Trend Micro Cyber Risk Report 2025: India’s Cyber Risk Profile Intensifies with AI-Driven Threats – CRN

Trend Micro Incorporated has released its Trend 2025 Cyber Risk Report, offering insights about India’s vulnerability in the face of evolving cyber threats. Findings reveal that India remains one of the most targeted countries globally across all threat vectors, particularly vulnerable to email and malware threats. The report looks at Trend Micro’s telemetry from 2024 to recognize exposures and understand attacker behaviour, enabling the implementation of countermeasures for the year ahead and transforming security from a challenge into a catalyst for innovation and business growth.

Email Threats: India’s Most Pressing Cybersecurity Concern
Email remains the top attack vector globally, with over 1.49 trillion threats detected. India alone contributed 6.9% of these incidents, underscoring the scale of the challenge. Within Asia, India was responsible for a staggering 23.92% of email-based threats, and a dominant 90.78% in Southern Asia, making it the primary hotspot in the region. In absolute numbers, India recorded over 1.03 billion email threats, reflecting its exposure across industries and the urgent need for improved email security infrastructure.

Malware and Ransomware Continue to Threaten Indian Enterprises
India remains a top target for cyber threats, ranking 3rd globally and 2nd in Asia with 19.3 million malware detections—accounting for 4.74% of global activity. The Banking, Financial Services, and Government sectors were most impacted, frequently targeted by malware families such as CoinMiner, FakeMS, and Mudyupdate.

With India accounting for 3.36% of global ransomware detections and a staggering 77.68% within Southern Asia, ransomware also remains a major concern in the region. In 2024 alone, 209,000 ransomware incidents were reported, with WannaCry (WCRY) being the most frequently observed variant. The continued success of such older threats points to ongoing gaps in patching and endpoint security across organisations.

Commenting on these findings, Sharda Tickoo, Country Manager for India & SAARC, Trend Micro, said: “India’s growing digital footprint makes it an attractive target for cybercriminals. From ransomware and malware to email threats, attackers are becoming more persistent and adaptive. With AI transforming the threat landscape, it’s crucial that businesses in India recognise the dual-edged nature of these technologies. Now is the time for proactive, intelligence-driven cybersecurity that goes beyond basic defenses.”

In addition to India-specific insights, the report offers a global perspective talking about notable uses of AI in cybercrime along with some notable APT campaigns. Some other key global highlights include:

⦁ AI-driven exploitation and deception: Threat actors are using generative AI for disinformation campaigns, phishing, and scams like pig butchering and virtual kidnapping. Deepfakes and malicious digital twins make these attacks more convincing and harder to detect. However, AI can also empower network defenders to better predict and prevent cyberattacks, such as via the industry-first security LLM ⦁ Trend Cybertron.
⦁ LLM and rogue AI risks: The OWASP Top 10 for LLMs that identifies the most critical web application security risks highlights vulnerabilities such as embedding weaknesses and misinformation. Rogue AI threats also arise from attacker manipulation, human error, or tech limitations.
⦁ Enhanced post-breach tactics: AI enables faster, large-scale reconnaissance by automating data extraction and analysis, helping cybercriminals identify victims and escalate attacks more efficiently.

Global & Regional Threat Patterns
⦁ Globally, email threats surged past 1.49 trillion, ransomware reached 6.23 million, and malware detections crossed 407 million
⦁ Asia witnessed over 430 billion email threats, with India contributing nearly a quarter
⦁ In Southern Asia, India dominated in all categories: 90.78% of email threats, 93.82% of malware, and 77.68% of ransomware
⦁ Organisations that adopted proactive security measures are achieving measurable reductions in cyber risk, recording an average score of 38.4 for the year on the Cyber Risk Index (CRI)*, a 6.2-point drop from 2023

To lower Cyber Risk Index, Trend Micro urges organisations to
⦁ Optimise security settings to maximise product features and get alerts on misconfigurations, vulnerabilities, and other risks. And leveraging native sensors/third-party sources to build a comprehensive view of the attack surface.
⦁ Contact the device and/or account owner when a risky event has been detected to verify and investigate using the Trend Vision OneTM Workbench search function.
⦁ Conduct an inventory of stale accounts to delete inactive and unused ones, disabling risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).
⦁ Apply the latest patches or upgrading application/OS versions regularly