Within a span of days, two of India’s biggest manufacturers found themselves battling cyber threats. Bajaj Auto disclosed that a ransomware attack had disrupted parts of its IT systems, while Tata Electronics reportedly suffered a cyberattack that allegedly exposed sensitive data linked to global clients, including Apple and Tesla.
The incidents highlight that cybercriminals are increasingly targeting businesses where a single successful attack can halt operations, expose valuable data and potentially fetch much larger payouts. From ransomware and payment fraud to vendor impersonation and data theft, companies are becoming some of the most lucrative targets for organised cybercrime. Why are businesses now in the crosshairs?
According to The World Economic Forum’s Global Cybersecurity Outlook 2025, nearly three-quarters of organisations globally reported an increase in cyber risks over the past year, while IBM’s latest Cost of a Data Breach report estimates the global average cost of a breach at nearly $5 million. In India, CERT-In handled more than 2.9 million cyber incidents in 2025, underlining the scale of the challenge.
Security experts say cybercrime has evolved into a business model of its own. Organised groups now specialise in gaining initial access to corporate networks, stealing credentials, deploying ransomware, impersonating vendors and monetising stolen data, often working as interconnected criminal ecosystems rather than isolated hackers.
Bigger companies, bigger rewards
“The landscape has evolved from random attacks targeting individuals to well-planned operations aimed at businesses,” Manish Chachada, Co-founder and COO of Cyble, told Business Standard. Cybercriminals, he said, have realised that compromising one organisation can generate far greater profits than attacking thousands of consumers.
Ashish Chandra, Global AI Thought Leader and Partner at KPMG, said businesses have become the primary target because they represent “concentrated digital value”, holding business-critical data, intellectual property, AI assets, and operational systems that can all be monetised.
Experts highlighted that organised cybercriminals deliberately target companies because downtime translates directly into financial pressure. They further added that rapid adoption of cloud computing, AI, and hybrid working has significantly expanded the corporate attack surface.
More than just stolen data
Unlike individuals, businesses store multiple forms of high-value information under one roof, including customer records, payment information, employee data, contracts, intellectual property, and confidential communications. At the same time, nearly every business function now depends on digital systems.
“The disruption of business operations remains the greatest concern,” Chachada said. “Each hour spent inactive can result in lost income, delays in operations and harm to customer relationships.” In sectors such as manufacturing, banking, and healthcare, even a few hours of downtime can translate into significant revenue losses, contractual penalties and operational paralysis.
How cybercriminals break into businesses
Ransomware may dominate headlines, but security experts say modern attacks rarely rely on a single technique. Instead, attackers combine phishing, credential theft, business email compromise (BEC), vendor impersonation, and data theft before deploying ransomware or launching extortion campaigns.
According to Pankit Desai, Co-founder and CEO of Sequretek, business email compromise, often referred to as the “boss scam”, has become one of the fastest-growing threats. Attackers impersonate senior executives, finance heads, or vendors to trick employees into transferring funds or sharing confidential information.
Credential theft has emerged as another preferred entry point. Rather than breaking into systems, attackers increasingly log in using usernames and passwords stolen through phishing campaigns, malware, or compromised cloud accounts.
Another emerging trend is “double extortion”. Instead of simply encrypting systems, attackers first steal sensitive corporate information and then threaten to publish it if the victim refuses to pay.
“We’re seeing attackers skip encryption altogether in some cases and rely solely on data theft for leverage,” Swapna Bapat, Vice President & Managing Director, India and Saarc, Palo Alto Networks, said, highlighting how quickly corporate cybercrime continues to evolve.
Why MSMEs remain the easiest targets
Experts say if large enterprises promise bigger rewards, MSMEs often offer easier entry points. As smaller businesses rapidly digitise through cloud software, digital payments, online banking, and e-commerce, many continue to operate without dedicated cybersecurity teams or structured cyber governance. Limited budgets, reliance on third-party software, and low employee awareness often make them more vulnerable to attacks.
Riddhesh Ganatra, Co-founder and CTO of mple AI, said many startups and MSMEs mistakenly believe they are too small to attract attackers. “In reality, cyber threats increase as businesses grow. Budget constraints matter, but awareness is often the bigger challenge.”
However, Arun Poojari, CEO and Co-founder of Cashinvoice, believes effective cyber hygiene does not always require significant investment. Multi-factor authentication, regular software updates, employee training, verified payment approvals, and offline backups can substantially reduce risk.
Experts also caution that smaller firms are increasingly becoming indirect targets. Since they are closely connected to larger companies through vendors, cloud platforms and digital supply chains, compromising one small business can provide attackers with a pathway into a much larger enterprise.
Cyber insurance gains ground
“As cyber incidents become more expensive, cyber insurance has become an integral part of large enterprises’ risk management strategy,” Chachada said. “Many MSMEs have also started adopting it, but for most small businesses, it is still viewed as optional until after an incident.”
Most policies typically cover forensic investigations, incident response, legal expenses, business interruption, data recovery, and regulatory support. However, insurers have also become more selective.
“Insurance providers are no longer asking only whether companies have cybersecurity controls. They increasingly want evidence that those controls are working,” said Ashish Tandon, Founder and CEO of Indusface. Organisations that fail to patch known vulnerabilities or maintain basic cyber hygiene may struggle to obtain favourable premiums or even have claims honoured.
JP Mishra of Deep Algorithms added that insurers now routinely assess cyber maturity before underwriting policies, with capabilities such as multi-factor authentication, endpoint detection, secure backups, and incident response planning becoming baseline requirements.
Cybersecurity is becoming a growth industry
The surge in cyber threats has also fuelled demand for specialised cybersecurity services.
Companies are increasingly investing in managed security operations centres (SOCs), threat intelligence, identity management, cloud security, ransomware preparedness and incident response, rather than relying solely on traditional firewalls and antivirus software.
“Organisations are realising that preventive tools alone are no longer enough,” Chachada said. “They are investing in continuous monitoring, threat intelligence and managed detection and response.”
Chandra said spending is increasingly shifting towards identity security, cyber resilience, and AI governance, while Bapat noted that companies are consolidating multiple security products into integrated platforms to reduce blind spots that attackers can exploit.
The reporting gap masks the true scale
According to experts, many companies still avoid reporting incidents promptly because of concerns over reputational damage, customer confidence, regulatory scrutiny and investor reaction.
“Under-reporting remains one of the biggest challenges in cybercrime management,” Chandra said. Delayed disclosure often worsens the situation by hampering forensic investigations, evidence preservation, and recovery efforts.
Bapat warned that delays frequently work in the attackers’ favour. “By the time organisations report an incident, threat actors may already have moved laterally, erased evidence or compromised other businesses in the same supply chain.”
The result, experts say, is that the real scale of corporate cybercrime is likely far larger than reported statistics suggest.
AI is reshaping the cyber battlefield
Pankit Desai believes the industry has entered a new phase where AI is compressing the time needed to identify vulnerabilities and launch attacks. “This is not a futuristic threat. It is a live operational challenge defined by speed, scale and asymmetry,” he said, warning that AI can combine several seemingly low-risk vulnerabilities into sophisticated attack chains that many organisations may overlook.
JP Mishra described the current landscape as an “AI versus AI” environment. As attackers increasingly deploy AI-generated phishing campaigns, executive impersonation and deepfake content, organisations will need AI-powered identity security and continuous monitoring to defend themselves.
Cybersecurity moves into the boardroom
According to Sumit Sengar, Cheif Business Officer at SparxIT, a digital transformation company, cybersecurity is now being discussed alongside financial, operational and legal risks. Boards and audit committees are taking a more active role as cyber incidents increasingly affect revenue, customer trust and regulatory compliance.
Experts highlighted that the companies best placed to manage this risk may not necessarily be those that spend the most on cybersecurity, but those that embed it into business strategy, governance and day-to-day operations. In an economy where digital infrastructure underpins almost every aspect of commerce, cyber resilience is fast becoming as critical as financial discipline or operational efficiency.
