India’s MSMEs are rapidly adopting digital payments, cloud services and online business tools, but experts warn that their cybersecurity preparedness has not kept pace with the scale of emerging threats. With cybercriminals increasingly targeting smaller businesses, cybersecurity is now being viewed as a core business resilience and trust issue rather than only an IT concern.
Digital Payments Bring New Risks
Experts say the rapid growth of digital transactions has expanded the attack surface for small and medium enterprises. With billions of UPI transactions processed every month, businesses accepting digital payments have become potential targets for cybercriminals.
Government data indicates that more than 1.2 million UPI fraud cases were reported during the 2024-25 financial year, leading to alleged losses of about ₹981 crore. Cybersecurity specialists say fraudsters are using more organised methods as digital payments and online operations continue to grow.
Phishing and Fake Invoices Hit Small Businesses
One of the most common threats facing MSMEs is phishing through fraudulent emails or fake invoices. Attackers often send emails or attachments that appear genuine, prompting employees to click malicious links or files.
Once access is gained, fraudsters may compromise business email accounts and manipulate legitimate payment instructions, diverting funds to accounts under their control. Experts warn that such incidents can cause financial losses, operational disruption, reputational damage, customer trust issues and compliance concerns if personal data is compromised.
Stronger Cyber Controls Urged
Experts note that India’s cybersecurity framework has become more stringent with CERT-In’s cybersecurity directions and the Digital Personal Data Protection framework. Businesses are expected to strengthen data protection practices, improve cyber controls and follow incident reporting requirements within prescribed timelines.
Cybersecurity experts have urged MSMEs to adopt basic but effective safeguards such as regular software updates, multi-factor authentication, secure data backups, employee awareness training, email verification systems and periodic cybersecurity audits. They said even small businesses with limited budgets can reduce risk significantly by improving cyber hygiene.
