A rise in spyware attacks is putting businesses in India at growing risk, according to global cybersecurity and digital privacy company Kaspersky.
In 2025, Kaspersky business solutions detected 369,445 spyware attacks targeting organisations in India, a sharp 72% increase compared to 214,407 detections recorded in 2024.
Spyware is a type of software that is secretly installed on a user’s computer to collect their data. Spyware’s surveillance activity leaves users open to data breaches and misuse of private, confidential data. Spyware also affects network and device performance, slowing down daily user activities.
It has emerged as one of the fastest-growing B2B threats in India, with Kaspersky recording a significant surge in detections targeting Indian businesses, underscoring the urgent need for organisations to strengthen their defences against this silent, data-stealing malware.
The threat is unfolding alongside India's explosive digital growth by 2025, with internet connections crossing 100 crore, with UPI processing over 21 billion transactions worth ₹27 lakh crore in December 2025 alone, creating a vast and lucrative attack surface for threat actors. The Union Budget 2025 - 26 allocated ₹782 crore for cybersecurity, reflecting the government's recognition of the growing threat to India's digital infrastructure.
Adding to this urgency, India's Digital Personal Data Protection (DPDP) Act, 2023, and DPDP Rules, 2025, now make spyware breaches a direct regulatory liability mandating explicit consent, prompt breach reporting, encryption, and periodic audits. Yet more than 83% of Indian organisations have not begun comprehensive DPDP implementation, leaving critical gaps that threat actors are well-positioned to exploit.
"Spyware is one of the most dangerous threats against Indian businesses today, precisely because it works in silence. By the time an organisation realises it has been compromised, sensitive data, strategic decisions, and corporate intelligence may already be in the hands of adversaries.
India's rapid digital expansion, its thriving IT and start-up ecosystem, and the accelerating digitisation of critical sectors like BFSI, manufacturing, and government services make it a high-value target. A spyware incident is no longer just a security failure, it is a regulatory and reputational crisis that can have lasting consequences on business continuity and stakeholder trust. Organisations in India must move beyond reactive defences and adopt intelligence-led, AI-powered security solutions that can detect and disrupt threats before data is compromised," says Jaydeep Singh, General Manager for India, Kaspersky.
Kaspersky’s findings highlight how spyware underpins modern cyberespionage by enabling attackers to quietly monitor systems, capture sensitive data, and track internal communications over extended periods. Designed for stealth and persistence, these tools allow threat actors to build a detailed picture of organisational activity and extract high-value intelligence, reinforcing the growing role of advanced spyware in long-term, targeted intelligence gathering.
To reduce the risks of malicious spyware attacks, Kaspersky experts recommend organisations to:
Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities
Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them
Use advanced Kaspersky Next security products for comprehensive visibility across all company’s corporate infrastructure to rapidly hunt out, prioritize, investigate and neutralize complex threats and APT-like attacks
Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors
Back up corporate data regularly. Backups should be isolated from the network. Make sure you can quickly access the backups in an emergency if needed.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram