Proofpoint: Two in Five of India’s Largest Companies Remain Vulnerable to Email Fraud

Connect city
  • Two in five (41%) of India's Fortune 100 companies have yet to enforce widely-adopted email authentication protocol DMARC, which may leave customers vulnerable to email fraud and brand impersonation.
  • Overall DMARC adoption is high, with 97% of India's top companies having implemented some level of protection — but enforcement gaps may present a significant risk.
  • As AI accelerates the scale and sophistication of phishing attacks, Proofpoint urges India's largest enterprises to close remaining email authentication gaps before cybercriminals exploit them.

BENGALURU, India, 1 July 2026Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research showing that two in five (41%) of Fortune 100 India companies are lagging behind on basic cybersecurity measures, which may subject customers, staff, and stakeholders to a higher risk of email-based impersonation attacks and fraud.

These findings are based on an analysis of the 2025 Fortune 100 India companies list and their implementation of Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely adopted email validation protocol. DMARC protects domain names from being misused by malicious actors by authenticating the sender's identity before allowing an email to reach its intended destination. This authentication system helps detect and prevents domain spoofing – an email phishing technique used for business email compromise (BEC) and other email-based attacks. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for helping prevent suspicious emails from reaching users’ inboxes.  

Email remains one of the most frequent attack vectors, making robust email authentication a critical safeguard for customers, employees, and stakeholders against fraudulent communications. Official data from India's Ministry of Home Affairs reveals a 24% surge in cybercrime in 2025, with authorities directly attributing the spike to increasingly sophisticated technology being weaponised for phishing and identity theft. Advanced AI tools are accelerating this further, enabling threat actors to automate sophisticated phishing campaigns and generate convincing impersonation lures at an unprecedented scale.

"India's largest enterprises are among the most trusted names in the country's digital economy, and that trust is precisely what makes them attractive targets for cybercriminals. While many have taken important steps to protect their email communication, too many still have gaps that attackers can exploit,” said Bikramdeep Singh, India Country Manager at Proofpoint. “In today's threat landscape, where AI is enabling threat actors to impersonate trusted brands at a scale and speed we've never seen before, closing those gaps isn't optional. Enforcing the strongest level of DMARC protection is one of the key safeguards an organisation can take to protect its customers, its reputation, and its people, and organisations should prioritise."

The full findings of Proofpoint's 2026 DMARC analysis of Fortune 100 India companies show:

  • 41% currently do not enforce the recommended strictest “Reject” policy level in their DMARC implementation.
  • 97% implement some form of email authentication, yet the DMARC policy levels deployed vary as follows:
    • 59% use DMARC - Reject (the highest level of protection)
    • 32% use DMARC - Quarantine
    • 6% use DMARC - Monitor

Best Practices for Enhanced Email Security for customers, staff, and other stakeholders:

  • Check the validity of all email communication and be aware of potentially fraudulent emails impersonating trusted brands, colleagues, suppliers, and stakeholders.
  • Be cautious of any communication attempts that request login credentials or threaten to suspend service or an account if a link isn’t clicked.
  • Adopt phishing-resistant multifactor authentication, such as passkeys.

​​​​Methodology

This analysis was conducted in June 2026 using data from the 2025 Fortune 100 India list.

 

About Proofpoint, Inc.

Proofpoint, Inc. is a global leader in human- and agent-centric cybersecurity, securing how people, data and AI agents connect across email, cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 14,000 large enterprises, and millions of smaller organisations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint’s collaboration and data security platform helps organisations of all sizes protect and empower their people while embracing AI securely and confidently. Learn more at www.proofpoint.com.

Connect with Proofpoint on LinkedIn

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.