New Delhi: India’s nodal cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), is facing an acute shortage of personnel, as cyber incidents and threats rise sharply, a parliamentary committee report presented Monday revealed.
The Twenty-Fourth Report of the Standing Committee on Communications and Information Technology noted that CERT-In is “in urgent need of additional manpower to keep up with the rapid increase in the incidents and cyber security issues, urgent nature of incident response activities including onsite response, to sustain key current as well as planned new activities/projects and to address cyber security issues pertaining to emerging technologies and areas”.
The ministry informed the committee that CERT-In had already proposed creating additional posts, after which the expenditure department examined the proposal. A total of 192 scientific and technical posts and 22 non-technical posts had been sanctioned at various levels. “Actions are being taken for recruitment of sanctioned posts,” the ministry said in response, without specifying timelines.
The committee was dissatisfied with the answer. It “desired to be apprised of the outcome of the action taken in this regard”, which signals that the panel intends to follow up.
Regarding budgets, CERT-In’s allocation has seen steady growth, increasing from Rs 225 crore in 2023-24 to Rs 269 crore in 2026-27. In 2025-26, the agency’s allocation was increased at the revised estimates stage from Rs 255 crore to Rs 277 crore, due to additional requirements under the ICT equipment head. The ministry said the additional funds “will be utilised in full”.
Expenditure trends, however, show some slippage. After recording the use of 120 percent of the revised estimates in 2023-24 and 106 percent of the RE in 2024-25, actual spending dropped to 83 percent, as of December 2025. The parliamentary committee flagged this slippage.
CERT-In recorded over 2.04 million cyber incidents in India in 2024—a significant jump from 1.39 million in 2022—and the agency itself noted that the number of unreported cases is likely double the reported figure.
India has emerged as the second most targeted country for cyberattacks globally, behind the United States and Israel, with over 95 entities in banking, government, healthcare, and telecom confirmed as affected through dark web data alone.
Analysis of CERT-In’s own data showed that while older attack types, such as phishing and website defacement, have declined, there has been a surge in reconnaissance activity and more sophisticated, stealthy attacks targeting public-facing government portals and financial sector applications.
MeitY Secretary S. Krishnan, speaking at the launch of the CERT-In Digital Threat Report last year, noted, “The interconnected nature of the BFSI ecosystem means that a single cyberattack can have systemic repercussions, impacting multiple entities beyond the initial target.”
CERT-In’s mandate under Section 70B of the IT Act spans collecting and analysing cyber incident data, issuing advisories and vulnerability notes, coordinating emergency responses, and critically, sharing intelligence on real-time threats with overseas counterpart agencies and private cybersecurity firms.
The committee noted that this work “requires expenditure commensurate to achieve these objectives”, implying current resources may not match the scale of the challenge.
(Edited by Madhurita Goswami)