India’s energy sector is facing an escalating cybersecurity threat landscape, with digital vulnerabilities posing the top risk amid rapid digitalisation and interconnected systems. The sector’s growing reliance on technologies like smart grids, IoT devices, and AI-powered tools expands the attack surface, exposing critical infrastructure to sophisticated cyberattacks, including those from state-sponsored actors. In 2025, incidents such as the cyberattack on Central Coalfields Limited, a Coal India subsidiary targeted on May 7, signaled a strategic shift towards hitting upstream fuel supply chains rather than just power grids. India has reported a staggering 278% rise in cyber incidents affecting the power segment from 2018 to 2022, including over 200,000 cyberattacks during recent India-Pakistan tensions. The sector’s blend of legacy technology and new digital systems, combined with supply chain vulnerabilities and a shortage of IT-OT cybersecurity professionals, amplifies risk. In response, India is moving towards stricter cybersecurity laws effective 2026, mandating equipment security clearances and regular audits to safeguard this critical infrastructure vital to national security and economic stability. Collaboration and robust defense mechanisms are urgently required to build energy sector cyber resilience.