By Govind Rammurthy, CEO & Managing Director, eScan
When India launched Operation Sindoor in May 2025, responding to the brutal Pahalgam terror attack, most Indians watched missile strikes on television. What they didn’t see, and what happened to transpire in the background: 200,000 simultaneous cyberattacks hammering the national power grid. The President’s website went dark for 19 hours. BSNL’s systems crashed for days.
Welcome to 2026, where military conflict and cyber warfare have become inseparable twins.
The Bill Comes Due in May
The Operation Sindoor attacks weren’t random chaos – they were precision-guided digital warfare. Seven Advanced Persistent Threat (APT) groups launched 1.5 million attacks over three days, deploying DDoS barrages, malware targeting SCADA systems, and sophisticated phishing disguised as government communications.
India’s defenses blocked 99.99% of these attacks. But that still left 150 successful breaches. And as Union Power Minister Manohar Lal Khattar noted, tracing attack origins is nearly impossible – they can originate “from any corner of the world.”
This matters because India’s critical infrastructure has never been more exposed. AIIMS Delhi was hit twice in seven months during 2022-23. The SPARSH portal breach in January 2024 exposed defense personnel data through a misconfigured cloud storage bucket – not a sophisticated exploit, just a checkbox that wasn’t checked.
AI Democratizes Advanced Attacks
Microsoft’s 2024 Digital Defense Report, analyzing 78 trillion security signals daily, found a 2.75x year-over-year increase in human-operated ransomware attacks, with AI enabling attackers to operate at unprecedented scale.
At eScan, where we protect government agencies across 90+ countries, we’ve observed this democratization firsthand. AI-powered tools now fingerprint systems, identify vulnerabilities, and deploy exploits faster than humans can read disclosure notices.
Consider the deepfake epidemic. In July 2025, doctored videos of Prime Minister Modi and Finance Minister Sitharaman promoting fraudulent platforms spread so convincingly that the government issued official warnings. A Pune resident lost ₹43 lakh to a deepfake of Infosys founder Narayana Murthy. The victim was technically literate. The forgery was just that good.
Supply Chains: The Hidden Vulnerability
The February 2025 Marks & Spencer breach demonstrated how trust relationships become liability chains. Attackers socially engineered TCS help desk staff in India, obtained credentials, and moved laterally into M&S’s systems. Breach cost: £300 million. Cost of the initial social engineering call: essentially zero.
Verizon’s 2024 Data Breach Investigations Reportfound supply chain attacks now account for 15% of all breaches, a 68% increase from the previous year. Our experience deploying eScan Enterprise DLP validates this: organizations increasingly request vendor risk assessment capabilities because their security is only as strong as their weakest third-party connection.
For India’s IT services sector- the global back office for countless enterprises – any compromise in Bangalore, Pune or Hyderabad can cascade worldwide.
Cloud and AI: The 2026 Convergence
IBM’s research revealed that 34% of breaches in India involved data on public clouds, with these incidents costing INR 227 million on average. Breaches spanning multiple environments took 327 days to identify and contain.
Microsoft’s 2025 Digital Defense Report warns that 97% of AI-related breaches occurred in organizations without proper AI access controls. At eScan, our enterprise EDR and XDR deployments increasingly note the rapid pace of modern attack volume and sophistication. The organizations thriving in 2026 will combine human expertise with AI-augmented defense – not bet on either alone.
The Reality Check
The AIIMS attacks disrupted hospital operations. Operation Sindoor triggered coordinated cyber warfare. The SPARSH breach exposed defense personnel data. These aren’t hypothetical scenarios – they happened in India, in the last three years.
Organizations thriving in 2026 will abandon the myth of impenetrable defenses. They’ll assume compromise, invest in rapid detection, and plan for containment. They’ll treat vendors as security dependencies and extend security thinking to every device touching corporate data.
Because the next Operation Sindoor won’t just target government websites. It’ll target the infrastructure keeping hospitals running, power flowing, and commerce functioning. And unlike military conflicts that eventually de-escalate, cyber threats compound.
