India logged 265 million cyber attacks in a year, according to the India Cyber Threat Report 2026; the Indian Computer Emergency Response Team (CERT‑In) handled over 29.44 lakh incidents and issued 1,530 alerts, 390 vulnerability notes and 65 advisories 1.
Micro, small and medium enterprises (MSMEs) are disproportionately affected because they typically lack dedicated security teams and budgets, even as they form a large part of India’s economy 1.
Cybercriminals are increasingly using AI to carry out sophisticated social‑engineering scams: short audio clips can be used to clone voices for deepfake voicemail fraud, dynamic QR codes can switch from legitimate to fraudulent after the first scan, and compromised USB charging ports (juice jacking) can install malware on devices 1.
Common tactics that trap small businesses include urgent payment‑verification calls requesting OTPs, fake GST notices, e‑commerce account suspension scams, invoice manipulation and fraudulent payment‑gateway links — all designed to create false urgency and bypass judgment 1.
The 2025 Verizon Data Breach Investigations Report found that over 60% of breaches involve a human element, typically phishing or simple errors, with phishing figures close to 68% in observed cases 1.
ETCISO’s Nikhil Prabhakar stresses that many scam narratives exploit fear: government notices generally provide ample time to respond, and legitimate marketplaces do not suspend accounts without prior notice 1.
Prabhakar proposes a four‑step plan for MSMEs: enforce basic digital hygiene, train teams to recognise threats, secure infrastructure and implement robust processes to reduce exposure and respond faster to incidents 1.
ops.llm_calls. Every fact traces to a citation. If a fact looks wrong, write to corrections.