SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Sixty-eight percent of Indians faced phishing scams last year
Storage MFA Advanced Persistent Threat Protection

Sixty-eight percent of Indians faced phishing scams last year

Wed, 1st Oct 2025
Jed Nykolle Harme
JED NYKOLLE HARME Editor

A new survey has found that 68% of Indians have interacted with online phishing scams in the last year, highlighting significant cybersecurity challenges amid increased concerns about artificial intelligence (AI) and data security.

Yubico, a provider of hardware authentication security keys, commissioned Talker Research to survey 18,000 employed adults across nine countries. Of these, 2,000 respondents were from India. The survey examined cybersecurity habits in both professional and personal contexts and considered the impact of weak security practices and the rise of AI on cybersecurity threats.

Phishing incidents and data exposure

The study revealed a noticeable cybersecurity gap in India, with users often complacent about securing their online accounts. Geoff Schomburgk, Vice President for Asia Pacific and Japan at Yubico, addressed the findings directly:

"Our survey revealed a cybersecurity gap in India, where individuals are complacent about securing their own online accounts - and Indian organizations appear slow to adopt security best practices. It's not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact, a worrying 68% of Indian respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand in India."

The survey found that among Indians who interacted with phishing messages, 34% provided their email addresses and 32% disclosed phone numbers, underscoring the risk posed by data leakage from phishing attacks.

AI's involvement and threat escalation

Public concern regarding the use of AI in cyberattacks was also notably high, with 83% of Indian respondents expressing worry that AI could compromise the security of personal or business accounts. The complexity and sophistication of phishing attempts are believed by 72% of respondents to have increased as a result of AI technologies.

Schomburgk also commented on the intersection of digital growth and security risks in India:

"India's rapid digital adoption has opened new opportunities but also created fertile ground for cybercriminals. The survey shows that while Indians are aware of the risks, old habits like password reliance are still putting people and businesses in danger. Hardware security keys and passkeys offer the phishing-resistant protection needed for the AI era."

MFA adoption and challenges

Multi-factor authentication (MFA) usage remains steady in India, with 70% reporting MFA use for personal accounts. However, challenges persist. Forty-two percent of respondents said they lacked sufficient familiarity with MFA, while 30% believed the process is too time-consuming, and 18% cited a lack of technical knowledge as a barrier to adoption. The use of hardware security keys is showing a gradual increase, with 22% of respondents employing them for work use and 18% for personal use, marking a slight rise from the previous year.

Password dependence and training gaps

Despite increasing awareness of cyber risks, password usage continues as the predominant method of account authentication-59% for work accounts and 60% for personal accounts-even though just 39% consider usernames and passwords secure. Notably, 11% of respondents do not have MFA enabled for personal email accounts, which are often used to access a range of critical services including social media (60%), banking (49%), telecoms (33%), cloud storage (32%), and life insurance (33%).

While 72% believe their companies use MFA for all applications, 22% reported never having received any cybersecurity training from their employer.

The rise of modern authentication

Schomburgk stressed the significance of evolving cybersecurity measures in light of these findings:

"As cyber threats become more sophisticated, the good news is that the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum in India. Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a 'nice to have' and has quickly become essential for staying secure in our rapidly changing digital landscape."

The survey was conducted online between mid-August to late August 2025, using a random sample of 2,000 employed adults in each participating country including India, and covered a broad range of questions on personal and organisational cybersecurity behaviours.

Related stories
Identity stays top attack surface as threats broaden
AI advances are reshaping cyber risk, experts warn
Cohesity appoints Nigel Lee to lead APJ technical sales
Trustifi adds AI video training for MSP phishing drills
Firms warned on ransomware amid backup & AI sprawl
Top stories
Broadcom launches VMware Cloud Foundation 9.1 for AI
GitHub adds moderation tools for open source maintainers
Tanium launches Atlas to speed IT & security response
Microsoft tops phishing brand rankings in first quarter
Infoblox completes Axur takeover to boost threat defence