India witnessed an alarming surge in cyber threats in the first half of 2025, with Indusface reporting that its AppTrana WAAP platform blocked over 4.26 billion attacks. This marks a 15% increase compared to the same period in 2024, with each enterprise website facing an average of 4.1 million attacks. The findings from the company’s State of Application Security – India H1 2025 Report underline the rising intensity and sophistication of threats, as attackers increasingly move from high-volume disruption to precision exploits, often weaponizing zero-day vulnerabilities within days of discovery.

APIs have emerged as the most critical attack surface, recording a 126% rise in targeted incidents and totalling more than 1.36 billion attacks during the period. API vulnerability exploitation surged 13 times year-on-year, while DDoS incidents against API hosts jumped 388% per site. In comparison, website attacks rose by 11%, with vulnerability exploits up 26% and DDoS activity increasing 15%. Indusface noted that 62% of attacks were mitigated by custom rules tailored to specific applications, reflecting the targeted nature of the assaults, while 38% were blocked through default protections.

The persistence of bot and DDoS activity continues to strain enterprises. More than 1.51 billion DDoS attacks were stopped in H1 2025, impacting 70% of monitored sites, while 90% of websites experienced bot traffic, accounting for 45.3 million incidents. India now ranks among the top five global sources and targets of application-layer attacks, with traffic originating largely from India itself, followed by the United States, France, Singapore, and Germany.

Sectoral analysis revealed sharp variations in impact. Insurance recorded a 309% rise in overall attacks, including a 350% surge in DDoS and a tenfold increase in vulnerability exploits. Manufacturing reported a 311% increase, with DDoS up 427% and vulnerability exploitation up 459%. Banking and financial services faced a 14% rise in overall incidents, vulnerability exploitation growing 46% and DDoS spiking 172% during Operation Sindoor, highlighting how geopolitical events exacerbate sector-specific risks. Healthcare saw a 247% increase in targeted attacks, with every monitored site hit by bots, while retail and e-commerce experienced a 420% rise in DDoS incidents alongside a 127% spike in vulnerability exploitation. Small and mid-sized businesses were disproportionately impacted, facing 202% more website attacks, 74 times more API attacks, and 121 times more API DDoS incidents than large enterprises.

The report also underscored vulnerabilities as a persistent weakness. A total of 18,000 critical and high-severity flaws were detected across Indian applications in H1 2025, with one-third left unpatched for over six months. Zero-day vulnerabilities rose steeply to 3,508, compared to 1,265 during the same period in 2024. While AppTrana customers benefited from 100% protection against these exploits—98% through default rules and the rest via custom mitigations—the broader industry remains highly exposed.

Commenting on the findings, Indusface Founder and CEO Ashish Tandon said APIs have now become one of the biggest risk surfaces for enterprises due to extensive third-party integrations and sensitive data flows. “Vulnerability attacks, especially on APIs, have surged 13x compared to last year. Through our exploit analytics, we’ve given enterprises unmatched visibility into these attacks and blocked them instantly using autonomous vulnerability remediation,” he said. He added that AI has been critical in shrinking mean time to remediate from months to days, enabling customers to generate zero-vulnerability reports in just 12 hours—an essential advantage as attackers weaponize new flaws within 48 hours of disclosure.

The business impact of adopting managed WAAP services also came into focus. Indusface’s ROI analysis showed Indian enterprises achieved annual savings of up to ₹21 lakhs through faster remediation cycles, reduced reliance on internal teams, and uninterrupted DDoS and bot mitigation, which minimized outage-related losses and avoided compliance penalties. The study estimated that DDoS monitoring cost avoidance alone delivered savings of up to 40% compared to traditional in-house incident response frameworks.

With regulators like SEBI and RBI intensifying their scrutiny, the report concluded that faster detection, real-time patching, and continuous monitoring are now critical imperatives for Indian enterprises. For SMEs in particular, managed WAAP solutions equipped with AI-driven bot mitigation, adaptive DDoS defense, and automated vulnerability management will be essential to withstand the mounting wave of application-layer threats in the months ahead.