India’s Cyber Frontline: Corporate Duty Now

In May, weeks after the Pahalgam attack, cybersecurity teams at India’s major stock exchanges faced a silent siege — no sirens, just malware and rogue data. 
Pakistani-backed groups like APT36 launched coordinated phishing, DDoS, and defacement campaigns, aiming to fracture public trust. As PwC warns, cyberattacks have become extensions of geopolitical strategy.

While India, conducted nationwide civil defense drills, the corporate sector lacks its digital counterpart. 

SEBI’s Cybersecurity and Cyber Resilience Framework  now mandates Incident Response Plans  and regular cyber simulations. 

Every firm, even those outside SEBI’s scope, must see this as the new standard.

A strong Incident Response Plan — covering preparation, detection, containment, eradication, recovery, and post-incident review — is critical. 

Compliance isn’t optional; CERT-In requires breach reporting within six hours, and DPDP penalties can reach ₹250 crore.

But plans on paper won’t suffice. 

Real-world cyber drills must involve IT, legal, and PR teams, simulating failure, not just success.

Cyberwarfare is the new normal. 

The battleground extends from borders to your servers. 
Corporate India must recognize its frontline role — not tomorrow, but today. 
Rehearse breaches, build defenses, and prepare leaders.
When the next wave strikes, there’s no room for first-time readers of the manual.