Cybercrime in India: Rising Trends and Legal Framework

This article is written by Khushi Tayal, a student of Jiwaji University, Gwalior. This article evaluates and analyzes the present-day trends in the incidence of cybercrime in India, highlights the deficiencies in the existing legal structure, and also evaluates recent legislative enactments against cybercrime in the country. 

The emergence and growth of cybercrime in India have been dramatic in recent times, fueled by a high adoption rate of technologies, a lack of proper cybersecurity standards, and a widespread increase in the utilization of the internet. While conventional crimes escalate, new threats include high-end cybercrime activities such as ransomware, identity theft, financial hacking, and data theft targeting individuals, companies, and even governments. Although India has been progressive in enacting legislation against cybercrime, such as the ‘Information Technology Act, 2000, and subsequent enactments, the issue remains tackled inadequately and in a poorly coordinated manner. The absence of precise definitions under legislation, a lack of investigation capabilities, and a scarcity of digital awareness skills among law enforcement agencies have further impeded the issue. 

Background 

The rapid growth of the use of digital technologies in the country has dramatically changed how India operates, how businesses are conducted, and how people communicate among themselves. The Digital India program, penetration of the internet in the country, online banking, and the use of e-governance platforms have improved the efficiency and ease of operations in the country. However, the growth in the use of technology in the country has offered the criminals an opportunity to perpetrate their activities, making the country one of the victims of cybercrime in the world. The term “cybercrime,” which was originally used to refer to hacking, has come to be used to refer to sophisticated technological crimes, including online financial frauds, online identity thefts, and cyber terrorism.

The increase in the prevalence of cybercrime points to the critical vulnerabilities that have been revealed in the information technology structure of India’s cyberspace. The relatively low levels of awareness about cybersecurity, as well as the dearth of technological precautions, have all led to challenges in the reporting and prosecution of such offenses, especially in the context of the multinational scale of such crimes.

In dealing with the challenges, the IT Act 2000 plays the main role, supported by the Indian Penal Code. Here, the legal system provides the groundwork for managing cyber activities and punishing those who transgress. However, the system has been challenged by the transformative nature of cyber threats. 

Steps to prevent and control cybercrimes in India 

1. Strengthen and Update Cyber Laws: – India’s cyber-crime laws, especially the Information Technology Act 2000, have to be updated at the earliest to effectively tackle contemporary cyber-crime threats like ransomware, crypto scams, deepfakes, AI-related cyber-crimes, etc., by giving legal clarity to such crimes, increasing punitive measures, and updating legislation quickly enough.
2. Enhancing Cybercrime Investigation Capacity: – For effective control and tackling of cybercrime, it has become essential for law enforcement agencies to be technically sound and have specialized units at the district level, provide training for police and prosecutors, and set up advanced cyber forensic labs.
3. Proper Handling of Electronic Evidence: – There have been several instances where cybercrime cases failed due to improper collection and certification of electronic evidence. The proper compliance of Section 65-B of the Indian Evidence Act needs to be ensured with standardized evidence handling procedures and proper training of investigating officers.
4. Strengthening Intermediary Accountability: – The role of the online platforms, social media organizations, and payment intermediary services in the perpetration of cybercrimes is significant. The need to adhere to the due diligence provisions under Section 79 of the IT Act, timely removal of content, and cooperation in the enforcement of the law in preventing cybercrimes cannot be overstated.
5. Mandatory Reporting of Cyber Incidents: – Cybercrime underreporting inhibits proper policy and enforcement responses. Mandatory reporting burdens for financial institutions, companies, and digital service providers, coupled with an effective National Cyber Crime Reporting Portal and victim safeguarding mechanisms, significantly enhance the rates of detection of cyber offenses.

Case Laws 

1. Suhas Katti v. Tamil Nadu (2004) – First major conviction for cyber harassment and obscene online content under Section 67 of the IT Act. In this case, the accused sent emails with defamatory and obscene content using a false email id, and the courts also relied on electronic evidence under Section 65B of the Evidence Act. This was also one of the first cases that set the precedent for dealing with cyber harassment.
2. Shreya Singhal v. Union of India (2015) – Landmark constitutional judgment striking down Section 66A of the Information Technology Act, which criminalizes “offensive” speech in the form of online speech, is unconstitutional in its application to Article 19(1)(a) (the right to freedom of speech). Another part of Section 79, intermediary liability, is also interpreted to reinforce principles that intermediary sites are not liable for internet users who create content, due to due process requirements.
3. Avnish Bajaj v. State (NCT of Delhi) (2008) – Held intermediary (Bazee.com) liable under Section 67 of IT Act and Section 292 of IPC for sale of pornographic material on its platform. In this case, it gave more emphasis on Intermediary responsibility and made it clear that platform operators could be held liable for User-generated content if due diligence on their part is not exercised.
4. K. Ramajayam v. Inspector of Police (2022, Madras High Court) – Enforced the need for stringent compliance with the provisions of Section 65B of the Indian Evidence Act with regards to the admissibility of electronic evidence in cybercrime cases. The case reinforced the standards with regards to the production of electronic evidence. 

Conclusion

A new criminal challenge has appeared in India in the form of cybercrime, which has increased with the rapid advancement in the country’s IT landscape. Despite the presence of the IT Act, 2000, and the various laws and legal provisions that have been put in place, the subject has not kept pace with the increased volume, complexity, and international nature of cybercrime across the world. There is certainly considerable progress in the responses given by the judiciary, the government, the police, the media, the legal system, and others in controlling the surging problem of cybercrime in the country, but the many gaps in the enforcement, investigation, procurement, storage, and perception with regard to the subject have resulted in the problem creating concern for the legal system in the country in the years to come.

Frequently Asked Questions 

What is cybercrime?

Cybercrime is a term used to describe criminal acts involving computers, devices, and/or the internet, where technology is employed as a tool, victim, or both. This includes cybercrimes like hacking, cyber fraud, identity theft, cyber stalking, data breaches, among others.

What are the most common types of cybercrime in India?

The most common cybercrimes include online financial fraud, phishing, identity theft, ransomware, cyberstalking, online harassment, data theft, and unauthorized access to computer systems.

What are the important sections of the IT Act related to cybercrime?

The important sections are Section 43 (unauthorized access and damage), Section 66 (computer-related offenses), Section 67 (offenses of publication of obscene content), Section 69 (surveillance powers and government), and Section 79 (intermediary liabilities).

What was the impact of the Shreya Singhal case on cyber law?

The Supreme Court, through its ruling in Shreya Singhal v. Union of India (2015), struck down Section 66A of the IT Act for violating the freedom of speech, defined the meaning and role of intermediaries with Section 79, and strengthened the constitutional provisions.

How is electronic evidence treated in cybercrime cases?

Electronic evidence is admissible only if it complies with Section 65B of the Indian Evidence Act, which requires proper certification to ensure authenticity and reliability of digital records.

References 

• https://www.criminallawjournal.org/article/138/5-1-36-583.pdf
• https://ijlmh.com/wp-content/uploads/Cybercrime-in-India-Legal-Framework-and-Enforcement-Challenges.pdf
• https://journalijsra.com/sites/default/files/fulltext_pdf/IJSRA-2025-2812.pdf
• https://uja.in/blog/legal-chronicle/rise-of-cyber-crime-and-legal-mechanisms-in-india/
• https://www.linkedin.com/pulse/legal-perspective-cybercrime-india-lawsimpl-ai-olb4c