41% of India's Top Companies Are Prime Targets for Cyber Fraudsters; A Single Email Could Cost Crores!

India’s corporate landscape is sprinting toward full digitization, but this rapid transformation has left a gaping hole in the digital perimeter of even the country’s largest organizations.

 
Cyber Fraud news

RJ Kesari News Desk: According to a new study by the cybersecurity firm Proofpoint, 41% of India's Fortune 100 companies remain dangerously exposed to email-based fraud, leaving them—and their customers—vulnerable to sophisticated phishing and impersonation attacks.

While these organizations are household names—including giants like Reliance Industries, TCS, Wipro, and the State Bank of India—they are struggling to implement the strongest possible shields against cybercriminals who are becoming increasingly bold and technically advanced.

The Enforcement Gap: Why 41% Are at Risk

In June 2026, Proofpoint analyzed the implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) across India’s top 100 companies. DMARC is the industry-standard "gatekeeper" that verifies whether an email claiming to be from a company is genuine.

While it is promising that 97% of these top-tier firms have adopted some form of email authentication, the depth of this security varies wildly. The study reveals that:

  • 59% have implemented the recommended "Reject" policy—the strongest defense that automatically blocks unauthorized emails.

  • 32% use the less restrictive "Quarantine" policy.

  • 6% are still only in the "Monitor" phase, offering virtually no active defense against impersonation.

This leaves 41% of companies falling short of the strictest protection levels, effectively leaving the front door unlocked for attackers to spoof their corporate domains.

Why DMARC Is Your Best Defense

Cybercriminals don't need to hack into a company's internal server to cause damage; they simply need to pretend to be the company. By exploiting the lack of a strict "Reject" policy, attackers can send hyper-realistic emails that appear to originate from a company’s official domain.

These fraudulent emails are often used for Business Email Compromise (BEC), where attackers trick employees or customers into sharing sensitive credentials, redirecting payments, or downloading malware. Once a single employee clicks a malicious link, the resulting financial or reputational damage can reach into the crores.

The AI Threat Multiplier

The urgency to fix these security gaps has never been higher, as the threat landscape is shifting under the influence of Generative AI. Criminals are now using AI tools to:

  • Automate Phishing: Generating high-volume, personalized phishing campaigns in seconds.

  • Hyper-Realistic Impersonation: Creating convincing fake communications that mimic the tone and style of senior executives.

  • Scale Operations: Exploiting trusted corporate brands more effectively than ever before.

This comes at a time when cybercrime in India is already surging. Official data indicates a 24% increase in cybercrime cases during 2025, driven by increasingly complex technologies used for identity theft and sophisticated financial fraud.

Tags

From Around the web