's rapidly digitising infrastructure.
Globally, 21.9 per cent of ICS systems recorded malicious activity during the same period, highlighting the widespread nature of industrial cyber threats. In India, the internet remained the primary vector for OT threats, with 9.79 per cent of ICS computers exposed to online malware. Email-based threats followed at 1.47 per cent, while 0.71 per cent of infections stemmed from removable media such as USB drives. These entry points continue to serve as common infiltration pathways in OT environments, which typically remain less fortified than their IT counterparts.
Diverse sectors under threat
The biometrics sector faced the highest exposure, with 28.1 per cent of ICS machines detecting and blocking malicious objects. Other severely impacted industries included building automation (25 per cent), electric power (22.8 per cent), and construction (22.4 per cent), highlighting the vulnerability of India's infrastructure backbone.
"India is the second most targeted nation in terms of cyberthreats. What is needed is a comprehensive and collaborative response to counter adversaries who have grown in scale and sophistication. It's high time we moved beyond silos and developed an alliance where we can all share resources such as tools, talent, and infrastructure," said Pankit Desai, Co-founder of Sequretek.
"A collective voice holds greater sway in policy discussions, allowing for stronger engagement with government bodies and public-private cooperation. Sharing threat intel promptly is one such crucial aspect. In cybersecurity, visibility, prioritisation, and speed are everything," he believes, "By sharing real-time threat intelligence, cybersecurity providers can anticipate and neutralise attacks faster. A local threat database tailored to India's unique digital challenges can offer protection where global solutions fall short. Building trust through open and secure communication is fundamental in this high-stakes field."
Echoing this sentiment, Kunal Varma, CEO and Co-founder of Freo, added, "Private firms, digital platforms, and industrial bodies must work collaboratively on solutions whether that be developing superior AI to deter and flag manipulated content, or connecting threat intelligence with one another. Tech firms can also invest in rapid-response systems."
Common threat types
The most prevalent malicious content globally included scripts, phishing pages, and access to denylisted internet resources—methods often used to initiate infections or redirect users to attacker-controlled sites. Regions such as Southern Europe, Africa, and the Middle East experienced particularly high levels of phishing and script-based attacks.
Spyware and ransomware, though less frequent, remain serious threats. Spyware was blocked on over 7 per cent of ICS computers in Africa and above 6 per cent in Southern Europe and the Middle East. Ransomware activity, while not widespread, was notably present in East Asia, the Middle East, and Africa.
India, while not leading globally in any one threat category, continues to be a high-risk geography due to its rapid industrial digitisation and growing reliance on connected OT systems.
Desai emphasised on the "human malware" factor. "With human error being a major vulnerability, we, as cybersecurity practitioners, should lead efforts in cyber literacy. Digital awareness campaigns, particularly those in regional languages, will go a long way in building a robust digital defence. Small and medium enterprises, often the most vulnerable, require affordable training and risk audits to stay secure."