Indian websites, applications, and digital services are facing faster and more precise cyberattacks, with security systems intercepting more than 9 billion malicious attempts in 2025, according to Indusface. Its State of Application Security 2026 Report notes a 27 percent year-on-year increase in such incidents, reflecting the growing sophistication of cyber threats amid rapid digital transformation. 

Cybersecurity researchers highlight that attackers are no longer relying on prolonged operations. They are increasingly opting for rapid, focused attack bursts that take advantage of weaknesses in online systems, often striking before defences can be activated. 

Attack durations shrink to mere minutes  

A key change noted during the year is the reduced length of many attacks, with cyber incidents now unfolding over much shorter timeframes than before. 

According to security analysts, several recent attacks are extremely brief—often only two to three minutes long—but involve massive traffic from hundreds of thousands of IP addresses at once. These rapid assaults are usually directed at specific systems, including login mechanisms, payment processes, and sensitive data access points. 

Because they occur suddenly, produce intense traffic spikes, and disappear almost as quickly, such attacks are often difficult for security systems to identify promptly. 

Cybercrime evolves with the rise of AI and automation  

According to the report, cybercriminals are making growing use of automation and artificial intelligence to identify weaknesses in digital infrastructure, enabling faster and more targeted attacks. 

With the help of automation, attackers can conduct faster application scans and simultaneously test numerous access points. This allows them to quickly uncover vulnerabilities in systems and launch exploitation attempts before defensive measures are put in place. 

According to experts, the growing use of these techniques allows attackers to coordinate large-scale cyberattacks despite their brief duration. 

Cybercriminals increasingly focus on APIs  

Another key trend noted in the report is the rising attention on application programming interfaces (APIs), which are becoming an important focus for cyber threats. 

Acting as digital bridges between apps, websites, and backend infrastructure, APIs play a crucial role in modern digital ecosystems. As organisations grow their online offerings, APIs are increasingly responsible for handling transactions, user logins, and seamless data sharing. 

At the same time, their widespread use has made them increasingly appealing targets for malicious actors. 

Findings from 2025 indicate that API vulnerabilities were targeted more frequently, while APIs experienced a noticeably greater intensity of DDoS attacks than conventional web platforms. 

Small businesses under increasing cyber risk  

Findings from the analysis suggest that small and mid-sized businesses face a higher level of exposure to such threats. 

As businesses accelerate the development of digital platforms, security monitoring systems do not always keep up. This gap leaves smaller organisations particularly vulnerable, often exposing their APIs to greater attack volumes than their standard web interfaces. 

According to analysts, this disparity leaves organisations more susceptible to automated scanning techniques deployed by cybercriminals. 

Rising threats make cybersecurity a top business focus  

According to experts, the changing threat landscape is pushing organisations to rethink their strategies for securing digital systems and infrastructure. 

As cyberattacks become faster and more automated, conventional methods based on manual oversight are struggling to keep pace. This has led organisations to adopt real-time monitoring solutions and automated response mechanisms to improve threat detection and mitigation. 

With the rapid growth of mobile services, cloud infrastructure, and interconnected applications, protecting digital environments is increasingly seen as a critical business necessity. 

Experts highlight that the increasing role of automation and AI in cyber threats is forcing organisations to rapidly evolve their defence strategies. Given that APIs underpin most digital services today, their protection has become critical for safeguarding data, preventing disruptions, and preserving user confidence.