AI Cyberattack Risks: MSMEs Alert
Updated: 02 Jul 2026 · For: CISOs, CTOs and GCs at regulated tech companies
What changed
The increasing use of Artificial Intelligence (AI) in cyberattacks poses significant risks to Micro, Small, Medium Enterprises (MSMEs) in India. The potential consequences of such attacks can be devastating, including financial loss, reputational damage, and legal liabilities. This piece explores the practical steps that founders, CISOs, CTOs, and GCs at regulated tech companies can take to secure their systems and protect their businesses from AI-driven cyber threats.
What the law is (plain English)
Under the Digital Personal Data Protection Act, 2023, organizations have a duty to protect personal data from unauthorized access, disclosure, or breach. While the Act does not specifically address AI-driven cyberattacks, it emphasizes the importance of implementing robust security measures to prevent such incidents. The Indian Contract Act, 1872, also plays a crucial role in cybersecurity, as contracts between organizations and their service providers or vendors often involve data sharing and processing. Organizations must ensure that their contracts include adequate provisions for data protection and cybersecurity to minimize the risk of cyberattacks.
What it means in practice
In conclusion, the threat of AI-driven cyberattacks is real, and MSMEs in India must take proactive steps to protect themselves. By understanding the legal framework, adopting best practices, and staying informed about the latest threats and technologies, organizations can minimize their risk and ensure business continuity.
What founders should do this week
- **Conduct regular security audits**: to identify vulnerabilities and weaknesses in the system
- **Implement AI-powered security tools**: to detect and respond to AI-driven cyber threats
- **Develop incident response plans**: to quickly respond to and contain cyber incidents
- **Provide cybersecurity training**: to employees to raise awareness and prevent human error
- **Engage with cybersecurity experts**: to stay updated on the latest threats and best practices
- **Review and update contracts**: to ensure adequate provisions for data protection and cybersecurity
What can wait
- Policy rewrites that do not affect live product behaviour
- Board-level strategy shifts until applicability is confirmed
When to call counsel
- The update touches licensing, personal data at scale, or payment flows
- A customer or investor asks for a formal legal opinion on impact
- You have an inspection, transaction, or funding close inside 30 days
Founder FAQ
What are the potential consequences of AI-driven cyberattacks on MSMEs?
The potential consequences can be devastating, including financial loss, reputational damage, and legal liabilities.
What are some best practices for MSMEs to protect themselves from AI-driven cyber threats?
Some best practices include conducting regular security audits, implementing AI-powered security tools, developing incident response plans, providing cybersecurity training, engaging with cybersecurity experts, and reviewing and updating contracts.
What is the role of the Indian Contract Act, 1872, in cybersecurity?
The Indian Contract Act, 1872, plays a crucial role in cybersecurity, as contracts between organizations and their service providers or vendors often involve data sharing and processing.
SB Tech Associates: General information only — not legal advice. Verify the official notification and obtain counsel for your facts before acting.
Source: Official source →
Topics: AI cyberattack risks, MSMEs cybersecurity, CERT-In warnings, cyber law in India, data protection for MSMEs, cybersecurity best practices, Indian cyber laws, MSME cybersecurity threats
This publication is for general information only and does not constitute legal advice. Regulatory positions evolve; verify current notifications and obtain counsel before acting. © 2026 SB Tech Associates.