As India’s digital economy expands, so does its cyberattack surface — from personal smartphones and enterprise cloud systems to state infrastructure. While industry conversations often revolve around high-end tools, threat intelligence, and enterprise architecture, one cybersecurity founder argues that a more fundamental gap is holding the country back: awareness.
Khushhal Kaushik, Founder & CEO of Lisianthus Tech, believes India’s biggest digital vulnerability isn’t just outdated tools or regulatory lag — it’s the lack of a cyber-aware culture. From enterprise settings to classrooms, he says, users are adopting digital tools faster than they’re learning how to use them securely.
“We are using smartphones, but we’re not being smart,” says Kaushik. “People need to think before they click.”
From end-users to enterprises, the problem remains to a large extent with the users of the technology, explains Kaushik. He further states that the human factor remains the weakest link in most breaches. While he doesn’t cite specific breach statistics, his view echoes a widely accepted reality in the cybersecurity community: social engineering and user negligence are often easier to exploit than software vulnerabilities.
“If I (read ethical hacker) can’t hack the technology, I’ll try to play with the human mind,” he adds, referring to common tactics like phishing, baiting, or impersonation.
It’s a warning that’s particularly relevant as India sees rapid digitization — with increasing smartphone penetration and millions of new users coming online every year, often with limited exposure to digital literacy or cyber hygiene. Interestingly, this scenario extends into SMEs to large enterprises, wherein the technology adoption is rampant but the learning curve needed to make optimum utilization of technology is at a slower pace.
In many instances the half baked knowledge and information pertaining to the usage of technology has opened up avenues for external agents to exploit the loopholes to their advantage and cause immense financial losses. Across various departments, especially in SMEs, there are many end users who prefer to use free software for their processes and day to day operations. However, these freeware pose a serious security risk that many often overlook.
The Freeware Trap
As the number of Cyberaushik raises serious concerns on India’s widespread dependence on free or unofficial software — particularly in smaller businesses or budget-conscious public institutions.
“In cybersecurity, when something is free, the product is you,” he says. “We should prioritize licensed software and make sure it’s authentic and secure.”
While open-source and freeware tools have their place, Kaushik argues that blind dependence — especially without proper configuration or understanding — often backfires. He stresses the need for smarter procurement practices at organizations and better staff training to avoid such risks.
As per Proactive Data Systems, Indian enterprises are moving away from fragmented freeware stacks toward unified platforms that combine endpoint detection, identity verification, and network segmentation. This highlights a growing awareness of cybersecurity best practices. However, it also raises a serious concern: in the rush to consolidate and scale, many organizations are adopting these unified platforms without fully understanding how to configure or govern them effectively.
When security is treated as a checkbox in broader digital transformation efforts, it can create a false sense of protection. This becomes particularly risky at scale, where a single misconfiguration or untrained user can compromise entire networks, undoing the very efficiencies these platforms were meant to provide.
Scaling Securely: Infrastructure Alone Isn’t Enough
Kaushik believes many organizations rush to scale without investing in people. From cloud adoption to digital workplace tools, he says tech-driven decisions often move faster than security planning or employee readiness.
“Before scaling, first get the right people. Train them. Then use the right tools. That’s the order,” he insists.
He’s also critical of what he calls “patchwork planning”, where companies adopt new technologies without fully assessing whether they fit their existing systems or security posture. For him, secure scalability is less about speed and more about foundation.
This sentiment is one that resounds with many cybersecurity experts across the globe. In fact, as per a survey conducted by Zoho Workplace Digital Transformation Survey 2025, 47% of Indian employees use shadow IT for file sharing and storage which shows the lack of training or even worse, undermining the compliance requirements of the organization.
While these statistics paint a concerning picture of enterprise cybersecurity practices in India, it’s important to view them in context. The responsibility doesn’t lie solely with end users. Cyber awareness is not innate, it’s learned. In a country where the concept of digital privacy has historically lacked emphasis, many individuals have simply never been exposed to the idea that their data, credentials, or digital behaviour could have broader security implications.
Unlike regions where privacy is deeply embedded into public policy and societal norms, India is still evolving its relationship with data protection. The result is a gap – not of intent, but of exposure, one that underscores the need for thoughtful regulation, education, and leadership.
The Policy Gap — and Global Comparisons
Given the current state of cyber awareness, Kaushik doesn’t shy away from calling out India’s lack of cohesive cybersecurity regulation. While many states and central departments have issued advisories, the country still lacks a unified legal framework equivalent to the GDPR in Europe or the Cybersecurity Law in Singapore.
“We can’t compare ourselves with the US, UK, or Israel unless we build something at the same level,” he says. “Right now, our policies are weak — but our talent isn’t.”
He points to countries like Singapore and Australia as examples where stronger governance has accelerated better security practices across sectors.
To bridge this policy gap, India will require a multi-pronged approach: stronger central legislation, collaborative frameworks between public and private stakeholders, and widespread awareness efforts that help users understand not just how to be secure, but why it matters. Without this cultural and institutional shift, even the most advanced security tools will struggle to succeed.
It is here that Kaushik believes education and grassroots engagement will play a critical role, especially in a country as large, diverse, and digitally active as India.
Cyber Shikshit Bharat: Building from the Ground Up
To address the awareness gap, Kaushik and his team launched Cyber Shikshit Bharat, an initiative aimed at educating a broad spectrum of Indian users — from schoolchildren to corporates.
The campaign includes outreach programs at the school, college, government, and corporate levels, and is focused on spreading basic cybersecurity literacy. According to him, the program is also working with state governments to set up Centers of Excellence focused on India-made cybersecurity tools, including early-stage work on hardware testing and validation.
“Smartphones are in every hand — even in the hands of children. But cyber awareness isn’t,” he says. “That’s what Cyber Shikshit Bharat is trying to fix.”
The initiative plans to launch a cyber awareness mobile app and website, and Kaushik says a flagship event is scheduled for November 26, 2025, with outreach to public leaders and institutional partners.
Looking Ahead
Kaushik’s ideas may come across more grassroots than ground-breaking, but they reflect a growing concern among cybersecurity professionals: that awareness and behavior may ultimately matter more than any firewall or endpoint detection system.
As India continues to digitize, his call for a “cyber-aware India” offers a reminder — that in the race for tech adoption, the human layer must not be the last one we secure.
