India’s micro, small and medium enterprises (MSMEs) are now mandated to undergo annual cybersecurity audits under new guidelines issued by the Indian Computer Emergency Response Team (CERT-In) on September 1, 2025. This move follows a broader July 25 policy requiring all public and private organizations to ensure comprehensive cybersecurity audits to safeguard India’s digital ecosystem. The MSME-specific framework establishes a minimum cybersecurity baseline with 15 elemental controls mapped to 45 security recommendations, focusing on asset inventories, network security, timely patching, strong access controls, and incident reporting within six hours. Audits must be conducted by CERT-In empaneled organizations to help MSMEs address sector-specific risks and evolving cyber threats, including ransomware and phishing. While this imposes additional compliance costs on MSMEs, it is a critical step for shielding these vital contributors to the nation’s economy, particularly given their increasing digital footprint and role in supply chains. This initiative significantly strengthens India’s cybersecurity resilience by ensuring smaller businesses adopt foundational safeguards that protect the broader economic structure.