Cybercrime Spike in 2025: The Urgent Need for Digital Hygiene and Legal Reform

Author: Sarthak, National Law University

In 2025, India is facing an alarming surge in cybercrime, encompassing financial fraud, identity theft, phishing scams, ransomware attacks, and disinformation through deepfakes. According to the Indian Computer Emergency Response Team (CERT-In), cybercrime cases have escalated by over 30% compared to 2024—underscoring the critical need for robust digital hygiene practices and comprehensive legal reform.

India’s growing digital infrastructure—driven by initiatives like Digital India and increasing internet penetration—has created vast opportunities but also significant vulnerabilities. The legal foundation for cyber regulation in India is primarily grounded in the Information Technology Act, 2000, amended in 2008 to include cyber offences. However, with the digital threat landscape evolving at an exponential rate, the current legal regime is insufficient to deal with modern crimes involving AI-generated impersonations, cryptocurrency fraud, and dark web operations.

A major legal challenge is the lack of specificity in existing statutes. For instance, Sections 66C and 66D of the IT Act criminalize identity theft and cheating by impersonation using digital means. Yet, these provisions fall short in addressing AI-driven cybercrimes such as deepfakes, algorithmic manipulation, or synthetic media fraud. Compounding the issue is jurisdictional ambiguity, as many cybercrimes cross international digital borders, complicating investigation and enforcement.

In Harish Chand v. State (2024), the Delhi High Court emphasized the urgent need to overhaul India’s cyber laws, noting that the IT Act was outdated in the face of new-age digital threats. The Court also advocated for systemic efforts to improve digital literacy, especially as cyber threats become more sophisticated and socially engineered.

Digital hygiene—encompassing practices like using strong passwords, enabling two-factor authentication, avoiding suspicious links, and safeguarding personal data—is an essential line of defense. Unfortunately, public awareness remains low. The National Crime Records Bureau (NCRB) 2024 report revealed that over 60% of cybercrime victims were unaware of how their data was compromised.

India’s legal infrastructure also lacks a comprehensive and fully operational data protection law. While the Digital Personal Data Protection Act, 2023, marks a significant legislative milestone, it has yet to be fully implemented. Moreover, critics argue that it lacks sufficient provisions for proactive cybercrime prevention.⁵ In parallel, enforcement mechanisms remain fragmented. Cybercrime units across Indian states operate with varying degrees of capacity, and a centralized national cyber command center to coordinate and respond to high-level threats in real time is still absent.